Re: [openstack-dev] [oslo] instance lock and class lock

2014-09-04 Thread Zang MingJie
does it require bp or bug report to submit oslo.concurrency patch ? On Wed, Sep 3, 2014 at 7:15 PM, Davanum Srinivas dava...@gmail.com wrote: Zang MingJie, Can you please consider submitting a review against oslo.concurrency? http://git.openstack.org/cgit/openstack/oslo.concurrency/tree

[openstack-dev] [oslo] instance lock and class lock

2014-09-02 Thread Zang MingJie
Hi all: currently oslo provides lock utility, but unlike other languages, it is class lock, which prevent all instances call the function. IMO, oslo should provide an instance lock, only lock current instance to gain better concurrency. I have written a lock in a patch[1], please consider pick

Re: [openstack-dev] [designate] [neutron] designate and neutron integration

2014-08-25 Thread Zang MingJie
I don't like the idea that uses bind9 views to split networks, due to follow reasons: the designate may not or hard to know the router's public address non-router may exist for some isolate networks there is no routes in our dhcp namespace currently I suggest run one bind9 instance for each

Re: [openstack-dev] [Neutron] l2pop problems

2014-08-05 Thread Zang MingJie
mathieu.ro...@gmail.com wrote: Hi Zang, On Wed, Jul 16, 2014 at 4:43 PM, Zang MingJie zealot0...@gmail.com wrote: Hi, all: While resolving ovs restart rebuild br-tun flows[1], we have found several l2pop problems: 1. L2pop is depending on agent_boot_time to decide whether send all port

[openstack-dev] [Neutron] l2pop problems

2014-07-16 Thread Zang MingJie
Hi, all: While resolving ovs restart rebuild br-tun flows[1], we have found several l2pop problems: 1. L2pop is depending on agent_boot_time to decide whether send all port information or not, but the agent_boot_time is unreliable, for example if the service receives port up message before agent

Re: [openstack-dev] [OpenStack-dev][neutron] can't notify the broadcast fdb entries

2014-07-09 Thread Zang MingJie
Hi: We are encountered the same problem here. some of our ovs-agent haven't received any fdb entry after a restart To solve the problem I'm going to add a rpc call to l2pop mechanism driver, when triggered, the l2pop send all fdb entries to the agent. The agent call the driver while starting.

Re: [openstack-dev] [Neutron] DVR SNAT shortcut

2014-07-03 Thread Zang MingJie
Although the SNAT DVR has some trade off, I still think it is necessary. Here is pros and cons for consideration: pros: save W-E bandwidth high availability (distributed, no single point failure) cons: waste public ips (one ip per compute node vs one ip per l3-agent, if double-SNAT

Re: [openstack-dev] [Neutron] DVR SNAT shortcut

2014-06-26 Thread Zang MingJie
taken with the initial DVR implementation is to keep default SNAT as a centralized service. - Jack -Original Message- From: Zang MingJie [mailto:zealot0...@gmail.com] Sent: Wednesday, June 25, 2014 6:34 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re

[openstack-dev] [Neutron] DVR SNAT shortcut

2014-06-25 Thread Zang MingJie
of public ips, in trade of introducing a single failure point, and limiting the bandwidth of the network node. If the SNAT performance problem can be solved, I'll encourage people to use SNAT over floating ips. unless the VM is serving a public service -- Zang MingJie

Re: [openstack-dev] [Neutron] DVR SNAT shortcut

2014-06-25 Thread Zang MingJie
haven't seen it has been touched for a while yong sheng gong On Wed, Jun 25, 2014 at 4:30 PM, Zang MingJie zealot0...@gmail.com wrote: Hi: In current DVR design, SNAT is north/south direction, but packets have to go west/east through the network node. If every compute node is assigned

Re: [openstack-dev] [Neutron][ML2] Modular L2 agent architecture

2014-06-19 Thread Zang MingJie
Hi: I don't like the idea of ResourceDriver and AgentDriver. I suggested use a singleton worker thread to manager all underlying setup, so the driver should do nothing other than fire a update event to the worker. The worker thread may looks like this one: # the only variable store all local

Re: [openstack-dev] [Neutron] SSL VPN Implemenatation

2014-06-17 Thread Zang MingJie
On Thu, May 29, 2014 at 6:57 AM, Nachi Ueno na...@ntti3.com wrote: Hi Zang Since, SSL-VPN for Juno bp is approved in neturon-spec, I would like to restart this work. Could you share your code if it is possible? Also, Let's discuss how we can collaborate in here. Currently We are running

