Re: [openstack-dev] [neutron] Where will Neutron go in future?

2016-12-20 Thread Michael Johnson 
Hi Zhi,

LBaaSv2 as an API will live on.

We are in the process of merging that API into the octavia repository
to merge the two load balancing projects into one and remove our
dependency on the neutron API process/endpoint.

Functionally it is our goal to allow the LBaaSv2 API to continue to
function for users.  For some period of time we will maintain a
pass-through proxy so that calls to the neutron API endpoint will
continue to function as they do today.  In addition, we will be
advertising the octavia endpoint and it will be compatible with the
current LBaaSv2 API.  Over time users can switch the endpoint they use
for LBaaSv2 calls from the neutron endpoint and they will continue to
operate as expected.

As part of this compatibility, the current LBaaSv2 drivers will move
behind the octavia API process as opposed to the current neutron API
process.  The legacy haproxy-namespace driver and the octavia (haproxy
based as well) driver will continue to exist for some time, though we
would like to deprecate the legacy haproxy-namespace driver.

Given the progress we have made up to Ocata-2, I expect Ocata will
release with the same configuration as Newton.  We will have the
LBaaSv2 API in place in octavia, but the driver and pass through work
will not be complete in time.  This means you will continue to use the
neutron endpoint to access neutron-lbaas drivers as you do today.

Michael

On Sun, Dec 18, 2016 at 6:52 PM, zhi  wrote:
> Deal all.
>
> I have some questions about what will Neutron does in next releases.
>
> As far as I know, LBaaSv2 will be deprecated in next 2 releases, maybe P
> release, we will not see LBaaSv2 anymore, isn't it? Instead of LBaaSv2(
> HAProxy driver based ), Octavia will be the only LBaaS solution, isn't it?
>
> What's about namespace based L3 router? Do we have any ideas about NFV
> solution in L3 router just like Octavia?
>
> Finally, where will Neutron *aaS go in future? Now, vpnaas was not part of
> neutron governance. What about fwaas? Do we deprecated it in next releases?
>
> I wish someone could give some exact words about these. I will thanks a lot.
> :)
>
>
> Thanks
> Zhi Chang
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Where will Neutron go in future?

2016-12-20 Thread Sridar Kandaswamy (skandasw) 
Hi Zhi:

With the L3 implementation, FWaaS acts on traffic that is seen by the router 
(we have some issues with DVR) so it is really constrained to N - S. SG will of 
course see all traffic. Once we have the FWaaS L2 implementation - it opens up 
the possibilities to be applied on a VM port and hence can see all traffic.

Thanks

Sridar

From: zhi <changzhi1...@gmail.com<mailto:changzhi1...@gmail.com>>
Reply-To: OpenStack List 
<openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>>
Date: Monday, December 19, 2016 at 10:43 PM
To: OpenStack List 
<openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>>
Subject: Re: [openstack-dev] [neutron] Where will Neutron go in future?

Hi, Srider.

Thanks for your reply. I still have a question about SG and FWaaS. VM's 
east-west traffic belongs to FWaaS or SG? What about VM's north-south traffic?

I think that VM's east-west traffic belongs to SG and the north-south traffic 
belongs to FWaaS, isn't it? :)


Thanks
Zhi Chang

2016-12-20 1:45 GMT+08:00 Sridar Kandaswamy (skandasw) 
<skand...@cisco.com<mailto:skand...@cisco.com>>:
Hi Zhi:

FWaaS has been seen more as an edge (on L3 ports) use case as opposed to SG 
which is on a VM port. Also, as u can see there are differences in the 
attributes on the Rule specification at the most basic level. At this point, we 
are working thru the implementation of FWaaS on L2 ports so that makes ur 
question more relevant. At least one school of thought that we have been 
working with is that the FWaaS API can be more open and continue to evolve to 
support for instance L4-L7 use cases amongst others, but the SG API will 
continue to stay a simpler model (some have also pointed the need for SG to be 
aligned with AWS).

This is still in evolution and we would welcome participation, if u can - pls 
do drop in to our weekly team meeting [1] and we can discuss further.

