Re: [openstack-dev] [neutron] - L3 flavors and issues with usecasesfor multiple L3 backends

People need high performance but also xaaS integrated, slow and free but also packet logged. And lots of back-ends have multiple characters. According to the example described in this thread, those characters really should be modeled as different flavors. Indeed, I think people just want to know

Re: [openstack-dev] [neutron][fwaas]some architectural advice on fwaas driver writing

Hi, Under current FWaaS architecture or framework, only integrating hardware firewall is not easy. That requires neutron support service level multiple vendors. In another word, vendors must fit each other for their services while currently vendors just provides all services through controller. I

Re: [openstack-dev] [Neutron][IPAM] Arbitrary JSON blobs in ipam db tables

I don't know if this would make more sense. Let's assume that we add arbitrary blobs(ABs) to IPAM even every neutron object. What would happen? People can do anything via those APIs. Any new attribute even the whole model could be passed through those so-called ABs. Except the architecture issues,

Re: [openstack-dev] [neutron]What happened when the 3-rd controller restarted?

in level operation should probably query all the > mechanism drivers. > > Anyway, If this is something you'd like to see implemented (regardless of > whether my analysis matches your use case) you should considering filing a > RFE bug so that it will be considered during the drivers meetings.

[openstack-dev] [neutron]How to install lbaas integrating with barbican?

Hi stackers, I plan to test the https functionality of lbaas. Can anyone paste some guide hyperlink about installation, deployment and operation? Thank you. Germy . __ OpenStack Development Mailing List (not for usage

Re: [openstack-dev] [neutron]Anyone tried to mix-use openstack components or projects?

Hi Salvatore, Thank you so much. I think I see your points now. Next step, I will have a try to check it. Many thanks. Germy . On Mon, Oct 12, 2015 at 11:11 PM, Salvatore Orlando <salv.orla...@gmail.com> wrote: > Inline, > Salvatore > > On 12 October 2015 at 10:23, G

Re: [openstack-dev] [neutron]What happened when the 3-rd controller restarted?

omments, what is it that you want to see? > > On Mon, Oct 12, 2015 at 12:29 AM, Germy Lure <germy.l...@gmail.com> wrote: > >> Hi Kevin, >> >> *Thank you for your response. Periodic data checking is a popular and >> effective method to sync info. But there is no su

Re: [openstack-dev] [neutron]What happened when the 3-rd controller restarted?

com> wrote: > You can have a periodic task that asks your backend if it needs sync info. > Another option is to define a vendor-specific extension that makes it easy > to retrieve all info in one call via the HTTP API. > > On Sat, Oct 10, 2015 at 2:24 AM, Germy Lure <germy.l...@g

Re: [openstack-dev] [neutron]Anyone tried to mix-use openstack components or projects?

to > disable the Nova callbacks on the Neutron side because the Havana version > wasn't expecting them. > > I've tried out many N+1 combinations (e.g. Icehouse + Juno, Juno + Kilo) > but I haven't tried a gap that big. > > Cheers, > Kevin Benton > > On Sat, Oct 10, 2015 at

[openstack-dev] [neutron]Anyone tried to mix-use openstack components or projects?

Hi all, As you know, openstack projects are developed separately. And theoretically, people can create networks with Neutron in Kilo version for Nova in Havana version. Did Anyone tried it? Do we have some pages to show what combination can work together? Thanks. Germy .

[openstack-dev] [neutron]What happened when the 3-rd controller restarted?

Hi all, After restarting, Agents load data from Neutron via RPC. What about 3-rd controller? They only can re-gather data via NBI. Right? Is it possible to provide some mechanism for those controllers and agents to sync data? or something else I missed? Thanks Germy

Re: [openstack-dev] [Neutron] Port forwarding

Hi Gal, Congratulations, eventually you understand what I mean. Yes, in bulk. But I don't think that's an enhancement to the API. The bulk operation is more common scenario. It is more useful and covers the single port-mapping scenario. By the way, bulk operation may apply to a subnet, a

Re: [openstack-dev] [Neutron] Port forwarding

IP. > Of course keep in mind that we didnt yet discuss full API details but its > going to be something like that (at least the way i see it) > > Hope thats explains it. > > Gal. > > On Mon, Sep 7, 2015 at 5:21 AM, Germy Lure <germy.l...@gmail.com> wrote: > >> Hi

