Re: [openstack-dev] [Neutron][LBaaS] Continuing on Calling driver interface on every API request

2014-08-11 Thread Samuel Bercovici
Hi, Validations such as timeout delay should be performed on the API level before it reaches the driver. For a configuration tree (lb, listeners, pools, etc.), there should be one provider. Having provider defined in multiple places does not make sense. -San. From: Vijay Venkatachalam

Re: [openstack-dev] [Neutron][LBaaS] Continuing on Calling driver interface on every API request

2014-08-11 Thread Samuel Bercovici
an interface change. If my bias is showing that I¹m not a fan of adding this complexity for that, I¹m not surprised. Thanks, doug On 8/11/14, 7:57 AM, Samuel Bercovici samu...@radware.com wrote: Hi, Validations such as ³timeout delay² should be performed on the API level before it reaches

Re: [openstack-dev] [Neutron][LBaaS] Proposal for model

2014-02-12 Thread Samuel Bercovici
Hi, We plan to address LBaaS in ceilometer for Juno. A blue print was registered https://blueprints.launchpad.net/neutron/+spec/lbaas-ceilometer-integration Please use the following google document to add include requirements and thoughts at:

Re: [openstack-dev] [Neutron][LBaaS] Proposal for model change - Layer 7 support

2014-02-12 Thread Samuel Bercovici
(in our case, haproxy). I suppose we could invent our own pseudo rule language-- but why bother when haproxy has already done this, eh? I'll take a look at the SSL stuff next, then the LoadBalancerInstance stuff... Thanks, Stephen On Tue, Feb 11, 2014 at 5:26 AM, Samuel Bercovici samu

Re: [openstack-dev] [Neutron][LBaaS] Proposal for model change - Layer 7 support

2014-02-12 Thread Samuel Bercovici
for model change - Layer 7 support Howdy, Sam! Thanks also for your speedy response. Comments / additional questions are in-line below: On Wed, Feb 12, 2014 at 2:51 AM, Samuel Bercovici samu...@radware.commailto:samu...@radware.com wrote: Sam We have reviewed this based on capabilities that we

Re: [openstack-dev] [Neutron][LBaaS] Proposal for model change - Logging configuration

2014-02-13 Thread Samuel Bercovici
Have modified the document access, let me know if you still have issues. From: Stephen Balukoff [mailto:sbaluk...@bluebox.net] Sent: Thursday, February 13, 2014 4:02 AM To: Samuel Bercovici Cc: OpenStack Development Mailing List (not for usage questions); rw3...@att.com; David Patterson; Eugene

Re: [openstack-dev] [Neutron][LBaaS] L7 - Update L7Policy

2014-02-17 Thread Samuel Bercovici
Hi, My concern is that if from some reason the driver implementer would like to reflect the name also in the backend device, than an update should also be calling the driver. Using readable names also makes sense on the back-end device. -Sam. From: Oleg Bondarev

Re: [openstack-dev] [Neutron][LBaaS] L7 - Update L7Policy

2014-02-18 Thread Samuel Bercovici
and the id. Thanks, Eugene. On Mon, Feb 17, 2014 at 1:57 PM, Samuel Bercovici samu...@radware.commailto:samu...@radware.com wrote: Hi, My concern is that if from some reason the driver implementer would like to reflect the name also in the backend device, than an update should also be calling

Re: [openstack-dev] [Neutron][LBaaS] Object Model discussion

2014-02-19 Thread Samuel Bercovici
to as their default pool. Regards, -Sam. From: Eugene Nikanorov [mailto:enikano...@mirantis.com] Sent: Tuesday, February 18, 2014 9:35 PM To: OpenStack Development Mailing List Cc: Youcef Laribi; Samuel Bercovici; sbaluk...@bluebox.net; Mark McClain; Salvatore Orlando Subject: [Neutron

Re: [openstack-dev] [Neutron][LBaaS] Object Model discussion

2014-02-24 Thread Samuel Bercovici
Hi, I also agree that the model should be pure logical. I think that the existing model is almost correct but the pool should be made pure logical. This means that the vip pool relationships needs also to become any to any. Eugene, has rightfully pointed that the current state management

Re: [openstack-dev] [Neutron][LBaaS] Object Model discussion

2014-02-26 Thread Samuel Bercovici
Bercovici Sent: Monday, February 24, 2014 7:36 PM To: OpenStack Development Mailing List (not for usage questions) Cc: Samuel Bercovici Subject: RE: [openstack-dev] [Neutron][LBaaS] Object Model discussion Hi, I also agree that the model should be pure logical. I think that the existing model is almost

Re: [openstack-dev] [Neutron][LBaaS] Object Model discussion

2014-02-27 Thread Samuel Bercovici
... -- $VIP-2 Youcef From: Eugene Nikanorov [mailto:enikano...@mirantis.commailto:enikano...@mirantis.com] Sent: Wednesday, February 26, 2014 1:26 PM To: Samuel Bercovici Cc: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] Object Model