Thanks

Sridar
[1] http://eavesdrop.openstack.org/#Firewall_as_a_Service_(FWaaS)_Team_Meeting


From: zhi <changzhi1...@gmail.com<mailto:changzhi1...@gmail.com>>
Reply-To: OpenStack List 
<openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>>
Date: Sunday, December 18, 2016 at 7:36 PM
To: OpenStack List 
<openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>>
Subject: Re: [openstack-dev] [neutron] Where will Neutron go in future?

Hi, Nate, thanks for your reply.

May I ask a little stupid question? What's the difference between fwaas and 
security group? In my opinion, fwaas and security group are both using linux 
iptables now. So, what's the differences between them?

Thanks
Zhi Chang

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: 
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe<http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Where will Neutron go in future?

2016-12-19 Thread zhi 
Hi, Srider.

Thanks for your reply. I still have a question about SG and FWaaS. VM's
east-west traffic belongs to FWaaS or SG? What about VM's north-south
traffic?

I think that VM's east-west traffic belongs to SG and the north-south
traffic belongs to FWaaS, isn't it? :)


Thanks
Zhi Chang

2016-12-20 1:45 GMT+08:00 Sridar Kandaswamy (skandasw) <skand...@cisco.com>:

> Hi Zhi:
>
> FWaaS has been seen more as an edge (on L3 ports) use case as opposed to
> SG which is on a VM port. Also, as u can see there are differences in the
> attributes on the Rule specification at the most basic level. At this
> point, we are working thru the implementation of FWaaS on L2 ports so that
> makes ur question more relevant. At least one school of thought that we
> have been working with is that the FWaaS API can be more open and continue
> to evolve to support for instance L4-L7 use cases amongst others, but the
> SG API will continue to stay a simpler model (some have also pointed the
> need for SG to be aligned with AWS).
>
> This is still in evolution and we would welcome participation, if u can -
> pls do drop in to our weekly team meeting [1] and we can discuss further.
>
> Thanks
>
> Sridar
> [1] http://eavesdrop.openstack.org/#Firewall_as_a_
> Service_(FWaaS)_Team_Meeting
>
>
> From: zhi <changzhi1...@gmail.com>
> Reply-To: OpenStack List <openstack-dev@lists.openstack.org>
> Date: Sunday, December 18, 2016 at 7:36 PM
> To: OpenStack List <openstack-dev@lists.openstack.org>
> Subject: Re: [openstack-dev] [neutron] Where will Neutron go in future?
>
> Hi, Nate, thanks for your reply.
>
> May I ask a little stupid question? What's the difference between fwaas
> and security group? In my opinion, fwaas and security group are both using
> linux iptables now. So, what's the differences between them?
>
> Thanks
> Zhi Chang
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Where will Neutron go in future?

2016-12-19 Thread Sridar Kandaswamy (skandasw) 
Hi Zhi:

FWaaS has been seen more as an edge (on L3 ports) use case as opposed to SG 
which is on a VM port. Also, as u can see there are differences in the 
attributes on the Rule specification at the most basic level. At this point, we 
are working thru the implementation of FWaaS on L2 ports so that makes ur 
question more relevant. At least one school of thought that we have been 
working with is that the FWaaS API can be more open and continue to evolve to 
support for instance L4-L7 use cases amongst others, but the SG API will 
continue to stay a simpler model (some have also pointed the need for SG to be 
aligned with AWS).

This is still in evolution and we would welcome participation, if u can - pls 
do drop in to our weekly team meeting [1] and we can discuss further.

Thanks

Sridar
[1] http://eavesdrop.openstack.org/#Firewall_as_a_Service_(FWaaS)_Team_Meeting


From: zhi <changzhi1...@gmail.com<mailto:changzhi1...@gmail.com>>
Reply-To: OpenStack List 
<openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>>
Date: Sunday, December 18, 2016 at 7:36 PM
To: OpenStack List 
<openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>>
Subject: Re: [openstack-dev] [neutron] Where will Neutron go in future?

Hi, Nate, thanks for your reply.

May I ask a little stupid question? What's the difference between fwaas and 
security group? In my opinion, fwaas and security group are both using linux 
iptables now. So, what's the differences between them?

Thanks
Zhi Chang
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Where will Neutron go in future?

2016-12-19 Thread German Eichberger 
You are correct LBaaS development has moved to the Octavia team. However, 
Octavia will have a way for 3rd party load balancers to plug in instead of the 
Octavia load balancing solution. The Octavia team is currently deciding if it 
should continue to support the Haproxy namespace driver as part of Octavia. If 
you have questions, feel free to stop by the Octavia meeting [1] or send an 
e-mail tagged [Octavia].

German

[1] http://eavesdrop.openstack.org/#Octavia_Meeting

From: Nate Johnston <openstackn...@gmail.com>
Reply-To: "OpenStack Development Mailing List (not for usage questions)" 
<openstack-dev@lists.openstack.org>
Date: Sunday, December 18, 2016 at 10:12 PM
To: "OpenStack Development Mailing List (not for usage questions)" 
<openstack-dev@lists.openstack.org>
Subject: Re: [openstack-dev] [neutron] Where will Neutron go in future?

The neutron-fwaas team is an active and enthusiastic participant in the Neutron 
stadium, and is targeting FWaaS v2 to complete in the Ocala release. Once FWaaS 
v2 is complete, the neutron-fwaas team will start deprecating FWaaS v1 in the 
Pike cycle.

--N.

On Sun, Dec 18, 2016 at 9:56 PM zhi 
<changzhi1...@gmail.com<mailto:changzhi1...@gmail.com>> wrote:
Deal all.

I have some questions about what will Neutron does in next releases.

As far as I know, LBaaSv2 will be deprecated in next 2 releases, maybe P 
release, we will not see LBaaSv2 anymore, isn't it? Instead of LBaaSv2( HAProxy 
driver based ), Octavia will be the only LBaaS solution, isn't it?

What's about namespace based L3 router? Do we have any ideas about NFV solution 
in L3 router just like Octavia?

Finally, where will Neutron *aaS go in future? Now, vpnaas was not part of 
neutron governance. What about fwaas? Do we deprecated it in next releases?

I wish someone could give some exact words about these. I will thanks a lot. :)


Thanks
Zhi Chang


__

OpenStack Development Mailing List (not for usage questions)

Unsubscribe: 
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe<http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe>

http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Where will Neutron go in future?

2016-12-18 Thread zhi 
Hi, Nate, thanks for your reply.

May I ask a little stupid question? What's the difference between fwaas and
security group? In my opinion, fwaas and security group are both using
linux iptables now. So, what's the differences between them?

Thanks
Zhi Chang
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Where will Neutron go in future?

2016-12-18 Thread Nate Johnston 
The neutron-fwaas team is an active and enthusiastic participant in the
Neutron stadium, and is targeting FWaaS v2 to complete in the Ocala
release. Once FWaaS v2 is complete, the neutron-fwaas team will start
deprecating FWaaS v1 in the Pike cycle.

--N.

On Sun, Dec 18, 2016 at 9:56 PM zhi  wrote:

> Deal all.
>
> I have some questions about what will Neutron does in next releases.
>
> As far as I know, LBaaSv2 will be deprecated in next 2 releases, maybe P
> release, we will not see LBaaSv2 anymore, isn't it? Instead of LBaaSv2(
> HAProxy driver based ), Octavia will be the only LBaaS solution, isn't it?
>
> What's about namespace based L3 router? Do we have any ideas about NFV
> solution in L3 router just like Octavia?
>
> Finally, where will Neutron *aaS go in future? Now, vpnaas was not part of
> neutron governance. What about fwaas? Do we deprecated it in next releases?
>
> I wish someone could give some exact words about these. I will thanks a
> lot. :)
>
>
> Thanks
> Zhi Chang
>
>
> __
>
> OpenStack Development Mailing List (not for usage questions)
>
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [neutron] Where will Neutron go in future?

2016-12-18 Thread zhi 
Deal all.

I have some questions about what will Neutron does in next releases.

As far as I know, LBaaSv2 will be deprecated in next 2 releases, maybe P
release, we will not see LBaaSv2 anymore, isn't it? Instead of LBaaSv2(
HAProxy driver based ), Octavia will be the only LBaaS solution, isn't it?

What's about namespace based L3 router? Do we have any ideas about NFV
solution in L3 router just like Octavia?

Finally, where will Neutron *aaS go in future? Now, vpnaas was not part of
neutron governance. What about fwaas? Do we deprecated it in next releases?

I wish someone could give some exact words about these. I will thanks a
lot. :)


Thanks
Zhi Chang
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev