Hi Vikash,
I am wondering why you need to have specs approved to have things
working as you want? There's nothing that prevent you to have openstack
support whatever you want except probably for vendor proprietary plugins.
Install OpenStack with Neutron, search for one of the multi patches that
Hi Racha,
To answer ur question, by going on to future requirements of service
insertion (especially L2) we thought that this seems to be one of the
basic requirement and openstack should have it. As u can see in this thread
*Prasad* has pointed one of the detailed use case and we can
Aaron
One use case is that tenant would like to put all the servers in a single
broadcast domain (thus single IP/subnet domain). The servers can include
the 3 tier servers (web database and application server). Why would he do
that - Because it is simpler.
Then the tenant would like to put
Hi,
(2014/04/17 21:29), CARVER, PAUL wrote:
Akihiro Motoki wrote:
To cope with such cases, allowed-address-pairs extension was implemented.
http://docs.openstack.org/api/openstack-network/2.0/content/allowed_address_pair_ext_ops.html
Question on this in particular: Is a tenant permitted to
Sorry not really. It's still not clear to me why multiple nics would be
required on the same L2 domain. Would you mind drawing your use case here:
http://asciiflow.com/ (or maybe google docs) labeling the different
interfaces with ips and the flow of packets you want. Also perhaps their
header
Hi Kevin,
You'd would just create ports that aren't attached to instances and steal
their ip_addresses from those ports and put those in the
allowed-address-pairs on a port OR you could change the allocation range on
the subnet to ensure these ips were never handed out. That's probably the
right
This seems painful for a tenant workflow to get multiple addresses. I would
like to improve this during the Juno cycle. What is the limitation that is
blocking the multi-nic use cases? Is it Nova?
On Wed, Apr 16, 2014 at 11:27 PM, Aaron Rosen aaronoro...@gmail.com wrote:
Hi Kevin,
You'd
Nova currently is preventing one from attaching multiple nics on the same
L2. That said I don't think we've clearly determined a use case for having
multiple nics on the same L2. One reason why we don't allow this is doing
so would allow a tenant to easily loop the network and cause a bcast storm
Well we definitely need a better way to get multiple IP addresses onto one
host. The current steps are terrible for a user and even for an
orchestration system like heat. I can't imagine how convoluted a template
would look to automate that process...
I'm not suggesting multiple NICs is the only
Akihiro Motoki wrote:
To cope with such cases, allowed-address-pairs extension was implemented.
http://docs.openstack.org/api/openstack-network/2.0/content/allowed_address_pair_ext_ops.html
Question on this in particular: Is a tenant permitted to do this? If so, what
exactly is the iptables
Aaron Rosen wrote:
Sorry not really. It's still not clear to me why multiple nics would be
required on the same L2 domain.
I’m a fan of this old paper for nostalgic reasons
http://static.usenix.org/legacy/publications/library/proceedings/neta99/full_papers/limoncelli/limoncelli.pdf
but a
I don't see any indication that a floating ip can be associated with
any of the secondary addresses. Can this be done?
If not, then multiple addresses are not useful if a floating ip is
required to make the server public facing.
Carl
On Wed, Apr 16, 2014 at 10:46 PM, Aaron Rosen
On 04/17/2014 06:37 AM, CARVER, PAUL wrote:
Aaron Rosen wrote:
Sorry not really. It's still not clear to me why multiple nics would be
required on the same L2 domain.
I’m a fan of this old paper for nostalgic reasons
This review seems to suggest that it can be done:
https://review.openstack.org/#/c/85432
I was not able to reproduce this in devstack. How does this work? My
nova command to add an IP return success but didn't seem to actually
add an IP address to the instance and did not show in neutron
*With 'interfaces' I mean 'nics' of VM*.
On Wed, Apr 16, 2014 at 4:18 PM, Vikash Kumar
vikash.ku...@oneconvergence.com wrote:
Hi,
I want to launch one VM which will have two Ethernet interfaces with
IP of single subnet. Is this supported now in openstack ? Any suggestion ?
Thanx
Hi Vikash,
Currently this is not supported. the NIC not only needs to be in different
subnet, they have to be in different network as well (container for the
subnet)
Thanks
Ronak
On Wed, Apr 16, 2014 at 3:51 AM, Vikash Kumar
vikash.ku...@oneconvergence.com wrote:
*With 'interfaces' I mean
This is true. Several people have asked this same question over the years
though I've yet to hear a use case why one really need to do this. Do you
have one?