Re: [openstack-dev] [Neutron][LBaaS] Object Model discussion

2014-02-27 Thread Samuel Bercovici
: Eugene Nikanorov [mailto:enikano...@mirantis.commailto:enikano...@mirantis.com] Sent: Wednesday, February 26, 2014 1:26 PM To: Samuel Bercovici Cc: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] Object Model discussion Hi Sam, I've looked

Re: [openstack-dev] [neutron] Significance of subnet_id for LBaaS Pool

2014-02-28 Thread Samuel Bercovici
Rabi, This is correct. The API does allow you to do so. -Sam. -Original Message- From: Rabi Mishra [mailto:ramis...@redhat.com] Sent: Wednesday, February 26, 2014 1:53 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [neutron]

Re: [openstack-dev] [Neutron] Flavor Framework

2014-03-03 Thread Samuel Bercovici
Hi, The discussion about advanced services and scheduling was primarily around choosing backbends based on capabilities. AFAIK, the Nova flavor specify capacity. So I think that using the term flavor might not match what is intended. A better word might be capability or group of capabilities.

Re: [openstack-dev] [Neutron][LBaaS] Object Model discussion

2014-03-05 Thread Samuel Bercovici
Hi, In https://docs.google.com/document/d/1D-1n8nCEFurYzvEBxIRfXfffnImcIPwWSctAG-NXonY/edit?usp=sharing referenced by the Wiki, I have added the section that address the items raised on the last irc meeting. Regards, -Sam. From: Samuel Bercovici Sent: Wednesday, February 26

Re: [openstack-dev] [LBaaS] API spec for SSL Support

2014-03-06 Thread Samuel Bercovici
Hi, The wiki is updated to reflect the APIs. Regards, -Sam. From: Palanisamy, Anand [mailto:apalanis...@paypal.com] Sent: Thursday, March 06, 2014 3:26 AM To: OpenStack Development Mailing List Subject: [openstack-dev] [LBaaS] API spec for SSL Support Hi All, Please let us

Re: [openstack-dev] [Neutron][LBaaS] Health monitoring and statistics for complex LB configurations.

2014-03-06 Thread Samuel Bercovici
Hi, As an example you can look at https://docs.google.com/document/d/1D-1n8nCEFurYzvEBxIRfXfffnImcIPwWSctAG-NXonY/edit?usp=sharing Under the “Logical Model + Provisioning Status + Operation Status + Statistics” there are some details on thoughts on how to implement this. Regards,

Re: [openstack-dev] [Neutron][LBaaS] Subteam meeting Thursday, 14-00 UTC

2014-03-12 Thread Samuel Bercovici
Hi Eugene, I am with Evgeny on a business trip so we will not be able to join this time. I have not seen any progress on the model side. Did I miss anything? Will look for the meeting summary Regards, -Sam. From: Eugene Nikanorov [mailto:enikano...@mirantis.com] Sent:

Re: [openstack-dev] [Neutron][LBaaS][FWaaS][VPN] Admin status vs operational status

2014-03-18 Thread Samuel Bercovici
Discussing some radical concepts... I also agree that there should be different attribute to reflect the administrator state, operation state and the provisioning state. This is already reflected in https://docs.google.com/document/d/1D-1n8nCEFurYzvEBxIRfXfffnImcIPwWSctAG-NXonY/edit?usp=sharing

Re: [openstack-dev] [Neutron][LBaaS] Requirements Wiki

2014-03-19 Thread Samuel Bercovici
+1 -Original Message- From: Ryan O'Hara [mailto:roh...@redhat.com] Sent: Wednesday, March 19, 2014 2:37 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] Requirements Wiki On Tue, Mar 18, 2014 at 10:57:15PM +, Jorge

[openstack-dev] [Neutron][LBaaS] Load balancing use cases and web ui screen captures

2014-04-06 Thread Samuel Bercovici
Per the last LBaaS meeting. 1. Please find a list of use cases. https://docs.google.com/document/d/1Ewl95yxAMq2fO0Z6Dz6fL-w2FScERQXQR1-mXuSINis/edit?usp=sharing a) Please review and see if you have additional ones for the project-user b) We can then chose 2-3 use cases to play

Re: [openstack-dev] [Neutron][LBaaS] Load balancing use cases and web ui screen captures

2014-04-07 Thread Samuel Bercovici
scalability. On 6 April 2014 07:51, Samuel Bercovici samu...@radware.com wrote: Per the last LBaaS meeting. 1. Please find a list of use cases. https://docs.google.com/document/d/1Ewl95yxAMq2fO0Z6Dz6fL-w2FScERQXQR1 -mXuSINis/edit?usp=sharing a) Please review and see if you have

Re: [openstack-dev] [Neutron][LBaaS] LBaaS plans for Icehouse

2013-10-23 Thread Samuel Bercovici
Hi, I assume you are proposing 8:00AM and not 8:00PM PDT. I will not be able to attend on this time. Better time for me is between 10:00AM PDT - 12:00AM PDT Thanks, -Sam. From: Eugene Nikanorov [mailto:enikano...@mirantis.com] Sent: Wednesday, October 23, 2013 11:51 AM To:

