Re: [openstack-dev] [neutron][tap-as-a-service] weekly meeting
Hi Yamamoto, Thanks for resuming work on this effort. TAP-as-a-service is a very important feature, and great to see we are considering use case scenarios and adjusting APIs accordingly. I have some thoughts on the use case scenarios, which are seen as most common ones, when talking to operators. There are two types of tap filters, which serve some of the use cases: * Port based packet mirroring/redirection * Policy based packet mirroring/redirection I see both of them as important from operator use case scenarios. Also, I mentioned traffic redirection in addition to the traffic mirroring and that serves use cases where services like IPS are deployed and incorporated. Do you happen to have a blueprint proposed with the original API demonstrated that we can iterate over and add the use cases and adjust the API accordingly to take further for review? Thanks, Fawad Khaliq On Wed, Nov 18, 2015 at 1:57 PM, Irena Berezovsky <irenab@gmail.com> wrote: > > > On Wed, Nov 18, 2015 at 8:31 AM, Takashi Yamamoto <yamam...@midokura.com> > wrote: > >> hi, >> >> On Thu, Nov 12, 2015 at 2:11 AM, Vikram Hosakote (vhosakot) >> <vhosa...@cisco.com> wrote: >> > Hi, >> > >> > TAAS looks great for traffic monitoring. >> > >> > Some questions about TAAS. >> > >> > 1) Can TAAS be used for provider networks as well, or just for tenant >> > networks ? >> >> currently only for VM ports on tenant networks. >> >> > >> > 2) Will there be any performance impact is every neutron port and every >> > packet is mirrored/duplicated ? >> >> i guess per-port impact is negligible. >> there's definitely per-packet impacts. >> i don't have any numbers though. >> >> > >> > 3) How is TAAS better than a non-mirroring approaches like >> packet-sniffing >> > (wireshark/tcpdump) and tracking interface counters/metrics ? >> >> i think taas is richer but probably slower than them. >> >> > >> > 4) Is TAAS a legal/lawful way to intercept/duplicate customer traffic >> in a >> > production cloud ? Or, TAAS is used just for debugging/troubleshooting ? >> >> although i'm not sure about legal/lawful requirements, >> i guess taas can be used for such purposes. >> > > You check this presentation for potential usage scenarios: > > > https://www.openstack.org/summit/vancouver-2015/summit-videos/presentation/tap-as-a-service-taas-port-monitoring-for-neutron-networks > > > >> > I was not able to find answers for these questions in >> > https://etherpad.openstack.org/p/mitaka-neutron-unplugged-track. >> > >> > Thanks! >> > >> > >> > Regards, >> > Vikram Hosakote >> > vhosa...@cisco.com >> > Software Engineer >> > Cloud and Virtualization Group (CVG) >> > Cisco Systems >> > Boxborough MA USA >> > >> > From: Takashi Yamamoto <yamam...@midokura.com> >> > Reply-To: "OpenStack Development Mailing List (not for usage questions)" >> > <openstack-dev@lists.openstack.org> >> > Date: Tuesday, November 10, 2015 at 10:08 PM >> > To: "OpenStack Development Mailing List (not for usage questions)" >> > <openstack-dev@lists.openstack.org> >> > Subject: [openstack-dev] [neutron][tap-as-a-service] weekly meeting >> > >> > hi, >> > >> > tap-as-a-service meeting will be held weekly, starting today. >> > http://eavesdrop.openstack.org/#Tap_as_a_Service_Meeting >> > anyone interested in the project is welcome. >> > sorry for immediate notice. >> > >> > >> __ >> > OpenStack Development Mailing List (not for usage questions) >> > Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > >> > >> > >> __ >> > OpenStack Development Mailing List (not for usage questions) >> > Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > >> >> __ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron][tap-as-a-service] weekly meeting
