Kishan,
I reviewed the FS and I have quite a few questions. Please see the
questions below and let me know your thoughts.
We should try and capture all of these items in the nTier Apps 2.0 FS /
Design spec if possible:
Open Questions:
1. Requirement 2.1: Combine VR and VPC VR:
* Are we going to do this one or not?
* If we do, would we support FW as well as Network ACLs or both? Are
we going to deprecate one of the terminologies and stick to one?
* Currently, Ingress FW is applied on Public IP and Network ACLs
is on the private network
* Upgrade: On upgrade, would all isolated networks go away and become
VPCs with 1 tier each?
2. Requirement 2.2: Load Balancing on all Tiers:
* Assuming VPC VR is providing LB service for all tiers, would the LB
on non-web tiers have a private LB VIP or would it have to be public VIP?
Meaning can I go from web-tier to app tier LB without NAT?
3. Requirement 2.4: Physical Devices support:
* Would we support both in-line as well as side-by-side mode?
* Would we support external LB when using LB service for tier-to-tier
traffic?
* What role will VPC VR play? Only DHCP and DNS? What about
tier-to-tier Network ACLs?
* What about S2S VPN, Private GWs?
* For SRX, we lose the IP CIDR flexibility, how will this impact VPC?
* Upgrade: Would we continue to upgrade VPC Tier Network from one
that doesn't support external devices to the one with external devices?
4. Requirement 2.5: KVM Support:
* Are we going to pick this one up? Is the sub-feature complete?
5. Requirement 2.6: Blacklist of Routers:
* Assuming we will allow a list to be entered
6. Requirement 2.8: Static Routes on VPN Gateway:
* Is this happening?
7. Requirement 2.9: Remote-access VPN on VPC
* Is this happening?
8. Requirement 2.11: Ability to give tiers any CIDR, not just from
super-net
* Why not just remove the CIDR specification on VPC creation?
9. Requirement 2.14: Allow ACL on all layer 4 protocols
* I believe the customers wanted more flexibility on protocols than
just adding a "All" keyword
10. Requirement 2.15: Support guest networks outside of RFC 1918 addresses
* Should we have admins specifically allow this feature?
* Why is this restriction placed? Even if a network is re-used,
wouldn't it go out through NAT?
11. Requirement 2.17: Redundant VR for VPC: Is this happening?
Regards,
Manan Shah