Re: [openstack-dev] [Neutron][ML2] Modular L2 agent architecture

2014-06-17 Thread Zang MingJie
Hi: Awesome! Currently we are suffering lots of bugs in ovs-agent, also intent to rebuild a more stable flexible agent. Taking the experience of ovs-agent bugs, I think the concurrency problem is also a very important problem, the agent gets lots of event from different greenlets, the rpc, the

[openstack-dev] [Neutron] Monitoring agent

2014-05-15 Thread Zang MingJie
collect port statistics for analysis. Look for suggestion Regards -- Zang MingJie ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Neutron] [LBaaS][VPN][Barbican] SSL cert implementation for LBaaS and VPN

2014-05-07 Thread Zang MingJie
+1 to implement a modular framework where user can choose whether to use barbican or sqldb On Fri, May 2, 2014 at 4:28 AM, John Wood john.w...@rackspace.com wrote: Hello Samuel, Just noting that the link below shows current-state Barbican. We are in the process of designing SSL certificate

[openstack-dev] [Neutron] SSL VPN Implemenatation

2014-04-29 Thread Zang MingJie
Hi all: Currently I'm working on ssl vpn, based on patchsets by Nachi[1] and Rajesh[2] There are secure issues pointed by mark, that ssl private keys are stored plain in database and in config files of vpn-agents. As Barbican is incubated, we can store certs and their private keys in Barbican.

Re: [openstack-dev] [Neutron] Provider Framework and Flavor Framework

2014-04-17 Thread Zang MingJie
Hi Eugene: I have several questions 1. I wonder if tags is really needed. for example, if I want a ipsec vpn, I'll define a flavor which is directly refer to ipsec provider. If using current design, almost all users will end up creating flavors like this: ipsec tags=[ipsec] sslvpn tags=[sslvpn]

[openstack-dev] [Neutron] Does l2-pop sync fdb on agent start ?

2014-02-26 Thread Zang MingJie
Hi all, I found my ovs-agent has missed some tunnels on br-tun. I have l2-pop enabled, if some fdb entries is added while the agent is down, can it be added back once the agent is back ? ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org

[openstack-dev] [Neutron] ML2 improvement, more extensible and more modular

2013-12-04 Thread Zang MingJie
/37893/ -- Zang MingJie ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Reg : Security groups implementation using openflows in quantum ovs plugin

2013-12-03 Thread Zang MingJie
just hit an ovs bug. Édouard. On Fri, Nov 29, 2013 at 1:11 PM, Zang MingJie zealot0...@gmail.com wrote: On Fri, Nov 29, 2013 at 2:25 PM, Jian Wen jian@canonical.com wrote: I don't think we can implement a stateful firewall[1] now. I don't think we need a stateful firewall

Re: [openstack-dev] Reg : Security groups implementation using openflows in quantum ovs plugin

2013-11-29 Thread Zang MingJie
On Fri, Nov 29, 2013 at 2:25 PM, Jian Wen jian@canonical.com wrote: I don't think we can implement a stateful firewall[1] now. I don't think we need a stateful firewall, a stateless one should work well. If the stateful conntrack is completed in the future, we can also take benefit from it.

Re: [openstack-dev] [Neutron] Campus Network Blueprint

2013-07-12 Thread Zang MingJie
Hi Filipe: I disagree your ml2-external-port BP It is unsuitable to connect multiple l2 networks directly, there may be ip conflict, dhcp conflict and other problems. although neutron dhcp agent won't respond dhcp request from unknown source, an external dhcp may respond vm dhcp request. If we

Re: [openstack-dev] [Openstack-dev] [Neutron] Shared network improvement (RFC)

2013-07-08 Thread Zang MingJie
of network domain sharing was out of its scope. Salvatore On 5 July 2013 16:11, Zang MingJie zealot0...@gmail.com wrote: Hi: Currently we are working on a problem of neutron network isolation and inter-communication. Currently neutron has private network and shared network

[openstack-dev] [Openstack-dev] [Neutron] Shared network improvement (RFC)

2013-07-05 Thread Zang MingJie
Hi: Currently we are working on a problem of neutron network isolation and inter-communication. Currently neutron has private network and shared network, but they are not flexible. The private network cannot access other network, and the shared network is fully open. To solve this problem, we