On Wed, Nov 18, 2015 at 8:31 AM, Takashi Yamamoto <yamam...@midokura.com> wrote: > hi, > > On Thu, Nov 12, 2015 at 2:11 AM, Vikram Hosakote (vhosakot) > <vhosa...@cisco.com> wrote: > > Hi, > > > > TAAS looks great for traffic monitoring. > > > > Some questions about TAAS. > > > > 1) Can TAAS be used for provider networks as well, or just for tenant > > networks ? > > currently only for VM ports on tenant networks. > > > > > 2) Will there be any performance impact is every neutron port and every > > packet is mirrored/duplicated ? > > i guess per-port impact is negligible. > there's definitely per-packet impacts. > i don't have any numbers though. > > > > > 3) How is TAAS better than a non-mirroring approaches like > packet-sniffing > > (wireshark/tcpdump) and tracking interface counters/metrics ? > > i think taas is richer but probably slower than them. > > > > > 4) Is TAAS a legal/lawful way to intercept/duplicate customer traffic in > a > > production cloud ? Or, TAAS is used just for debugging/troubleshooting ? > > although i'm not sure about legal/lawful requirements, > i guess taas can be used for such purposes. > You check this presentation for potential usage scenarios: https://www.openstack.org/summit/vancouver-2015/summit-videos/presentation/tap-as-a-service-taas-port-monitoring-for-neutron-networks > > > I was not able to find answers for these questions in > > https://etherpad.openstack.org/p/mitaka-neutron-unplugged-track. > > > > Thanks! > > > > > > Regards, > > Vikram Hosakote > > vhosa...@cisco.com > > Software Engineer > > Cloud and Virtualization Group (CVG) > > Cisco Systems > > Boxborough MA USA > > > > From: Takashi Yamamoto <yamam...@midokura.com> > > Reply-To: "OpenStack Development Mailing List (not for usage questions)" > > <openstack-dev@lists.openstack.org> > > Date: Tuesday, November 10, 2015 at 10:08 PM > > To: "OpenStack Development Mailing List (not for usage questions)" > > <openstack-dev@lists.openstack.org> > > Subject: [openstack-dev] [neutron][tap-as-a-service] weekly meeting > > > > hi, > > > > tap-as-a-service meeting will be held weekly, starting today. > > http://eavesdrop.openstack.org/#Tap_as_a_Service_Meeting > > anyone interested in the project is welcome. > > sorry for immediate notice. > > > > > __ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > > > __ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron][tap-as-a-service] weekly meeting
hi, On Thu, Nov 12, 2015 at 2:11 AM, Vikram Hosakote (vhosakot) <vhosa...@cisco.com> wrote: > Hi, > > TAAS looks great for traffic monitoring. > > Some questions about TAAS. > > 1) Can TAAS be used for provider networks as well, or just for tenant > networks ? currently only for VM ports on tenant networks. > > 2) Will there be any performance impact is every neutron port and every > packet is mirrored/duplicated ? i guess per-port impact is negligible. there's definitely per-packet impacts. i don't have any numbers though. > > 3) How is TAAS better than a non-mirroring approaches like packet-sniffing > (wireshark/tcpdump) and tracking interface counters/metrics ? i think taas is richer but probably slower than them. > > 4) Is TAAS a legal/lawful way to intercept/duplicate customer traffic in a > production cloud ? Or, TAAS is used just for debugging/troubleshooting ? although i'm not sure about legal/lawful requirements, i guess taas can be used for such purposes. > > I was not able to find answers for these questions in > https://etherpad.openstack.org/p/mitaka-neutron-unplugged-track. > > Thanks! > > > Regards, > Vikram Hosakote > vhosa...@cisco.com > Software Engineer > Cloud and Virtualization Group (CVG) > Cisco Systems > Boxborough MA USA > > From: Takashi Yamamoto <yamam...@midokura.com> > Reply-To: "OpenStack Development Mailing List (not for usage questions)" > <openstack-dev@lists.openstack.org> > Date: Tuesday, November 10, 2015 at 10:08 PM > To: "OpenStack Development Mailing List (not for usage questions)" > <openstack-dev@lists.openstack.org> > Subject: [openstack-dev] [neutron][tap-as-a-service] weekly meeting > > hi, > > tap-as-a-service meeting will be held weekly, starting today. > http://eavesdrop.openstack.org/#Tap_as_a_Service_Meeting > anyone interested in the project is welcome. > sorry for immediate notice. > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron][tap-as-a-service] weekly meeting