Re: [openstack-dev] [Neutron][LBaaS] LBaaS plans for Icehouse

2013-10-24 Thread Samuel Bercovici
Hi, Please find a summary of talks and discussion related to LBaaS for the summit at: https://docs.google.com/document/d/1Vjm57lh7PnXDelOy-VxsJkzc8QRiNN368sS11ePs_vA/edit?pli=1#heading=h.6doqijxd389j I have also added the list bellow to it. We can review in the meeting today. Regards,

Re: [openstack-dev] [Neutron][LBaaS] Object status and admin_state_up

2013-10-31 Thread Samuel Bercovici
Hi, I think that the current implementation is fine. This are two different aspects. The status describes whether the last a-sync activity is active or whether it is not. The admin status describes what the user wishes for the object status to be. Follows an example: If I update the VIP with

Re: [openstack-dev] [Neutron][LBaaS] Thursday meeting follow-up

2013-10-31 Thread Samuel Bercovici
Hi, I have created two document to discuss SSL termination and L7 Rules at: SSL termination : https://docs.google.com/document/d/1qnoJLD1txY5wnjx4k480AtEGCOEtkPMvTzxPo3_DPcs/edit?usp=sharing SSL BP: https://blueprints.launchpad.net/neutron/+spec/lbaas-ssl-termination L7 Rules:

Re: [openstack-dev] [Neutron][LBaaS] LBaaS subteam meeting Thursday, 14, at 14-00 UTC

2013-11-13 Thread Samuel Bercovici
Hi, I will not be able to join the meeting this time. For item 1. We are starting to work on SSL termination and L7 based routing. Regards, -Sam. On Nov 12, 2013, at 9:30 PM, Eugene Nikanorov enikano...@mirantis.commailto:enikano...@mirantis.com wrote: Hi folks, LBaaS subteam

Re: [openstack-dev] [Neutron][LBaaS] Loadbalancer instance design.

2013-11-18 Thread Samuel Bercovici
Eugene and Mark, We get interest in the current OpenStack LBaaS solution. Backward compatibility should be considered as part of any feature we add for icehouse. I think that the any such BP should first address the best way to implement the feature (as Eugene did) but then also solve the

Re: [openstack-dev] [Neutron][LBaaS] Loadbalancer instance design.

2013-11-18 Thread Samuel Bercovici
Hi, I think that in the Atlas/Libra model loadbalancer is used in a similar way as the VIP object in Neutron/LBaaS. Regards, -Sam. -Original Message- From: Andrew Hutchings [mailto:and...@linuxjedi.co.uk] Sent: Monday, November 18, 2013 5:23 PM To:

Re: [openstack-dev] [Neutron][LBaaS] SSL Termination write-up

2013-11-20 Thread Samuel Bercovici
...@citrix.com] Sent: Wednesday, November 20, 2013 8:06 AM To: Eugene Nikanorov Cc: Samuel Bercovici; Avishay Balderman; openstack-dev@lists.openstack.org Subject: RE: [openstack-dev] [Neutron][LBaaS] SSL Termination write-up Hi Eugene, The proposal is simple, create a separate resource

Re: [openstack-dev] [Neutron][LBaaS] SSL Termination write-up

2013-11-20 Thread Samuel Bercovici
Hi Stephen, When this was discussed in the past, customer were not happy about storing their SSL certificates in the OpenStack database as plain fields as they felt that this is not secured enough. Do you say, that you are OK with storing SSL certificates in the OpenStack database? -Sam.

Re: [openstack-dev] [Neutron][LBaaS] SSL Termination write-up

2013-11-20 Thread Samuel Bercovici
: [openstack-dev] [Neutron][LBaaS] SSL Termination write-up Hi, On Wed, 2013-11-20 at 08:24 +, Samuel Bercovici wrote: Hi, Evgeny has outlined the wiki for the proposed change at: https://wiki.openstack.org/wiki/Neutron/LBaaS/SSL which is in line with what was discussed during

Re: [openstack-dev] [Neutron][LBaaS] Vote required for certificate as first-class citizen - SSL Termination (Revised)

2013-12-03 Thread Samuel Bercovici
questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] SSL Termination write-up Hi, On Wed, 2013-11-20 at 08:24 +, Samuel Bercovici wrote: Hi, Evgeny has outlined the wiki for the proposed change at: https://wiki.openstack.org/wiki/Neutron/LBaaS/SSL which is in line

Re: [openstack-dev] [Neutron][LBaaS] Vendor feedback needed

2013-12-04 Thread Samuel Bercovici
Hi Eugene, We currently support out-of-the-box VIP and Nodes on the same network. The VIP can be associated with a floating IP if need to access from the external network. We are considering other options but will address as we get to this. Regards, -Sam. From: Eugene

Re: [openstack-dev] [Neutron][LBaaS] Vote required for certificate as first-class citizen - SSL Termination (Revised)

2013-12-05 Thread Samuel Bercovici
Hi Stephen, To make sure I understand, which model is fine Basic/Simple or New. Thanks, -Sam. -Original Message- From: Stephen Gran [mailto:stephen.g...@theguardian.com] Sent: Thursday, December 05, 2013 8:22 AM To: openstack-dev@lists.openstack.org Subject: Re:

Re: [openstack-dev] [Neutron][LBaaS] Vote required for certificate as first-class citizen - SSL Termination (Revised)

