the NIC in promiscuous mode and performance is a concern)
Thanks,
Louise
From: Liping Mao (limao) [mailto:li...@cisco.com]
Sent: Monday, September 19, 2016 11:08 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Kuryr] IPVLAN data path proposal
k List
mailto:openstack-dev@lists.openstack.org>>
Date: 2016年9月19日 星期一 下午5:26
To: OpenStack List
mailto:openstack-dev@lists.openstack.org>>
Subject: Re: [openstack-dev] [Kuryr] IPVLAN data path proposal
Hi Liping,
I am also on the team working on the ipvlan proposal and I will try and answer
: Re: [openstack-dev] [Kuryr] IPVLAN data path proposal
Hi Ivan,
I tried your proposal with manually steps in Mitaka, I use netns(instead of
docker container) and macvlan(instead of ipvlan) in my test:
https://lipingmao.github.io/2016/09/18/kuryr_macvlan_ipvlan_datapath_poc.html
Did I understand
.
Regards,
Liping Mao
From: Liping Mao mailto:li...@cisco.com>>
Reply-To: OpenStack List
mailto:openstack-dev@lists.openstack.org>>
Date: 2016年9月13日 星期二 下午7:56
To: OpenStack List
mailto:openstack-dev@lists.openstack.org>>
Subject: Re: [openstack-dev] [Kuryr] IPVLAN data
.
-Vikas
>
>
> Regards,
> Liping Mao
>
> From: Vikas Choudhary
> Reply-To: OpenStack List
> Date: 2016年9月14日 星期三 下午1:10
>
> To: OpenStack List
> Subject: Re: [openstack-dev] [Kuryr] IPVLAN data path proposal
>
>
>
> On Wed, Sep 14, 2016 at 10:33 AM
mailto:openstack-dev@lists.openstack.org>>
Subject: Re: [openstack-dev] [Kuryr] IPVLAN data path proposal
On Wed, Sep 14, 2016 at 10:33 AM, Vikas Choudhary
mailto:choudharyvika...@gmail.com>> wrote:
On Wed, Sep 14, 2016 at 9:39 AM, Liping Mao (limao)
mailto:li...@cisco.com&g
EABDEE83E1F.html
<http://www.brocade.com/content/html/en/configuration-guide/fastiron-08030b-securityguide/GUID-ED71C989-6295-4175-8CFE-7EABDEE83E1F.html>
>
>
>
>
>>
>> Regards,
>> Liping Mao
>>
>> From: Vikas Choudhary
>> Reply-To: OpenStack Li
Liping Mao
>
> From: Vikas Choudhary
> Reply-To: OpenStack List
> Date: 2016年9月14日 星期三 上午11:50
>
> To: OpenStack List
> Subject: Re: [openstack-dev] [Kuryr] IPVLAN data path proposal
>
>
>
> On Wed, Sep 14, 2016 at 7:10 AM, Liping Mao (limao)
> wrote:
iping Mao
From: Vikas Choudhary
mailto:choudharyvika...@gmail.com>>
Reply-To: OpenStack List
mailto:openstack-dev@lists.openstack.org>>
Date: 2016年9月14日 星期三 上午11:50
To: OpenStack List
mailto:openstack-dev@lists.openstack.org>>
Subject: Re: [openstack-dev] [Kuryr] IPVLAN data path
: 2016年9月13日 星期二 下午9:09
> To: OpenStack List
>
> Subject: Re: [openstack-dev] [Kuryr] IPVLAN data path proposal
>
> Hi Gary,
>
> I mean maybe that can be one choice in my mind.
>
> Security Group is for each neutron port,in this case,all the docker on one
> vm will share
On Tue, Sep 13, 2016 at 11:13 PM, Antoni Segura Puimedon wrote:
> On Tue, Sep 13, 2016 at 5:05 PM, Hongbin Lu wrote:
> >
> >
> > On Tue, Sep 13, 2016 at 2:10 AM, Vikas Choudhary
> > wrote:
> >>
> >>
> >>
> >> On Mon, Sep 12, 2016 at 9:17 PM, Hongbin Lu
> wrote:
> >>>
> >>> Ivan,
> >>>
> >>> Th
On Tue, Sep 13, 2016 at 5:26 PM, Liping Mao (limao) wrote:
> Hi Ivan,
>
> It sounds cool!
>
> for security group and allowed address pair,
> Maybe we can disable port-security,because all the docker in one vm will
> share one security group on the vm port. I'm not sure how to use sg for
> each do
On Tue, Sep 13, 2016 at 8:35 PM, Hongbin Lu wrote:
>
>
> On Tue, Sep 13, 2016 at 2:10 AM, Vikas Choudhary <
> choudharyvika...@gmail.com> wrote:
>
>>
>>
>> On Mon, Sep 12, 2016 at 9:17 PM, Hongbin Lu wrote:
>>
>>> Ivan,
>>>
>>> Thanks for the proposal. From Magnum's point of view, this proposal
ck-dev@lists.openstack.org>>
Date: 2016年9月13日 星期二 下午9:09
To: OpenStack List
mailto:openstack-dev@lists.openstack.org>>
Subject: Re: [openstack-dev] [Kuryr] IPVLAN data path proposal
Hi Gary,
I mean maybe that can be one choice in my mind.
Security Group is for each neutron port,in this case,all th
Sounds good!. Thanks for the clarification.
Best regards,
Hongbin
On Tue, Sep 13, 2016 at 1:43 PM, Antoni Segura Puimedon
wrote:
> On Tue, Sep 13, 2016 at 5:05 PM, Hongbin Lu wrote:
> >
> >
> > On Tue, Sep 13, 2016 at 2:10 AM, Vikas Choudhary
> > wrote:
> >>
> >>
> >>
> >> On Mon, Sep 12, 201
On Tue, Sep 13, 2016 at 5:05 PM, Hongbin Lu wrote:
>
>
> On Tue, Sep 13, 2016 at 2:10 AM, Vikas Choudhary
> wrote:
>>
>>
>>
>> On Mon, Sep 12, 2016 at 9:17 PM, Hongbin Lu wrote:
>>>
>>> Ivan,
>>>
>>> Thanks for the proposal. From Magnum's point of view, this proposal
>>> doesn't seem to require
On Tue, Sep 13, 2016 at 2:10 AM, Vikas Choudhary wrote:
>
>
> On Mon, Sep 12, 2016 at 9:17 PM, Hongbin Lu wrote:
>
>> Ivan,
>>
>> Thanks for the proposal. From Magnum's point of view, this proposal
>> doesn't seem to require to store neutron/rabbitmq credentials in tenant VMs
>> which is more de
on the consequences/acceptability of disabling SG?
Regards,
Gary
From: Liping Mao (limao) [mailto:li...@cisco.com]
Sent: Tuesday, September 13, 2016 12:56 PM
To: OpenStack Development Mailing List (not for usage questions)
mailto:openstack-dev@lists.openstack.org>>
Subject: Re: [openstack-dev] [K
, 2016 12:56 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Kuryr] IPVLAN data path proposal
Hi Ivan,
It sounds cool!
for security group and allowed address pair,
Maybe we can disable port-security,because all the docker in one vm will share
one
Hi Ivan?
It sounds cool?
for security group and allowed address pair?
Maybe we can disable port-security?because all the docker in one vm will share
one security group on the vm port. I'm not sure how to use sg for each
docker?maybe just disable port-security can be one of the choice. then do n
On Mon, Sep 12, 2016 at 9:17 PM, Hongbin Lu wrote:
> Ivan,
>
> Thanks for the proposal. From Magnum's point of view, this proposal
> doesn't seem to require to store neutron/rabbitmq credentials in tenant VMs
> which is more desirable. I am looking forward to the PoC.
>
Hogbin, Can you please el
Ivan,
Thanks for the proposal. From Magnum's point of view, this proposal doesn't
seem to require to store neutron/rabbitmq credentials in tenant VMs which
is more desirable. I am looking forward to the PoC.
Best regards,
Hongbin
On Mon, Sep 12, 2016 at 7:29 AM, Coughlan, Ivan
wrote:
>
>
> *Ov
Hi Ivan,
The approach looks very interesting and seems to be reasonable effort to
make it work with kuryr as alternative to the 'VLAN aware VM' approach.
Having container presented as neutron entity has its value, especially for
visibility/monitoring (i.e mirroring) and security (i.e applying secu
On Mon, Sep 12, 2016 at 1:42 PM, Antoni Segura Puimedon
wrote:
> On Mon, Sep 12, 2016 at 1:29 PM, Coughlan, Ivan
> wrote:
>>
>>
>> Overview
>>
>> Kuryr proposes to address the issues of double encapsulation and exposure of
>> containers as neutron entities when containers are running within VMs.
On Mon, Sep 12, 2016 at 1:29 PM, Coughlan, Ivan wrote:
>
>
> Overview
>
> Kuryr proposes to address the issues of double encapsulation and exposure of
> containers as neutron entities when containers are running within VMs.
>
> As an alternative to the vlan-aware-vms and use of ovs within the VM,
Overview
Kuryr proposes to address the issues of double encapsulation and exposure of
containers as neutron entities when containers are running within VMs.
As an alternative to the vlan-aware-vms and use of ovs within the VM, we
propose to:
- Use allowed-address-pairs configuration fo
26 matches
Mail list logo