On Wed, Apr 16, 2014 at 3:12 PM, Ronak Shah ro...@nuagenetworks.net wrote:
Hi Vikash,
Currently this is not supported. the NIC not only
Aaron,
One of the use case is to create L2 segments in a network. I can
elaborate this use case if u want.
On Thu, Apr 17, 2014 at 6:20 AM, Aaron Rosen aaronoro...@gmail.com wrote:
This is true. Several people have asked this same question over the years
though I've yet to hear a use
Yes please... I don't see why one would need two interfaces on the same L2
to do that though.
On Wed, Apr 16, 2014 at 8:29 PM, Vikash Kumar
vikash.ku...@oneconvergence.com wrote:
Aaron,
One of the use case is to create L2 segments in a network. I can
elaborate this use case if u want.
Web server running multiple SSL sites that wants to be compatible with
clients that don't support the SNI extension. There is no way for a server
to get multiple IP addresses on the same interface is there?
On Wed, Apr 16, 2014 at 5:50 PM, Aaron Rosen aaronoro...@gmail.com wrote:
This is true.
You can do it with ip aliasing and use one interface:
ifconfig eth0 10.0.0.22/24
ifconfig eth0:1 10.0.0.23/24
ifconfig eth0:2 10.0.0.24/24
2: eth0: NO-CARRIER,BROADCAST,MULTICAST,UP mtu 1500 qdisc mq state DOWN
qlen 1000
link/ether 40:6c:8f:1a:a9:31 brd ff:ff:ff:ff:ff:ff
inet
On 17/04/14 14:20, Aaron Rosen wrote:
You can do it with ip aliasing and use one interface:
ifconfig eth0 10.0.0.22/24 http://10.0.0.22/24
ifconfig eth0:1 10.0.0.23/24 http://10.0.0.23/24
ifconfig eth0:2 10.0.0.24/24 http://10.0.0.24/24
The 'ip' command can also do it.
ip address add
I'd like to see your use case too.
I heard a similar demand recently.
It is a case of migration of legacy applicaitons to virtual platform
and the applications which manages redandunt NICs directly and they just
want not to change the applcations itself. It is just server
consolidation and not a
Lets say I have source S1 on n/w net1, destination S2 on net1 and i want to
firewall traffic coming from S1 destined to S2. I can use L3 firewall but
in that case the packet headers will have different values, not the same
source and destination. Instead, we can divide network in L2 segments and
I was under the impression that the security group rules blocked addresses
not assigned by neutron[1].
1.
https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_firewall.py#L188
On Wed, Apr 16, 2014 at 9:20 PM, Aaron Rosen aaronoro...@gmail.com wrote:
You can do it with
To cope with such cases, allowed-address-pairs extension was implemented.
http://docs.openstack.org/api/openstack-network/2.0/content/allowed_address_pair_ext_ops.html
(2014/04/17 13:39), Kevin Benton wrote:
I was under the impression that the security group rules blocked
addresses not assigned
Hi Vikash,
Sorry I don't really follow your example. You're saying you have have two
hosts S1 and S2 that are connected to the same network. Would you mind
explaining this example in a little more details, what ip's do they have
how many interfaces, etc? I've quite curious to hear.
Best,
Aaron
The allowed-address-pair extension that was added here (
https://review.openstack.org/#/c/38230/) allows us to add arbitrary ips to
an interface to allow them. This is useful if you want to run something
like VRRP between two instances.
On Wed, Apr 16, 2014 at 9:39 PM, Kevin Benton
Whoops Akihiro beat me to it :)
On Wed, Apr 16, 2014 at 9:46 PM, Aaron Rosen aaronoro...@gmail.com wrote:
The allowed-address-pair extension that was added here (
https://review.openstack.org/#/c/38230/) allows us to add arbitrary ips
to an interface to allow them. This is useful if you want
Yeah, I was aware of allowed address pairs, but that doesn't help with the
IP allocation part.
Is this the tenant workflow for this use case?
1. Create an instance.
2. Wait to see what which subnet it gets an allocation from.
3. Pick an IP from that subnet that doesn't currently appear to be in
Kevin , this can be one approach but not sure. But certainly won't solve
all cases. :)
On Thu, Apr 17, 2014 at 10:33 AM, Kevin Benton blak...@gmail.com wrote:
Yeah, I was aware of allowed address pairs, but that doesn't help with the
IP allocation part.
Is this the tenant workflow for
Aaron,
The idea is to steer packets coming from source S1 ( belong to net1)
destined to destination D1 (belong to net1) through bunch of L2 appliances
(like firewall) without modifying packet headers. The core idea is to keep
appliances (on net1), source S1 (VM on net1) and destination D1(VM
32 matches
Mail list logo