2013-12-05 Thread Samuel Bercovici
for now will do most of what I think people want to do with SSL termination. Cheers, On 05/12/13 09:57, Samuel Bercovici wrote: Hi Stephen, To make sure I understand, which model is fine Basic/Simple or New. Thanks, -Sam. -Original Message- From: Stephen Gran

Re: [openstack-dev] [Neutron][LBaaS] TLS support RST document on Gerrit

2014-06-18 Thread Samuel Bercovici
container in case its not their it can be used. On Jun 10, 2014, at 12:47 PM, Samuel Bercovici samu...@radware.commailto:samu...@radware.com wrote: To elaborate on the case where containers get deleted while LBaaS still references it. We think that the following approach will do

[openstack-dev] [Neutron][LBaaS] Analyzing the critical path

2014-07-02 Thread Samuel Bercovici
To reiterate the Juno release plan from: https://wiki.openstack.org/wiki/Juno_Release_Schedule Feature freeze is at: 21st August. I am listing tasks which we should consider to be done for Juno and who should handle them. The following might be considered as critical path to get anything for

Re: [openstack-dev] [Neutron][LBaaS] Status of entities that do not exist in a driver backend

2014-07-07 Thread Samuel Bercovici
Hi, For logical objects that were deleted but the backend did not execute on, there is a PENDING_DELETE state. So currently there is PENDING_CREATE -- CREATE, PENDING_UPDATE--UPDATE and PENDING_DELETE--object is removed from the database. If an error occurred that the object is in ERROR state.

Re: [openstack-dev] [Neutron][LBaaS] Shim vs Agent Refactor

2014-07-10 Thread Samuel Bercovici
This is also my understanding. From: Stephen Balukoff [mailto:sbaluk...@bluebox.net] Sent: Thursday, July 10, 2014 6:30 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] Shim vs Agent Refactor Per the IRC discussion this morning, I

Re: [openstack-dev] [Neutron][LBaaS] Shim vs Agent Refactor

2014-07-10 Thread Samuel Bercovici
in parallel if we had extra resources. This shim will have odd corner cases (a second listener on a vip, e.g.), which will chuck errors. The ref haproxy driver is highest priority, and thus the v2 agent, as lbaas v2 goes nowhere without it. Doug From: Samuel Bercovici samu...@radware.commailto:samu

Re: [openstack-dev] [Neutron][LBaaS] Shim vs Agent Refactor

2014-07-10 Thread Samuel Bercovici
without the agent, if so could you explain how? Thanks, Dustin Lundquist On Thursday, July 10, 2014, Samuel Bercovici samu...@radware.commailto:samu...@radware.com wrote: New/updated v2 driver could be done without an agent (same as was possible in v1). From: Doug Wiegley [mailto:do

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - SNI - Extracting SubjectCommonName and/or SubjectAlternativeNames from X509

2014-07-15 Thread Samuel Bercovici
Hi, I think that the discussion have asked that obtaining information out of the x509 via the SAN field will not be defined as mandatory. For example Radware's backend extracts this information from the x509 in the (virtual) device itself, specifying dns values different than what exists in

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - SNI - Extracting SubjectCommonName and/or SubjectAlternativeNames from X509

2014-07-16 Thread Samuel Bercovici
to treat SANs differently then we're both breaking the standard and setting a bad precedent. Stephen On Tue, Jul 15, 2014 at 9:35 AM, Carlos Garza carlos.ga...@rackspace.commailto:carlos.ga...@rackspace.com wrote: On Jul 15, 2014, at 10:55 AM, Samuel Bercovici samu...@radware.commailto:samu

Re: [openstack-dev] [Neutron][LBaaS] Milestone and Due Dates

2014-07-20 Thread Samuel Bercovici
Hi, Please note that if the following will not get approved this week they will not be done in Juno which is a pity considering their almost final state. https://review.openstack.org/#/c/98640/ - TLS termination https://review.openstack.org/#/c/99709/ - L7 Content Switching Please see if there

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - certificates data persistency

2014-07-22 Thread Samuel Bercovici
Stephen, This will increase the complexity of the code since it will add managing the cache lifecycle in tandem with the barbican back end and the fact that containers may be shared by multiple listeners. At this stage, I think that it serves us all to keep the code at this stage as small and

Re: [openstack-dev] [Neutron][LBaaS] Load balancing use cases and web ui screen captures

2014-04-09 Thread Samuel Bercovici
considered? On 7 April 2014 05:27, Samuel Bercovici samu...@radware.commailto:samu...@radware.com wrote: Please elaborate, do you mean that the nodes could be on different zones/cells or something else? -Original Message- From: Alun Champion [mailto:p...@achampion.netmailto:p

[openstack-dev] [Neutron][LBaaS]Clarification in regards to https://docs.google.com/a/mirantis.com/spreadsheet/ccc?key=0Ar1FuMFYRhgadDVXZ25NM2NfbGtLTkR0TDFNUWJQUWc#gid=1

