People need high performance but also xaaS integrated, slow and free but
also packet logged. And lots of back-ends have multiple characters.
According to the example described in this thread, those characters really
should be modeled as different flavors.
Indeed, I think people just want to know
Under current FWaaS architecture or framework, only integrating hardware
firewall is not easy. That requires neutron support service level multiple
vendors. In another word, vendors must fit each other for their services
while currently vendors just provides all services through controller.
I don't know if this would make more sense. Let's assume that
we add arbitrary blobs(ABs) to IPAM even every neutron object. What
would happen? People can do anything via those APIs. Any new
attribute even the whole model could be passed through those
so-called ABs. Except the architecture issues,
in level operation should probably query all the
> mechanism drivers.
> Anyway, If this is something you'd like to see implemented (regardless of
> whether my analysis matches your use case) you should considering filing a
> RFE bug so that it will be considered during the drivers meetings.
I plan to test the https functionality of lbaas. Can anyone paste some
guide hyperlink about installation, deployment and operation?
OpenStack Development Mailing List (not for usage
Thank you so much.
I think I see your points now. Next step, I will have a try to check it.
On Mon, Oct 12, 2015 at 11:11 PM, Salvatore Orlando <salv.orla...@gmail.com>
> On 12 October 2015 at 10:23, G
omments, what is it that you want to see?
> On Mon, Oct 12, 2015 at 12:29 AM, Germy Lure <germy.l...@gmail.com> wrote:
>> Hi Kevin,
>> *Thank you for your response. Periodic data checking is a popular and
>> effective method to sync info. But there is no su
> You can have a periodic task that asks your backend if it needs sync info.
> Another option is to define a vendor-specific extension that makes it easy
> to retrieve all info in one call via the HTTP API.
> On Sat, Oct 10, 2015 at 2:24 AM, Germy Lure <germy.l...@g
> disable the Nova callbacks on the Neutron side because the Havana version
> wasn't expecting them.
> I've tried out many N+1 combinations (e.g. Icehouse + Juno, Juno + Kilo)
> but I haven't tried a gap that big.
> Kevin Benton
> On Sat, Oct 10, 2015 at
As you know, openstack projects are developed separately. And
theoretically, people can create networks with Neutron in Kilo version for
Nova in Havana version.
Did Anyone tried it?
Do we have some pages to show what combination can work together?
After restarting, Agents load data from Neutron via RPC. What about 3-rd
controller? They only can re-gather data via NBI. Right?
Is it possible to provide some mechanism for those controllers and agents
to sync data? or something else I missed?
Congratulations, eventually you understand what I mean.
Yes, in bulk. But I don't think that's an enhancement to the API. The bulk
operation is more common scenario. It is more useful and covers the single
By the way, bulk operation may apply to a subnet, a
> Of course keep in mind that we didnt yet discuss full API details but its
> going to be something like that (at least the way i see it)
> Hope thats explains it.
> On Mon, Sep 7, 2015 at 5:21 AM, Germy Lure <germy.l...@gmail.com> wrote:
> On Sun, Sep 6, 2015 at 5:39 AM, Germy Lure <germy.l...@gmail.com> wrote:
>> Hi, Gal
>> Thank you for bringing this up. But I have some suggestions for the API.
>> An operator or some other component wants t
Thank you for bringing this up. But I have some suggestions for the API.
An operator or some other component wants to reach several VMs related NOT
only one or one by one. Here, RELATED means that the VMs are in one subnet
or network or a host(similar to reaching dockers on a host).
It's Interesting! I have three points for you here.
a.Support packet tracking which show the path of a packet traveled on the
host, even on the source/destination host.
b.Given a communication type and packet characteristic to find out the
fault point. For example, if you want VM1 talk with
common.config should be global and general while agent.config should be
local and related to the special back-end.
Maybe, we can add different prefix to the same option.
On Mon, Aug 31, 2015 at 11:13 PM, Kevin Benton wrote:
> neutron.common.config should have
I have two points.
a. For the problem in this thread, my suggestion is to introduce new
concepts to replace the existing firewall and SG.
Perhaps you have found the overlap between firewall and SG. It's trouble
for user to select.
So the new concepts are edge-firewall for N/S traffic and
I have reviewed the specification linked above. Thank you for introducing
such an interesting and important feature. But as I commented inline, I
think it still need some further work to do. Such as how to get those logs
stored? To admin and tenant, I think it's different.
