Re: [openstack-dev] [neutron] Implement NAPT in neutron (https://blueprints.launchpad.net/neutron/+spec/neutron-napt-api)
Hi! From a operator point of view, I think that it would be nice to give to the FWaaS (IPv4 flavor), the ability to manage the tenant's NAT table, not only the filter table, as it is today. If fact, I don't know if it is out of the scope of FWaaS or not, it is just an idea I had. Because right now, I need to create the so called NAT Instance, with a Floating IPv4 attached to it, with a DNAT rule for each internal service that I need to open to the Internet... It is terrible BTW but, it is the IPv4-thinking... (Can't wait for IPv6 in IceHouse to kiss NAT goodbye!)... Today, each tenant must have at least, two valid IPs (v4), one for the router's gateway and another to the NAT Instance (because FWaaS (or something else) doesn't handle the Tenant Router/Namespace NAT table). So, if the Tenant can manage its own Firewall-IPv4-NAT table, there at its own Namespace Router, then, each will require only 1 valid Floating IPv4, the one that come when he connects its router, with the External Network (from allocation pool anyway)... Less waste of valid IPv4. Regards, Thiago On 8 January 2014 13:36, Dong Liu willowd...@gmail.com wrote: 在 2014年1月8日,20:24,Nir Yechiel nyech...@redhat.com 写道: Hi Dong, Can you please clarify this blueprint? Currently in Neutron, If an instance has a floating IP, then that will be used for both inbound and outbound traffic. If an instance does not have a floating IP, it can make connections out using the gateway IP (SNAT using PAT/NAT Overload). Does the idea in this blueprint is to implement PAT on both directions using only the gateway IP? Also, did you see this one [1]? Thanks, Nir [1] https://blueprints.launchpad.net/neutron/+spec/router-port-forwarding I think my idea is duplicated with this one. https://blueprints.launchpad.net/neutron/+spec/access-vms-via-port-mapping Sorry for missing this. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Implement NAPT in neutron (https://blueprints.launchpad.net/neutron/+spec/neutron-napt-api)
- Original Message - From: Dong Liu willowd...@gmail.com To: Nir Yechiel nyech...@redhat.com Cc: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Sent: Wednesday, January 8, 2014 5:36:14 PM Subject: Re: [neutron] Implement NAPT in neutron (https://blueprints.launchpad.net/neutron/+spec/neutron-napt-api) 在 2014年1月8日,20:24,Nir Yechiel nyech...@redhat.com 写道: Hi Dong, Can you please clarify this blueprint? Currently in Neutron, If an instance has a floating IP, then that will be used for both inbound and outbound traffic. If an instance does not have a floating IP, it can make connections out using the gateway IP (SNAT using PAT/NAT Overload). Does the idea in this blueprint is to implement PAT on both directions using only the gateway IP? Also, did you see this one [1]? Thanks, Nir [1] https://blueprints.launchpad.net/neutron/+spec/router-port-forwarding I think my ide a is duplicated with this one. https://blueprints.launchpad.net/neutron/+spec/access-vms-via-port-mapping Sorry for missing this. [Nir] Thanks, I wasn't familiar with this one. So is there a difference between those three? https://blueprints.launchpad.net/neutron/+spec/router-port-forwarding https://blueprints.launchpad.net/neutron/+spec/access-vms-via-port-mapping https://blueprints.launchpad.net/neutron/+spec/neutron-napt-api Looks like all of them are trying to solve the same challenge using the public gateway IP and PAT. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [neutron] Implement NAPT in neutron (https://blueprints.launchpad.net/neutron/+spec/neutron-napt-api)
I think that these two BP is to achieve same function,it is very necessary to implement this function! https://blueprints.launchpad.net/neutron/+spec/router-port-forwarding https://blueprints.launchpad.net/neutron/+spec/neutron-napt-api At 2014-01-09 16:56:20,Nir Yechiel nyech...@redhat.com wrote: From: Dong Liu willowd...@gmail.com To: Nir Yechiel nyech...@redhat.com Cc: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Sent: Wednesday, January 8, 2014 5:36:14 PM Subject: Re: [neutron] Implement NAPT in neutron (https://blueprints.launchpad.net/neutron/+spec/neutron-napt-api) 在 2014年1月8日,20:24,Nir Yechiel nyech...@redhat.com 写道: Hi Dong, Can you please clarify this blueprint? Currently in Neutron, If an instance has a floating IP, then that will be used for both inbound and outbound traffic. If an instance does not have a floating IP, it can make connections out using the gateway IP (SNAT using PAT/NAT Overload). Does the idea in this blueprint is to implement PAT on both directions using only the gateway IP? Also, did you see this one [1]? Thanks, Nir [1] https://blueprints.launchpad.net/neutron/+spec/router-port-forwarding I think my idea is duplicated with this one. https://blueprints.launchpad.net/neutron/+spec/access-vms-via-port-mapping Sorry for missing this. [Nir] Thanks, I wasn't familiar with this one. So is there a difference between those three? https://blueprints.launchpad.net/neutron/+spec/router-port-forwarding https://blueprints.launchpad.net/neutron/+spec/access-vms-via-port-mapping https://blueprints.launchpad.net/neutron/+spec/neutron-napt-api Looks like all of them are trying to solve the same challenge using the public gateway IP and PAT. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [neutron] Implement NAPT in neutron (https://blueprints.launchpad.net/neutron/+spec/neutron-napt-api)
Hi Dong, Can you please clarify this blueprint? Currently in Neutron, If an instance has a floating IP, then that will be used for both inbound and outbound traffic. If an instance does not have a floating IP, it can make connections out using the gateway IP (SNAT using PAT/NAT Overload). Does the idea in this blueprint is to implement PAT on both directions using only the gateway IP? Also, did you see this one [1]? Thanks, Nir [1] https://blueprints.launchpad.net/neutron/+spec/router-port-forwarding ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Implement NAPT in neutron (https://blueprints.launchpad.net/neutron/+spec/neutron-napt-api)
在 2014年1月8日,20:24,Nir Yechiel nyech...@redhat.com 写道: Hi Dong, Can you please clarify this blueprint? Currently in Neutron, If an instance has a floating IP, then that will be used for both inbound and outbound traffic. If an instance does not have a floating IP, it can make connections out using the gateway IP (SNAT using PAT/NAT Overload). Does the idea in this blueprint is to implement PAT on both directions using only the gateway IP? Also, did you see this one [1]? Thanks, Nir [1] https://blueprints.launchpad.net/neutron/+spec/router-port-forwarding I think my idea is duplicated with this one. https://blueprints.launchpad.net/neutron/+spec/access-vms-via-port-mapping Sorry for missing this.___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
