Harm,
We were not able to enable dual stack with l3 routers in Juno release. You may
need to wait for Kilo to see if that can be pushed in.
Xu Han
—
Xu Han Peng (xuhanp)
On Sat, Nov 22, 2014 at 3:03 AM, Harm Weites wrote:
> Hi,
> We're running Juno since a few weeks now, is it now possib
Hey,
Since we don't have any slot for ipv6 in summit to meet up, can we have a lunch
meetup together tomorrow (11/7 Friday)?
We can meet at 12:30 at the meet up place Neuilly lobby of Le Meridien and go
to lunch together after that.
Xu Han
—
Sent from Mailbox for iPhone
There is a blueprint for supporting StrongSwan in Kilo release:
https://review.openstack.org/#/c/101457/
Xu Han
—
Xu Han Peng (xuhanp)
On Sun, Oct 12, 2014 at 12:26 PM, Thomas Goirand wrote:
> Hi,
> As you may know, OpenSwan has been largely unmaintained in Debian, and
> then was removed f
As a follow-up action of yesterday's IPv6 sub-team meeting, I would like to
start a discussion about how to support l3 agent HA when IP version is
IPv6.
This problem is triggered by bug [1] where sending gratuitous arp packet
for HA doesn't work for IPv6 subnet gateways. This is because neighbor
d
We bumped the minimum version of dnsmasq to 2.63 a while ago by this code
change:
https://review.openstack.org/#/c/105378/
However, currently we still "kind of" support earlier version of dnsmasq
because we only give a warning and don't exit the program when we find
dnsmasq version is less than t
Thanks Kyle and everyone for supporting this! Will try the best to make the
code ready for Juno-3.
Xu Han
—
Sent from Mailbox for iPhone
On Fri, Jul 25, 2014 at 11:06 PM, Kyle Mestery
wrote:
> On Thu, Jul 24, 2014 at 8:46 PM, CARVER, PAUL wrote:
>> Collins, Sean wrote:
>>
>>> On Wed, Jul 23
Sorry to interrupt this discussion.
Sean,
Since I'm working the neutron client code change, by looking at your code
change to nova client, looks like only X-Auth-Token is taken care of in
http_log_req. There is also password in header and token id in response. Any
particular reason that
we need
> a better strategy for RA spoofing. Currently, rogue RAs are dropped at the
> receiving end. Would it be better to stop them at the source and to allow
> RAs being SENT from the legitimate sources only?
>
> thanks,
> Robert
>
>
>
> On 4/25/14, 5:46 AM, "
Sean and Robert,
Sorry for replying this late, but after giving this a second thought, I
think it makes sense to not allow a subnet with a LLA gateway IP address to
be attached to a neutron router for the following reasons:
1. A subnet with LLA address gateway specified is only used to receive RA
Sean,
Sure. Thanks for fixing this.
Xuhan
On Tue, Apr 8, 2014 at 3:42 PM, Da Zhao Y Yu wrote:
> Hi Sean,
>
> That's OK for me, thanks for your work.
>
>
> Thanks & Best Regards
> Yu Da Zhao(于大钊)
> --
> Cloud Solutions & OpenStack Development
> C
Hi Neutron stackers,
I have a question about how to fix the problem of DHCP port address being
SNAT by L3 agent.
I have my neutron DHCP agent and L3 agent running on the same network node,
and I disabled namespace usage in both agent configuration. I have one
router created with one external netw
Sean,
I've added Salvatore's code review of "Hide ipv6 subnet API attributes" to
our discussion list.
https://review.openstack.org/#/c/85869/
Xuhan
On Tue, Apr 8, 2014 at 4:49 AM, Collins, Sean <
sean_colli...@cable.comcast.com> wrote:
> Hi,
>
> I've added a section for tomorrow's agenda, pl
Martinx,
Here is Shi Xiong's patch link: https://review.openstack.org/#/c/70649/
If you can use git, you can try:
git fetch https://review.openstack.org/openstack/neutronrefs/changes/49/70649/15
&& git format-patch -1 --stdout FETCH_HEAD
It may cause some code merge effort after you apply the
sed by security group API.
>>>Does a user need to configure security group to allow IPv6 RA? or
>>>should it be allowed in infra side?
>>>
>>>In the current implementation DHCP packets are allowed by provider
>>>rule (which is hardcoded in neutron code now).
>
I opened a bug [1] and submitted a patch [2] to solve this short term
(hopefully for Icehouse)
[1] https://bugs.launchpad.net/neutron/+bug/1289088
[2] https://review.openstack.org/#/c/78835/
Xuhan
On Thu, Mar 6, 2014 at 5:42 PM, Xuhan Peng wrote:
> Sean, you are right. It doesn't wor
at 12:01:00PM -0500, Brian Haley wrote:
> > On 03/03/2014 11:18 AM, Collins, Sean wrote:
> > > On Mon, Mar 03, 2014 at 09:39:42PM +0800, Xuhan Peng wrote:
> > >> Currently, only security group rule direction, protocol, ethertype
> and port
> > >> range are sup
his table can also be used for other
firewall rule key values.
API change is also needed.
Please let me know your comments about this blueprint.
[1]
https://blueprints.launchpad.net/neutron/+spec/security-group-icmp-type-filter
[2] https://review.openstack.org/#/c
Randy,
I haven't checked the code detail yet, but I have a general question about
this blueprint. Considering multiple external networks on L3 agent is
supported [1]. Do you think it's still necessary to use separate subnets on
one external network for IPv4 and IPv6 instead of using two external
n
s-on-gateway-port
> [2]
> https://blueprints.launchpad.net/neutron/+spec/dnsmasq-bind-into-qrouter-namespace
>
>
>
> On Thu, Feb 27, 2014 at 12:49 AM, Xuhan Peng wrote:
>
>> As the follow up action of IPv6 sub-team meeting [1], I created a new
>> blueprint [2] to st
Abishek,
The two attributes are editable if you look at Sean's patch
https://review.openstack.org/#/c/52983/27/neutron/api/v2/attributes.py. The
"allow_put" is set to be "True" for these two attributes.
Xuhan
On Sat, Mar 1, 2014 at 2:26 AM, Abishek Subramanian (absubram) <
absub...@cisco.com> wr
Here is a list of related blueprint and bug patches:
Create new IPv6 attributes for Subnets
https://review.openstack.org/#/c/52983/
Ensure entries in dnsmasq belong to a subnet using DHCP
https://review.openstack.org/#/c/64578/
Calculate stateless IPv6 address
https://review.openstack.org/#/c/56
Robert,
Thanks for your comments! See my replies inline.
On Thu, Feb 27, 2014 at 9:56 PM, Robert Li (baoli) wrote:
> Hi Xuhan,
>
> Thank you for your summary. see comments inline.
>
> --Robert
>
> On 2/27/14 12:49 AM, "Xuhan Peng" wrote:
>
>As
As the follow up action of IPv6 sub-team meeting [1], I created a new
blueprint [2] to store both IPv6 LLA and GUA address on router interface
port.
Here is what it's about:
Based on the two modes (ipv6-ra-mode and ipv6-address-mode) design[3], RA
can be sent from both openstack controlled dnsmas
other network resources.
>
> Thanks,
> Oleg
>
>
> On Wed, Feb 26, 2014 at 1:50 PM, Xuhan Peng wrote:
>
>> Hello,
>>
>> This email is triggered by the comments I received in my patch [1] when
>> trying to fix bug [2].
>>
>> The problem I was t
Hello,
This email is triggered by the comments I received in my patch [1] when
trying to fix bug [2].
The problem I was trying to fix is that current firewall remains in status
"ACTIVE" after admin state is changed to "DOWN". My plan is to change the
status of firewall from ACTIVE to DOWN when ad
comments are appreciated!
Xuhan Peng (irc: xuhanp)
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
For Question 1, I think we can allow potential use cases (even OpenStack
doesn't support it for now), but we should not permit the combinations of
modes which don't make any sense.
For Question 2, for modes which don't make sense, I think error messages
and return code are needed. For mode combina
Shixiong,
I'm fine with the current two modes design.
—
Xu Han Peng (xuhanp)
On Sat, Jan 25, 2014 at 5:17 AM, Shixiong Shang
wrote:
> Any decisions yet?
> Shixiong
> On Jan 23, 2014, at 7:45 AM, Veiga, Anthony
> wrote:
>>
>>> An openstack deployment with an external DHCP server is definetel
Ian,
I think the last "two attributes" PDF from Shixiong's last email is trying to
solve the problem you are saying, right?
—
Xu Han Peng (xuhanp)
On Wed, Jan 22, 2014 at 8:15 PM, Ian Wells wrote:
> On 21 January 2014 22:46, Veiga, Anthony
> wrote:
>>
>>Hi, Sean and Xuhan:
>>
>> I tota
In my opinion the provider network extension can also be used for mapping
the tenant network directly to the physical network. For example, as shown
in the official admin guide openvswitch scenario1 [1], we can configure
tenant network to use segmentation id 101 to connect to VLAN 101 of
physical s
Ian, thanks for asking! I replied in the other thread. It works for me!
On Fri, Dec 20, 2013 at 8:23 AM, Ian Wells wrote:
> Xuhan, check the other thread - would 1500UTC suit?
>
>
> On 19 December 2013 01:09, Xuhan Peng wrote:
>
>> Shixiong and guys,
>>
>>
15UTC is 23PM in China, not ideal, but I am OK with that :-)
On Fri, Dec 20, 2013 at 8:20 AM, Ian Wells wrote:
> I'm easy.
>
>
> On 20 December 2013 00:47, Randy Tuttle wrote:
>
>> Any of those times suit me.
>>
>> Sent from my iPhone
>>
>> On Dec 19, 2013, at 5:12 PM, "Collins, Sean" <
>> sea
I am reading through the blueprint created by Randy to bind dnsmasq into
qrouter- namespace:
https://blueprints.launchpad.net/neutron/+spec/dnsmasq-bind-into-qrouter-namespace
I don't think I can follow the reason that we need to change the namespace
which contains dnsmasq process and the device
Shixiong and guys,
The sub team meeting is too early for china IBM folks to join although we
would like to participate the discussion very much. Any chance to rotate
the time so we can comment?
Thanks, Xuhan
On Thursday, December 19, 2013, Shixiong Shang wrote:
> Hi, Ian:
>
> I agree with you o
I think slaac was original excluded to make --enable-ra not specified when
only slaac is given to an subnet's dhcp mode.
However, when I checked the example conf file of dnsmasq:
http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq.conf.example
enable-ra is explained as:
# Do router advertisements
35 matches
Mail list logo