Maybe I missed some key points. But why we introduced vpn-endpoint groups
ipsec-site-connection for IPSec VPN only, gre-connection for GRE VPN
only, and mpls-connection for MPLS VPN only. You see, different
connections for different vpn types. Indeed, We can't reuse connection API.
I think we just power the scheduler API to be able to add and remove
candidates is enough.
As mentioned this thread, the agent just doesn't receive new request but
still keep old service alive.
So, just stop schedule new request to it. Direct and simple.
Hope my expression is clear
on L3. From this point, L2 is the core of network
service and L3 is the core of other advanced services. ML3 is coming.
Besides, It's strange that L3's API contains a field called snat_enable.
On Wed, Nov 5, 2014 at 5:37 PM, Akilesh K akilesh1...@gmail.com wrote:
if multiple snat ip is needed, and control which tenant ip is
served by each snat ip, separate plugin may be needed.
Sent from my iPad
On 2014-11-6, at 下午6:21, Germy Lure germy.l...@gmail.com wrote:
Hi Carl and Akilesh,
Thank you for your response and explanation.
My manager tells me
Router, at least SNAT. IMHO it's better to provide a unified service
including all kinds of AT, such as FIP, SNAT and DNAT.
On Fri, Nov 7, 2014 at 2:42 PM, Germy Lure germy.l...@gmail.com wrote:
Thanks for your response. I have some comments inline.
downtime and stray flows.
*From:* Germy Lure [mailto:germy.l...@gmail.com]
*Sent:* den 5 november 2014 10:46
*To:* OpenStack Development Mailing List (not for usage questions)
*Subject:* Re: [openstack-dev] [neutron][TripleO] Clear all flows when
ovs agent start? why
a startup flag to reset all flows and
not reset them by default.
While I agree the flow synchronisation process proposed in the previous
post is valuable too, I hope we might be able to fix this with a simpler
On 5 November 2014 04:43, Germy Lure germy.l...@gmail.com wrote
Consider the triggering of restart agent, I think it's nothing but:
1). only restart agent
2). reboot the host that agent deployed on
When the agent started, the ovs may:
a.have all correct flows
b.have nothing at all
c.have partly correct flows, the others may need to be reprogrammed,
Address Translation(FIP, snat and dnat) looks like an advanced service. Why
it is integrated into L3 router? Actually, this is not how it's done in
practice. They are usually provided by Firewall device but not router.
What's the design concept?
I think firstly you can just check that if you could ping from left to
right without installing VPN connection.
If it worked, then you should cat the system logs to confirm the
You can ping and tcpdump to dialog where packets are blocked.
I think we should
Hi, Xu Han,
Can we distinguish version by parsing the opt_value? Is there any service
binding v4 address but providing service for v6? or v6 for v4?
BTW, Why not the format is directly opt_name_value:opt_value_value, like
On Fri, Sep 26, 2014 at 2:39 PM,
I have an idea about service provider framework. Anyone interested in this
topic can give me some suggestions.
My idea is that providers report their services capability dynamically not
configured in neutron.conf. See details by the link below.
I think the vendor company has many experts to review their codes. They can
do it well.
But I still have some comments inline.
On Thu, Sep 18, 2014 at 1:42 PM, trinath.soman...@freescale.com
Though Code reviews for vendor code takes
comments inline, but unless growing another monster thread
I'd rather start a different, cross-project discussion (which will
hopefully not become just a cross-project monster thread!)
On 15 September 2014 08:29, Germy Lure germy.l...@gmail.com wrote:
Obviously, to a vendor's plugin
there for referencing and version releasing.
Any vendor would not maintain the open source codes, the community only.
On Fri, Sep 12, 2014 at 1:50 AM, Germy Lure germy.l...@gmail.com wrote:
On Fri, Sep 12, 2014 at 11:11 AM, Kevin Benton blak...@gmail.com wrote:
Maybe I missed something
and API. The community should ensure core and API stable
enough and high quality. Vendors for external drivers.
Who provides, who maintains(including development, storage, distribution,
On Thu, Sep 11, 2014 at 7:24 PM, Germy Lure germy.l...@gmail.com wrote:
Some comments inline
According to my statistics(J2), the LOC of vendors' plugin and driver is
about 102K, while the whole under neutron is 220K.
That is to say the community has paid and is paying over 46% energy to
maintain vendors' code. If we take mails, bugs,
BPs and so on into consideration, this
Network TOPO like this: VM1(net1)--Router1---IPSec VPN
If left and right side deploy on different OpenStack environments, it works
well. But in the same environment, Router1 and Router2 are namespace
implement in the same network node. I cannot
Mail list logo