2014-04-09 Thread Samuel Bercovici
Hi, I have looked at https://docs.google.com/a/mirantis.com/spreadsheet/ccc?key=0Ar1FuMFYRhgadDVXZ25NM2NfbGtLTkR0TDFNUWJQUWc#gid=1 and have a few questions: 1. Monitoring Tab: a. Are there users that use load balancing who do not monitor members? Can you share the use cases where

[openstack-dev] [Neutron][LBaaS] Use cases document

2014-04-22 Thread Samuel Bercovici
Hi, I have seen a few addition to https://docs.google.com/document/d/1Ewl95yxAMq2fO0Z6Dz6fL-w2FScERQXQR1-mXuSINis/edit?pli=1 I think that it would make sense to keep this document with uses cases that were discussed in ML. A use case that I have seen and is missing is related to availability

Re: [openstack-dev] [Neutron][LBaaS] SSL re-encryption scenario question

2014-04-22 Thread Samuel Bercovici
Hi, The work on SSL termination has started and is very near completion. the blue print is in https://blueprints.launchpad.net/neutron/+spec/lbaas-ssl-termination and wiki is in https://wiki.openstack.org/wiki/Neutron/LBaaS/SSL Do you see anything missing there? Regards, -Sam.

Re: [openstack-dev] [Neutron][LBaaS] Use cases document

2014-04-24 Thread Samuel Bercovici
on the API revision proposal, and I'd like to get them recorded and / or discussed.) Stephen On Tue, Apr 22, 2014 at 1:26 AM, Samuel Bercovici samu...@radware.commailto:samu...@radware.com wrote: Hi, I have seen a few addition to https://docs.google.com/document/d/1Ewl95yxAMq2fO0Z6Dz6fL

Re: [openstack-dev] [Neutron][LBaaS]SSL and L7 conent switching APIs

2014-04-27 Thread Samuel Bercovici
Hi, The work to design the APIs concerning L7 content switching and SSL termination has started a bit before the Icehouse summit, it involved the ML in a very active fashion. The ML was silent on this because we have completed the discussion and moved to implementation. We got to a very

Re: [openstack-dev] [Neutron][LBaaS] BBG edit of new API proposal

2014-04-28 Thread Samuel Bercovici
Hi, I was just working to push the use cases into the new format .rst but I agree that using google doc would be more intuitive. Let me know what you prefer to do with the use cases document: 1. leave it at google docs at -

Re: [openstack-dev] [Neutron][LBaaS] BBG edit of new API proposal

2014-04-29 Thread Samuel Bercovici
let's move them to gerrit so we can all vote. Echoing Kyle I would love to see us focusing on getting things ready for the summit. German -Original Message- From: Samuel Bercovici [mailto:samu...@radware.com] Sent: Monday, April 28, 2014 11:44 AM To: OpenStack Development Mailing

Re: [openstack-dev] [Neutron][LBaaS]L7 conent switching APIs

2014-04-30 Thread Samuel Bercovici
have an ordered list of L7 Rules, L7 Rules are processed by this order and also form an ‘or’ condition. Regards, -Avishay, Evgeny and Sam From: Samuel Bercovici [mailto:samu...@radware.com] Sent: Sunday, April 27, 2014 1:53 PM To: OpenStack Development Mailing List

Re: [openstack-dev] [Neutron][LBaaS] BBG edit of new API proposal

2014-04-30 Thread Samuel Bercovici
for the summit. German -Original Message- From: Samuel Bercovici [mailto:samu...@radware.com] Sent: Monday, April 28, 2014 11:44 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] BBG edit of new API proposal Hi, I was just

Re: [openstack-dev] [Neutron][LBaaS] Use Case Question

2014-04-30 Thread Samuel Bercovici
Hi, As stated, this could either be handled by SSL session ID persistency or by SSL termination and using cookie based persistency options. If there is no need to inspect the content hence to terminate the SSL connection on the load balancer for this sake, than using SSL session ID based

[openstack-dev] [Neutron][LBaaS]Conforming to Open Stack API style in LBaaS

2014-04-30 Thread Samuel Bercovici
Hi Everyone, During the last few days I have looked into the different LBaaS API proposals. I have also looked on the API style used in Neutron. I wanted to see how Neutron APIs addressed tree like object models. Follows my observation: 1. Security groups -

[openstack-dev] [Neutron][LBaaS]User Stories and sruvey

2014-05-01 Thread Samuel Bercovici
Hi Everyone! To assist in evaluating the use cases that matter and since we now have ~45 use cases, I would like to propose to conduct a survey using something like surveymonkey. The idea is to have a non-anonymous survey listing the use cases and ask you identify and vote. Then we will

Re: [openstack-dev] [Neutron] [LBaaS][VPN][Barbican] SSL cert implementation for LBaaS and VPN

2014-05-01 Thread Samuel Bercovici
Hi Vijay, I have looked at the Barbican APIs – https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface I was no able to see a “native” API that will accept an SSL certificate (private key, public key, CSR, etc.) and will store it. We can either store the whole certificate

Re: [openstack-dev] [Neutron][LBaaS] Use-Cases with VPNs Distinction

2014-05-02 Thread Samuel Bercovici
I think that associating a VIP subnet and list of member subnets is a good choice. This is declaratively saying to where is the configuration expecting layer 2 proximity. The minimal would be the VIP subnet which in essence means the VIP and members are expected on the same subnet. Any member

Re: [openstack-dev] [Neutron][LBaaS]L7 conent switching APIs

2014-05-02 Thread Samuel Bercovici
in-line: On Wed, Apr 30, 2014 at 6:10 AM, Samuel Bercovici samu...@radware.commailto:samu...@radware.com wrote: Hi, We have compared the API the is in the blue print to the one described in Stephen documents. Follows the differences we have found: 1) L7PolicyVipAssoc is gone, this means

Re: [openstack-dev] [Neutron][LBaaS]L7 conent switching APIs

2014-05-05 Thread Samuel Bercovici
:59 AM, Samuel Bercovici samu...@radware.commailto:samu...@radware.com wrote: Adam, you are correct to show why order matters in policies. It is a good point to consider AND between rules. If you really want to OR rules you can use different policies. Stephen, the need for order contradicts using

Re: [openstack-dev] [Neutron][LBaaS]User Stories and sruvey

2014-05-05 Thread Samuel Bercovici
facing use cases and hope to send it to ML ASAP. Regards, -Sam. From: Samuel Bercovici Sent: Thursday, May 01, 2014 8:40 PM To: OpenStack Development Mailing List (not for usage questions) Cc: Samuel Bercovici Subject: [openstack-dev] [Neutron][LBaaS]User Stories and sruvey Hi

Re: [openstack-dev] [Neutron][LBaaS]User Stories and sruvey

2014-05-06 Thread Samuel Bercovici
this week so we can have enough information to base decisions next week. Regards, -Sam. From: Samuel Bercovici Sent: Monday, May 05, 2014 4:52 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS]User Stories and sruvey Hi, I

Re: [openstack-dev] [Neutron][LBaaS]User Stories and sruvey

2014-05-07 Thread Samuel Bercovici
The survey is not anonymous and I plan to publish it with its raw data we can then discuss how to interpret. Each use case has an accompanying text field so that you can add any comments you wish. At least I did add comments to most use cases when I responded :-) -Sam. -Original

Re: [openstack-dev] [Neutron][LBaaS]User Stories and sruvey

2014-05-07 Thread Samuel Bercovici
! Cheers, --Jorge From: Samuel Bercovici samu...@radware.commailto:samu...@radware.com Reply-To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org Date: Tuesday, May 6, 2014 2:56 AM To: OpenStack Development Mailing

Re: [openstack-dev] [Neutron][LBaaS][FWaaS][VPNaaS] Advanced Services (particularly LBaaS) and Neutron

2014-05-07 Thread Samuel Bercovici
Hi, I have added to https://etherpad.openstack.org/p/AdvancedServices_and_Neutron a note recalling two technical challenges that do not exists when LBaaS runs as a Neutron extension. -Sam. From: Susanne Balle [mailto:sleipnir...@gmail.com] Sent: Wednesday, May 07, 2014 2:45 PM To: OpenStack

Re: [openstack-dev] [Neutron] [LBaaS][VPN][Barbican] SSL cert implementation for LBaaS and VPN

2014-05-07 Thread Samuel Bercovici
coding in earnest for Juno. The Container resource is intended to capture/store the final certificate details. Thanks, John From: Samuel Bercovici [samu...@radware.com] Sent: Thursday, May 01, 2014 12:50 PM To: OpenStack Development Mailing List (not for usage

Re: [openstack-dev] [Neutron][LBaaS]User Stories and sruvey

2014-05-07 Thread Samuel Bercovici
6 people have completed the survey so far. From: Samuel Bercovici Sent: Tuesday, May 06, 2014 10:56 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS]User Stories and sruvey Hi Everyone, The survey is now live via: http://eSurv.org

Re: [openstack-dev] [Neutron] [LBaaS][VPN][Barbican] SSL cert implementation for LBaaS and VPN

2014-05-08 Thread Samuel Bercovici
) Subject: Re: [openstack-dev] [Neutron] [LBaaS][VPN][Barbican] SSL cert implementation for LBaaS and VPN On May 7, 2014, at 10:53 AM, Samuel Bercovici samu...@radware.commailto:samu...@radware.com wrote: Hi John, If the user already has an SSL certificate that was acquired outside

Re: [openstack-dev] [Neutron][LBaaS] Multiple VIPs per loadbalancer

2014-05-09 Thread Samuel Bercovici
Brandon, Can you please provide statistics on the distribution between the relationships between load balancer and VIPs in your environment? -Sam. -Original Message- From: Brandon Logan [mailto:brandon.lo...@rackspace.com] Sent: Friday, May 09, 2014 6:40 PM To:

Re: [openstack-dev] [Neutron][LBaaS] API proposal review thoughts

2014-05-09 Thread Samuel Bercovici
It boils down to two aspects: 1. How common is it for tenant to care about affinity or have more than a single VIP used in a way that adding an additional (mandatory) construct makes sense for them to handle? For example if 99% of users do not care about affinity or will only use a

Re: [openstack-dev] [Neutron][LBaaS] Meetup?

