Questions related to nTier Apps 2.0

Wed, 16 Jan 2013 15:44:00 -0800 

Kishan,

I reviewed the FS and I have quite a few questions. Please see the
questions below and let me know your thoughts.

We should try and capture all of these items in the nTier Apps 2.0 FS /
Design spec if possible:


Open Questions:

1. Requirement 2.1: Combine VR and VPC VR:
     * Are we going to do this one or not?
     * If we do, would we support FW as well as Network ACLs or both? Are
we going to deprecate one of the terminologies and stick to one?
          * Currently, Ingress FW is applied on Public IP and Network ACLs
is on the private network
     * Upgrade: On upgrade, would all isolated networks go away and become
VPCs with 1 tier each?
2. Requirement 2.2: Load Balancing on all Tiers:
     * Assuming VPC VR is providing LB service for all tiers, would the LB
on non-web tiers have a private LB VIP or would it have to be public VIP?
Meaning can I go from web-tier to app tier LB without NAT?
3. Requirement 2.4: Physical Devices support:
     * Would we support both in-line as well as side-by-side mode?
     * Would we support external LB when using LB service for tier-to-tier
traffic?
     * What role will VPC VR play? Only DHCP and DNS? What about
tier-to-tier Network ACLs?
          * What about S2S VPN, Private GWs?
     * For SRX, we lose the IP CIDR flexibility, how will this impact VPC?
     * Upgrade: Would we continue to upgrade VPC Tier Network from one
that doesn't support external devices to the one with external devices?
4. Requirement 2.5: KVM Support:
     * Are we going to pick this one up? Is the sub-feature complete?
5. Requirement 2.6: Blacklist of Routers:
     * Assuming we will allow a list to be entered
6. Requirement 2.8: Static Routes on VPN Gateway:
     * Is this happening?
7. Requirement 2.9: Remote-access VPN on VPC
     * Is this happening?
8. Requirement 2.11: Ability to give tiers any CIDR, not just from
super-net
     * Why not just remove the CIDR specification on VPC creation?
9. Requirement 2.14: Allow ACL on all layer 4 protocols
     * I believe the customers wanted more flexibility on protocols than
just adding a "All" keyword
10. Requirement 2.15: Support guest networks outside of RFC 1918 addresses
     * Should we have admins specifically allow this feature?
     * Why is this restriction placed? Even if a network is re-used,
wouldn't it go out through NAT?
11. Requirement 2.17: Redundant VR for VPC: Is this happening?


Regards,
Manan Shah

Reply via email to