Re: [openstack-dev] [Neutron] Port forwarding

gt; further? > > Thanks > Gal. > > On Sun, Sep 6, 2015 at 5:39 AM, Germy Lure <germy.l...@gmail.com> wrote: > >> Hi, Gal >> >> Thank you for bringing this up. But I have some suggestions for the API. >> >> An operator or some other component wants t

Re: [openstack-dev] [Neutron] Port forwarding

Hi, Gal Thank you for bringing this up. But I have some suggestions for the API. An operator or some other component wants to reach several VMs related NOT only one or one by one. Here, RELATED means that the VMs are in one subnet or network or a host(similar to reaching dockers on a host). Via

Re: [openstack-dev] [Neutron] [DVR] easyOVS -- Smart tool to use/debug Neutron/DVR

Hi, It's Interesting! I have three points for you here. a.Support packet tracking which show the path of a packet traveled on the host, even on the source/destination host. b.Given a communication type and packet characteristic to find out the fault point. For example, if you want VM1 talk with

Re: [openstack-dev] [Neutron] DHCP configuration

+1 common.config should be global and general while agent.config should be local and related to the special back-end. Maybe, we can add different prefix to the same option. Germy On Mon, Aug 31, 2015 at 11:13 PM, Kevin Benton wrote: > neutron.common.config should have

Re: [openstack-dev] [neutron][L3][dvr][fwaas] FWaaS with DVR

Hi all, I have two points. a. For the problem in this thread, my suggestion is to introduce new concepts to replace the existing firewall and SG. Perhaps you have found the overlap between firewall and SG. It's trouble for user to select. So the new concepts are edge-firewall for N/S traffic and

Re: [openstack-dev] [Neutron] Targeting Logging API for SG and FW rules feature to L-3 milestone

Hi Cao, I have reviewed the specification linked above. Thank you for introducing such an interesting and important feature. But as I commented inline, I think it still need some further work to do. Such as how to get those logs stored? To admin and tenant, I think it's different. And performance

Re: [openstack-dev] [neutron][vpnaas] Need community guidance please...

Hi, Maybe I missed some key points. But why we introduced vpn-endpoint groups here? ipsec-site-connection for IPSec VPN only, gre-connection for GRE VPN only, and mpls-connection for MPLS VPN only. You see, different connections for different vpn types. Indeed, We can't reuse connection API.

Re: [openstack-dev] [api] Re: [Neutron][L3] Stop agent scheduling without topping sevices

Hi all, I think we just power the scheduler API to be able to add and remove candidates is enough. As mentioned this thread, the agent just doesn't receive new request but still keep old service alive. So, just stop schedule new request to it. Direct and simple. Hope my expression is clear

Re: [openstack-dev] [Neutron]why FIP is integrated into router not as a separated service like XxxaaS?

on L3. From this point, L2 is the core of network service and L3 is the core of other advanced services. ML3 is coming. Besides, It's strange that L3's API contains a field called snat_enable. Isn't it? BR, Germy On Wed, Nov 5, 2014 at 5:37 PM, Akilesh K akilesh1...@gmail.com wrote: @Germy Lure

Re: [openstack-dev] [Neutron]why FIP is integrated into router not as a separated service like XxxaaS?

if multiple snat ip is needed, and control which tenant ip is served by each snat ip, separate plugin may be needed. Sent from my iPad On 2014-11-6, at 下午6:21, Germy Lure germy.l...@gmail.com wrote: Hi Carl and Akilesh, Thank you for your response and explanation. My manager tells me

Re: [openstack-dev] [Neutron]why FIP is integrated into router not as a separated service like XxxaaS?

from Router, at least SNAT. IMHO it's better to provide a unified service including all kinds of AT, such as FIP, SNAT and DNAT. BR, Germy On Fri, Nov 7, 2014 at 2:42 PM, Germy Lure germy.l...@gmail.com wrote: Hi Akilesh, Thanks for your response. I have some comments inline. BR, Germy

Re: [openstack-dev] [neutron][TripleO] Clear all flows when ovs agent start? why and how avoid?

downtime and stray flows. Regards, Erik *From:* Germy Lure [mailto:germy.l...@gmail.com] *Sent:* den 5 november 2014 10:46 *To:* OpenStack Development Mailing List (not for usage questions) *Subject:* Re: [openstack-dev] [neutron][TripleO] Clear all flows when ovs agent start? why

Re: [openstack-dev] [neutron][TripleO] Clear all flows when ovs agent start? why and how avoid?

a startup flag to reset all flows and not reset them by default. While I agree the flow synchronisation process proposed in the previous post is valuable too, I hope we might be able to fix this with a simpler approach. Salvatore On 5 November 2014 04:43, Germy Lure germy.l...@gmail.com wrote

Re: [openstack-dev] [neutron][TripleO] Clear all flows when ovs agent start? why and how avoid?

Hi, Consider the triggering of restart agent, I think it's nothing but: 1). only restart agent 2). reboot the host that agent deployed on When the agent started, the ovs may: a.have all correct flows b.have nothing at all c.have partly correct flows, the others may need to be reprogrammed,

[openstack-dev] [Neutron]why FIP is integrated into router not as a separated service like XxxaaS?

Hi, Address Translation(FIP, snat and dnat) looks like an advanced service. Why it is integrated into L3 router? Actually, this is not how it's done in practice. They are usually provided by Firewall device but not router. What's the design concept? ThanksRegards, Germy

Re: [openstack-dev] VPNaaS site to site connection down.

Hi, masoom: I think firstly you can just check that if you could ping from left to right without installing VPN connection. If it worked, then you should cat the system logs to confirm the configure's OK. You can ping and tcpdump to dialog where packets are blocked. stackers: I think we should

Re: [openstack-dev] [neutron] [IPv6] New API format for extra_dhcp_opts

Hi, Xu Han, Can we distinguish version by parsing the opt_value? Is there any service binding v4 address but providing service for v6? or v6 for v4? BTW, Why not the format is directly opt_name_value:opt_value_value, like server-ip-address:1.1.1.1? BR, Germy On Fri, Sep 26, 2014 at 2:39 PM,

[openstack-dev] [Neutron]Dynamically load service provider

Hi stackers, I have an idea about service provider framework. Anyone interested in this topic can give me some suggestions. My idea is that providers report their services capability dynamically not configured in neutron.conf. See details by the link below.

Re: [openstack-dev] [Neutron][Architecture]Suggestions for the third vendors' plugin and driver

Hi Trinath, I think the vendor company has many experts to review their codes. They can do it well. But I still have some comments inline. Germy On Thu, Sep 18, 2014 at 1:42 PM, trinath.soman...@freescale.com trinath.soman...@freescale.com wrote: Though Code reviews for vendor code takes

Re: [openstack-dev] [Neutron][Architecture]Suggestions for the third vendors' plugin and driver

comments inline, but unless growing another monster thread I'd rather start a different, cross-project discussion (which will hopefully not become just a cross-project monster thread!) Salvatore On 15 September 2014 08:29, Germy Lure germy.l...@gmail.com wrote: Obviously, to a vendor's plugin

Re: [openstack-dev] [Neutron][Architecture]Suggestions for the third vendors' plugin and driver

there for referencing and version releasing. Any vendor would not maintain the open source codes, the community only. On Fri, Sep 12, 2014 at 1:50 AM, Germy Lure germy.l...@gmail.com wrote: On Fri, Sep 12, 2014 at 11:11 AM, Kevin Benton blak...@gmail.com wrote: Maybe I missed something

Re: [openstack-dev] [Neutron][Architecture]Suggestions for the third vendors' plugin and driver

and API. The community should ensure core and API stable enough and high quality. Vendors for external drivers. Who provides, who maintains(including development, storage, distribution, quality, etc). On Thu, Sep 11, 2014 at 7:24 PM, Germy Lure germy.l...@gmail.com wrote: Some comments inline

[openstack-dev] [Neutron][Architecture]Suggestions for the third vendors' plugin and driver

Hi stackers, According to my statistics(J2), the LOC of vendors' plugin and driver is about 102K, while the whole under neutron is 220K. That is to say the community has paid and is paying over 46% energy to maintain vendors' code. If we take mails, bugs, BPs and so on into consideration, this

[openstack-dev] [H][Neutron][IPSecVPN]Cannot tunnel two namespace Routers

Hi Stackers, Network TOPO like this: VM1(net1)--Router1---IPSec VPN tunnel---Router2--VM2(net2) If left and right side deploy on different OpenStack environments, it works well. But in the same environment, Router1 and Router2 are namespace implement in the same network node. I cannot