2014-05-12 Thread Samuel Bercovici
During our brief meeting today, we tentatively scheduled to meet today at 5:30 PM. Is this still on? Where should we meet? Regards, -Sam. On May 12, 2014, at 1:10 PM, Adam Harwell adam.harw...@rackspace.commailto:adam.harw...@rackspace.com wrote: Some of us are at a table

Re: [openstack-dev] [Neutron][LBaaS]User Stories and sruvey

2014-05-14 Thread Samuel Bercovici
: Sam, That deadline seems reasonable to me. I should have time later today or later this weekend to fill it out. Thanks, Stephen On Fri, May 9, 2014 at 9:21 AM, Samuel Bercovici samu...@radware.commailto:samu...@radware.com wrote: Hi, 9 people have filled the survey so far. See attached pdf

Re: [openstack-dev] [Neutron][LBaaS]LBaaS 1st Session etherpad

2014-05-14 Thread Samuel Bercovici
Hi Everyone, https://etherpad.openstack.org/p/juno-lbaas-design-session Feel free to modify and update, please make sure you use your name so we will know who have added the modification. Regards, -Sam. ___ OpenStack-dev mailing list

Re: [openstack-dev] [Neutron][LBaaS]LBaaS 1st Session etherpad

2014-05-14 Thread Samuel Bercovici
(not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS]LBaaS 1st Session etherpad Hi, I see the following statement in the doc. multiple loadbalancers may referenece the same listener Does this mean listeners are independent of loadbalancer? Thanks, Vijay V. From: Samuel Bercovici

Re: [openstack-dev] [Neutron][LBaaS]LBaaS 2nd Session etherpad

2014-05-15 Thread Samuel Bercovici
Hi Everyone, https://etherpad.openstack.org/p/neutron-lbaas-ssl-l7 Feel free to modify and update, please make sure you use your name so we will know who have added the modification. Regards, -Sam. ___ OpenStack-dev mailing list

Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication

2014-05-28 Thread Samuel Bercovici
This very good news. Please point to the code review in gerrit. -Sam. -Original Message- From: Eichberger, German [mailto:german.eichber...@hp.com] Sent: Saturday, May 24, 2014 12:54 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev]

Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication

2014-05-29 Thread Samuel Bercovici
+1 to Carlos. In addition, there should be possible for LBaaS (It might only be just the LBaaS drivers) to get the information including the private key back so that the backend can use it. This means that a trusted communication channel between the driver and Barbican needs to be established

[openstack-dev] [Neutron][LBaaS] dealing with M:N relashionships for Pools and Listeners

2014-05-29 Thread Samuel Bercovici
Before solving everything, I would like first to itemize the things we should solve/consider. So pleas focus first on what is it that we need to pay attention for and less on how to solve such issues. Follows the list of items: · Provisioning status/state o Should it only be on the

Re: [openstack-dev] Your suggestions in the BP

2014-06-01 Thread Samuel Bercovici
of old code with old drivers until new code with new drivers can take its place. Regards, -Sam. -Original Message- From: Brandon Logan [mailto:brandon.lo...@rackspace.com] Sent: Friday, May 30, 2014 6:38 PM To: Samuel Bercovici Subject: Your suggestions in the BP Hi Sam! Thanks

[openstack-dev] [Neutron][LBaaS] object model migration discussion

2014-06-01 Thread Samuel Bercovici
-Original Message- From: Samuel Bercovici Sent: Sunday, June 01, 2014 10:19 AM To: 'Brandon Logan'; OpenStack Development Mailing List (not for usage questions); Eugene Nikanorov (enikano...@mirantis.com) Subject: RE: Your suggestions in the BP Hi Brandon Eugene and Everyone, Eugene

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Samuel Bercovici
Hi, I think that option 2 should be preferred at this stage. I also think that certificate should be immutable, if you want a new one, create a new one and update the listener to use it. This removes any chance of mistakes, need for versioning etc. -Sam. -Original Message- From: Jorge

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Samuel Bercovici
: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas +1 for the idea of making certificate immutable. However, if Barbican allows updating certs/containers then versioning is a must. Thanks, Vivek On 6/8/14, 11:48 PM, Samuel Bercovici samu...@radware.com wrote: Hi

Re: [openstack-dev] [neutron][lbaas] rescheduling meeting

2014-11-05 Thread Samuel Bercovici
For us in Israel, the earlier the better. The current meeting time is very good for us, although I understand it too early for some. -Sam. From: Gregory Lebovitz [mailto:gregory.i...@gmail.com] Sent: Wednesday, November 05, 2014 1:10 PM To: OpenStack Development Mailing List (not for usage

[openstack-dev] [neutron][lbaas] Shared Objects in LBaaS - Use Cases that led us to adopt this.

2014-11-20 Thread Samuel Bercovici
Hi, Per discussion I had at OpenStack Summit/Paris with Brandon and Doug, I would like to remind everyone why we choose to follow a model where pools and listeners are shared (many to many relationships). Use Cases: 1. The same application is being exposed via different LB objects. For

Re: [openstack-dev] [neutron][lbaas] Shared Objects in LBaaS - Use Cases that led us to adopt this.