On Wed, Nov 11, 2015 at 7:24 PM, Takashi Yamamoto <yamam...@midokura.com> wrote: > hi, > > i have no idea why the link is broken. probabaly meeting_id given to #startmeeting was wrong? > > today's meeting log is here: > http://eavesdrop.openstack.org/meetings/tap_as_a_service_meeting/2015/tap_as_a_service_meeting.2015-11-11-06.36.html > > On Wed, Nov 11, 2015 at 7:08 PM, Neil Jerram <neil.jer...@metaswitch.com> > wrote: >> Sounds interesting! I'd like to look at some past meeting logs (including >> from today), but the 'past meetings' link at >> http://eavesdrop.openstack.org/#Tap_as_a_Service_Meeting does not work for >> me. >> >> Neil >> >> -Original Message- >> From: Takashi Yamamoto [mailto:yamam...@midokura.com] >> Sent: 11 November 2015 03:09 >> To: OpenStack Development Mailing List (not for usage questions) >> <openstack-dev@lists.openstack.org> >> Subject: [openstack-dev] [neutron][tap-as-a-service] weekly meeting >> >> hi, >> >> tap-as-a-service meeting will be held weekly, starting today. >> http://eavesdrop.openstack.org/#Tap_as_a_Service_Meeting >> anyone interested in the project is welcome. >> sorry for immediate notice. >> >> __ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> __ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron][tap-as-a-service] weekly meeting
Sounds interesting! I'd like to look at some past meeting logs (including from today), but the 'past meetings' link at http://eavesdrop.openstack.org/#Tap_as_a_Service_Meeting does not work for me. Neil -Original Message- From: Takashi Yamamoto [mailto:yamam...@midokura.com] Sent: 11 November 2015 03:09 To: OpenStack Development Mailing List (not for usage questions) <openstack-dev@lists.openstack.org> Subject: [openstack-dev] [neutron][tap-as-a-service] weekly meeting hi, tap-as-a-service meeting will be held weekly, starting today. http://eavesdrop.openstack.org/#Tap_as_a_Service_Meeting anyone interested in the project is welcome. sorry for immediate notice. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron][tap-as-a-service] weekly meeting
Hi, TAAS looks great for traffic monitoring. Some questions about TAAS. 1) Can TAAS be used for provider networks as well, or just for tenant networks ? 2) Will there be any performance impact is every neutron port and every packet is mirrored/duplicated ? 3) How is TAAS better than a non-mirroring approaches like packet-sniffing (wireshark/tcpdump) and tracking interface counters/metrics ? 4) Is TAAS a legal/lawful way to intercept/duplicate customer traffic in a production cloud ? Or, TAAS is used just for debugging/troubleshooting ? I was not able to find answers for these questions in https://etherpad.openstack.org/p/mitaka-neutron-unplugged-track. Thanks! Regards, Vikram Hosakote vhosa...@cisco.com Software Engineer Cloud and Virtualization Group (CVG) Cisco Systems Boxborough MA USA From: Takashi Yamamoto <yamam...@midokura.com<mailto:yamam...@midokura.com>> Reply-To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>> Date: Tuesday, November 10, 2015 at 10:08 PM To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>> Subject: [openstack-dev] [neutron][tap-as-a-service] weekly meeting hi, tap-as-a-service meeting will be held weekly, starting today. http://eavesdrop.openstack.org/#Tap_as_a_Service_Meeting anyone interested in the project is welcome. sorry for immediate notice. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org<mailto:openstack-dev-requ...@lists.openstack.org>?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron][tap-as-a-service] weekly meeting
hi, i have no idea why the link is broken. today's meeting log is here: http://eavesdrop.openstack.org/meetings/tap_as_a_service_meeting/2015/tap_as_a_service_meeting.2015-11-11-06.36.html On Wed, Nov 11, 2015 at 7:08 PM, Neil Jerram <neil.jer...@metaswitch.com> wrote: > Sounds interesting! I'd like to look at some past meeting logs (including > from today), but the 'past meetings' link at > http://eavesdrop.openstack.org/#Tap_as_a_Service_Meeting does not work for me. > > Neil > > -Original Message- > From: Takashi Yamamoto [mailto:yamam...@midokura.com] > Sent: 11 November 2015 03:09 > To: OpenStack Development Mailing List (not for usage questions) > <openstack-dev@lists.openstack.org> > Subject: [openstack-dev] [neutron][tap-as-a-service] weekly meeting > > hi, > > tap-as-a-service meeting will be held weekly, starting today. > http://eavesdrop.openstack.org/#Tap_as_a_Service_Meeting > anyone interested in the project is welcome. > sorry for immediate notice. > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [neutron][tap-as-a-service] weekly meeting
hi, tap-as-a-service meeting will be held weekly, starting today. http://eavesdrop.openstack.org/#Tap_as_a_Service_Meeting anyone interested in the project is welcome. sorry for immediate notice. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev