Comments inline On 1/24/13 1:59 AM, "Kishan Kavala" <kishan.kav...@citrix.com> wrote:
> > >> -----Original Message----- >> From: Manan Shah [mailto:manan.s...@citrix.com] >> Sent: Thursday, 17 January 2013 5:13 AM >> To: cloudstack-dev@incubator.apache.org >> Subject: Questions related to nTier Apps 2.0 >> >> Kishan, >> >> I reviewed the FS and I have quite a few questions. Please see the >>questions >> below and let me know your thoughts. >> >> We should try and capture all of these items in the nTier Apps 2.0 FS / >>Design >> spec if possible: >> >> >> Open Questions: >> >> 1. Requirement 2.1: Combine VR and VPC VR: >> * Are we going to do this one or not? >> * If we do, would we support FW as well as Network ACLs or both? >>Are we >> going to deprecate one of the terminologies and stick to one? >> * Currently, Ingress FW is applied on Public IP and Network >>ACLs is on >> the private network >> * Upgrade: On upgrade, would all isolated networks go away and >>become >> VPCs with 1 tier each? > >[KK] This is a huge item and currently unassigned. > >> 2. Requirement 2.2: Load Balancing on all Tiers: >> * Assuming VPC VR is providing LB service for all tiers, would the >>LB on >> non-web tiers have a private LB VIP or would it have to be public VIP? >> Meaning can I go from web-tier to app tier LB without NAT? > > >[KK] Yes, LB will be supported across tiers without requiring NAT > >> 3. Requirement 2.4: Physical Devices support: >> * Would we support both in-line as well as side-by-side mode? > > >[KK] Only in-line mode will be supported. > >> * Would we support external LB when using LB service for >>tier-to-tier >> traffic? > > >[KK] Yes > >> * What role will VPC VR play? Only DHCP and DNS? What about >>tier-to-tier >> Network ACLs? > >[KK] Tier to tier traffic will still go though VR Network ACLs > >> * What about S2S VPN, Private GWs? >> * For SRX, we lose the IP CIDR flexibility, how will this impact >>VPC? > > [KK] This should not be impacted by external LB > >> * Upgrade: Would we continue to upgrade VPC Tier Network from one >> that doesn't support external devices to the one with external devices? > > >[KK] Upgrade won't be supported > >> 4. Requirement 2.5: KVM Support: >> * Are we going to pick this one up? Is the sub-feature complete? > >[KK] Marcus has already completed this. I'll check if there are any gaps >still. > >> 5. Requirement 2.6: Blacklist of Routes: >> * Assuming we will allow a list to be entered > >[KK] Admin can specify a list using global config. [CV] Are we sure this satisfies the requirement? Perhaps there is a blacklist per VPC? Or perhaps a list of blacklist profiles, any of which can be applied to a particular VPC? > >6. Requirement 2.8: Static >> Routes on VPN Gateway: >> * Is this happening? > >[KK] This is not technically feasible since VPN is policy based > >> 7. Requirement 2.9: Remote-access VPN on VPC >> * Is this happening? > > >[KK] This is not happening. Also 2.1 should take care of this. > >> 8. Requirement 2.11: Ability to give tiers any CIDR, not just from >>super-net >> * Why not just remove the CIDR specification on VPC creation? > >[KK] Yes, CIDR specification can be removed. [CV] I hope you meant "made optional" > >> 9. Requirement 2.14: Allow ACL on all layer 4 protocols >> * I believe the customers wanted more flexibility on protocols >>than just >> adding a "All" keyword 10. Requirement > >[KK] I'll make it more flexible to support protocol number. > >2.15: Support guest networks >> outside of RFC 1918 addresses >> * Should we have admins specifically allow this feature? >> * Why is this restriction placed? Even if a network is re-used, >>wouldn't it go >> out through NAT? > > >[KK] I'll get back to you on this. > >> 11. Requirement 2.17: Redundant VR for VPC: Is this happening? > >[KK] This is not happening > >> >> >> Regards, >> Manan Shah >