2014-11-22 Thread Samuel Bercovici
: Implementing 1:1 initially is a good idea to get us rolling. Whether we then implement 1:N or M:N after that is another question entirely. But in any case, it seems like a bad idea to try to start with M:N. Stephen On Thu, Nov 20, 2014 at 4:52 AM, Samuel Bercovici samu...@radware.commailto:samu

Re: [openstack-dev] [neutron][lbaas] Shared Objects in LBaaS - Use Cases that led us to adopt this.

2014-11-27 Thread Samuel Bercovici
, having the same L7Policy pointing at the same pool is OK, so I personally don't have a problem allowing sharing of objects within the scope of parent objects. What do the rest of y'all think? Stephen On Sat, Nov 22, 2014 at 11:06 PM, Samuel Bercovici samu...@radware.com wrote

Re: [openstack-dev] [neutron][lbaas] Shared Objects in LBaaS - Use Cases that led us to adopt this.

2014-11-27 Thread Samuel Bercovici
the same L7Policy pointing at the same pool is OK, so I personally don't have a problem allowing sharing of objects within the scope of parent objects. What do the rest of y'all think? Stephen On Sat, Nov 22, 2014 at 11:06 PM, Samuel Bercovici samu...@radware.com wrote: Hi

Re: [openstack-dev] [Quantum][LBaaS] Feedback needed: Healthmonitor workflow.

2013-06-20 Thread Samuel Bercovici
the change back. -Sam. From: Eugene Nikanorov [mailto:enikano...@mirantis.com] Sent: Thursday, June 20, 2013 3:10 PM To: OpenStack Development Mailing List Cc: Avishay Balderman; Samuel Bercovici Subject: [Quantum][LBaaS] Feedback needed: Healthmonitor workflow. Hi community, Here's a question

Re: [openstack-dev] [Neutron] Chalenges with highly available service VMs - port adn security group options.

2013-07-19 Thread Samuel Bercovici
Hi, I have completely missed this discussion as it does not have quantum/Neutron in the subject (modify it now) I think that the security group is the right place to control this. I think that this might be only allowed to admins. Let me explain what we need which is more than just disable

Re: [openstack-dev] [Neutron] Chalenges with highly available service VMs - port adn security group options.

2013-07-19 Thread Samuel Bercovici
Adding the original people conversing on this subject to this mail. Regards, -Sam. On Jul 19, 2013, at 11:57 AM, Samuel Bercovici samu...@radware.commailto:samu...@radware.com wrote: Hi, I have completely missed this discussion as it does not have quantum/Neutron in the subject

Re: [openstack-dev] [Neutron] Chalenges with highly available service VMs - port adn security group options.

2013-07-25 Thread Samuel Bercovici
(iptables_rules) From: Aaron Rosen [mailto:aro...@nicira.com] Sent: Wednesday, July 24, 2013 11:58 PM To: Samuel Bercovici Cc: OpenStack Development Mailing List; sorla...@nicira.com; Avishay Balderman; gary.kot...@gmail.com Subject: Re: [openstack-dev] [Neutron] Chalenges with highly available

Re: [openstack-dev] [Neutron]Connecting a VM from one tenant to a non-shared network in another tenant

2013-07-31 Thread Samuel Bercovici
, and allowing admin users to create ports on any network - I don't think this would constitute a potential vulnerability, as in neutron is someone's manages to impersonate an admin user, he/she can make much more damage. Salvatore On 31 July 2013 16:11, Samuel Bercovici samu...@radware.commailto:samu

Re: [openstack-dev] [Neutron]Connecting a VM from one tenant to a non-shared network in another tenant

2013-08-01 Thread Samuel Bercovici
removing the filter of tenant_id + the pathc bellow, I get the behavior that as admin, I can createVMs connected to another tenants private network but as non-admin I am not able to do so. Regards, -Sam. From: Samuel Bercovici Sent: Wednesday, July 31, 2013 7:32 PM To: OpenStack

Re: [openstack-dev] [Nova]Connecting a VM from one tenant to a non-shared network in another tenant

2013-09-16 Thread Samuel Bercovici
one tenant to a non-shared network in another tenant Hi I have opened two bugs that are related to the topic below: https://bugs.launchpad.net/neutron/+bug/1221315 https://bugs.launchpad.net/nova/+bug/1221320 Thanks Avishay From: Samuel Bercovici Sent: Wednesday, August 07, 2013 1:05 PM

Re: [openstack-dev] [Neutron] PTL Candidacy

2013-09-22 Thread Samuel Bercovici
Hi, Although not a voting member, I would like to thank Mark for a phenomenal job on Neutron and LBaaS and would like to see him continue to lead Neutron forward. Regards, -Sam. -Original Message- From: Mark McClain [mailto:mark.mccl...@dreamhost.com] Sent: Friday, September

Re: [openstack-dev] [neutron][lbaas] Shared Objects in LBaaS - Use Cases that led us to adopt this.

2014-12-07 Thread Samuel Bercovici
can get quite large. I hope this makes sense because my brain is ready to explode. Thanks, Brandon On Thu, 2014-11-27 at 08:52 +, Samuel Bercovici wrote: Brandon, can you please explain further (1) bellow? -Original Message- From: Brandon Logan [mailto:brandon.lo

  1   2   >