Comments inline. Regards, Manan Shah
On 1/24/13 5:06 PM, "Chiradeep Vittal" <chiradeep.vit...@citrix.com> wrote: >Comments inline > >On 1/24/13 1:59 AM, "Kishan Kavala" <kishan.kav...@citrix.com> wrote: > >> >> >>> -----Original Message----- >>> From: Manan Shah [mailto:manan.s...@citrix.com] >>> Sent: Thursday, 17 January 2013 5:13 AM >>> To: cloudstack-dev@incubator.apache.org >>> Subject: Questions related to nTier Apps 2.0 >>> >>> Kishan, >>> >>> I reviewed the FS and I have quite a few questions. Please see the >>>questions >>> below and let me know your thoughts. >>> >>> We should try and capture all of these items in the nTier Apps 2.0 FS / >>>Design >>> spec if possible: >>> >>> >>> Open Questions: >>> >>> 1. Requirement 2.1: Combine VR and VPC VR: >>> * Are we going to do this one or not? >>> * If we do, would we support FW as well as Network ACLs or both? >>>Are we >>> going to deprecate one of the terminologies and stick to one? >>> * Currently, Ingress FW is applied on Public IP and Network >>>ACLs is on >>> the private network >>> * Upgrade: On upgrade, would all isolated networks go away and >>>become >>> VPCs with 1 tier each? >> >>[KK] This is a huge item and currently unassigned. >> >>> 2. Requirement 2.2: Load Balancing on all Tiers: >>> * Assuming VPC VR is providing LB service for all tiers, would the >>>LB on >>> non-web tiers have a private LB VIP or would it have to be public VIP? >>> Meaning can I go from web-tier to app tier LB without NAT? >> >> >>[KK] Yes, LB will be supported across tiers without requiring NAT >> >>> 3. Requirement 2.4: Physical Devices support: >>> * Would we support both in-line as well as side-by-side mode? >> >> >>[KK] Only in-line mode will be supported. >> >>> * Would we support external LB when using LB service for >>>tier-to-tier >>> traffic? >> >> >>[KK] Yes >> >>> * What role will VPC VR play? Only DHCP and DNS? What about >>>tier-to-tier >>> Network ACLs? >> >>[KK] Tier to tier traffic will still go though VR Network ACLs >> >>> * What about S2S VPN, Private GWs? >>> * For SRX, we lose the IP CIDR flexibility, how will this impact >>>VPC? >> >> [KK] This should not be impacted by external LB >> >>> * Upgrade: Would we continue to upgrade VPC Tier Network from one >>> that doesn't support external devices to the one with external devices? >> >> >>[KK] Upgrade won't be supported >> >>> 4. Requirement 2.5: KVM Support: >>> * Are we going to pick this one up? Is the sub-feature complete? >> >>[KK] Marcus has already completed this. I'll check if there are any gaps >>still. >> >>> 5. Requirement 2.6: Blacklist of Routes: >>> * Assuming we will allow a list to be entered >> >>[KK] Admin can specify a list using global config. > >[CV] Are we sure this satisfies the requirement? Perhaps there is a >blacklist per VPC? >Or perhaps a list of blacklist profiles, any of which can be applied to a >particular VPC? [Manan] Yes, this meets the requirements. > >> >>6. Requirement 2.8: Static >>> Routes on VPN Gateway: >>> * Is this happening? >> >>[KK] This is not technically feasible since VPN is policy based >> >>> 7. Requirement 2.9: Remote-access VPN on VPC >>> * Is this happening? >> >> >>[KK] This is not happening. Also 2.1 should take care of this. >> >>> 8. Requirement 2.11: Ability to give tiers any CIDR, not just from >>>super-net >>> * Why not just remove the CIDR specification on VPC creation? >> >>[KK] Yes, CIDR specification can be removed. > >[CV] I hope you meant "made optional" > >> >>> 9. Requirement 2.14: Allow ACL on all layer 4 protocols >>> * I believe the customers wanted more flexibility on protocols >>>than just >>> adding a "All" keyword 10. Requirement >> >>[KK] I'll make it more flexible to support protocol number. >> >>2.15: Support guest networks >>> outside of RFC 1918 addresses >>> * Should we have admins specifically allow this feature? >>> * Why is this restriction placed? Even if a network is re-used, >>>wouldn't it go >>> out through NAT? >> >> >>[KK] I'll get back to you on this. >> >>> 11. Requirement 2.17: Redundant VR for VPC: Is this happening? >> >>[KK] This is not happening >> >>> >>> >>> Regards, >>> Manan Shah >> >
