Re: [Openstack-operators] [Openstack] Reaching VXLAN tenant networks from outside (without floating IPs)

[Gustavo Randich]

Thanks Mike, works OK! Simple IP routing :)


On Thu, Jun 30, 2016 at 5:17 PM, Gustavo Randich 
wrote:

> Thank you, I'll test this approach and see...
>
>
>
> On Thu, Jun 30, 2016 at 3:04 PM, Rick Jones  wrote:
>
>> On 06/30/2016 10:32 AM, Mike Spreitzer wrote:
>>
>>> No, those routers are routers.  If one of them gets a packet, the router
>>> will forward the packet as usual for a router.
>>>
>> >
>>
>>> You might think they don't handle connections into tenant networks, but
>>> that might be because nothing is trying to use them as routers for the
>>> tenant networks.  That's a question about the routing tables in the rest
>>> of your environment.
>>>
>>> If the client has a route to a Neutron tenant network that goes through
>>> a Neutron router, the client is able to connect to a server on the
>>> Neutron tenant network.
>>>
>>> The normal configuration for routers on the internet is to not forward
>>> traffic to the RFC 1918 addresses.  I do not recall how the Neutron
>>> routers handle packets addressed to those addresses from sources on the
>>> "outside".
>>>
>>
>> For what it is worth, a quick test with some Mitaka-based bits, using
>> 192.168.123.0/24 as the private network and ping suggests the neutron
>> routers will be willing to forward the traffic just fine.
>>
>> That would be better than trying to do the same thing with instances as I
>> proposed before.
>>
>> happy benchmarking,
>>
>> rick jones
>>
>>
>>
>>
>>
>
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] [Openstack] Reaching VXLAN tenant networks from outside (without floating IPs)

[Gustavo Randich]

Thank you, I'll test this approach and see...



On Thu, Jun 30, 2016 at 3:04 PM, Rick Jones  wrote:

> On 06/30/2016 10:32 AM, Mike Spreitzer wrote:
>
>> No, those routers are routers.  If one of them gets a packet, the router
>> will forward the packet as usual for a router.
>>
> >
>
>> You might think they don't handle connections into tenant networks, but
>> that might be because nothing is trying to use them as routers for the
>> tenant networks.  That's a question about the routing tables in the rest
>> of your environment.
>>
>> If the client has a route to a Neutron tenant network that goes through
>> a Neutron router, the client is able to connect to a server on the
>> Neutron tenant network.
>>
>> The normal configuration for routers on the internet is to not forward
>> traffic to the RFC 1918 addresses.  I do not recall how the Neutron
>> routers handle packets addressed to those addresses from sources on the
>> "outside".
>>
>
> For what it is worth, a quick test with some Mitaka-based bits, using
> 192.168.123.0/24 as the private network and ping suggests the neutron
> routers will be willing to forward the traffic just fine.
>
> That would be better than trying to do the same thing with instances as I
> proposed before.
>
> happy benchmarking,
>
> rick jones
>
>
>
>
>
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] [User-committee] Seeking feedback: Active User Contributor (AUC) eligibility requirements

[Shamail Tahir]

On Thu, Jun 30, 2016 at 2:59 PM, Jonathan D. Proulx 
wrote:

>
> I'm surprised this hasn't generated more feed back, though I'd
> generally take that as positive.
>
> List seems good to me.
>
> The self nomintaion + confirm by UC is a good catch all especially in
> the beginning where we're unlikely to have though of everything.  We
> can always expand criterial later if the 'misc' of UC confirmantion
> gets too big and we idnetify patterns.
>
+1

That is the intention.. it will help us make sure that we didn't miss
anything and if we get a lot of requests for a certain activity then we can
expand the role definitions to include it.


>
> Thanks all!
> -Jon
>
> On Wed, Jun 29, 2016 at 04:52:00PM -0400, Shamail Tahir wrote:
> :Hi everyone,
> :
> :The AUC Recognition WG has been hard at work on milestone-4 of our plan
> :which is to identify the eligibility criteria for each community
> :contributor role that is covered by AUC.  We had a great mix of community
> :people involved in defining these thresholds but we wanted to also open
> :this up for broader community feedback before we propose them to the user
> :committee.  AUC is a new concept and we hope to make iterative
> improvements
> :going forward... you can consider the guidelines below as "version 1" and
> I
> :am certain they will evolve as lessons are learned.  Thank you in advance
> :for your feedback!
> :
> :·  Official User Group organizers
> :
> :o   Listed as an organizer or coordinator for an official OpenStack user
> :group
> :
> :·  Active members of official UC Working Groups
> :
> :o   Attend 25% of the IRC meetings and have spoken more than 25 times OR
> :have spoken more than 100 times regardless of attendance count over the
> :last six months
> :
> :o   WG that do not use IRC for their meetings will depend on the meeting
> :chair(s) to identify active participation from attendees
> :
> :·  Ops meetup moderators
> :
> :o   Moderate a session at the operators meetup over the last six
> :months AND/OR
> :
> :o   Host the operators meetup (limit 2 people from the hosting
> :organization) over the last six months
> :
> :·  Contributions to any repository under UC governance (ops
> :repositories, user stories repository, etc.)
> :
> :o   Submitted two or more patches to a UC governed repository over the
> last
> :six months
> :
> :·  Track chairs for OpenStack Summits
> :
> :o   Identified track chair for the upcoming OpenStack Summit (based on
> when
> :data is gathered) [this is a forward-facing metric]
> :
> :·  Contributors to Superuser (articles, interviews, user stories,
> etc.)
> :
> :o   Listed as author in at least one publication at
> superuser.openstack.org
> :over the last six months
> :
> :·  Submission for eligibility to AUC review panel
> :
> :o   No formal criteria, anyone can self-nominate, and nominations will be
> :reviewed per guidance established in milestone-5
> :
> :·  Active moderators on ask.openstack
> :
> :o   Listed as moderator on Ask OpenStack and have over 500 karma
> :
> :There is additional information available in the etherpad[1] the AUC
> :recognition WG has been using for this task which includes Q (question
> :and answers) between team members.
> :
> :[1] https://etherpad.openstack.org/p/uc-recog-metrics
> :
> :--
> :Thanks,
> :Shamail Tahir
> :t: @ShamailXD
> :tz: Eastern Time
>
> :___
> :User-committee mailing list
> :user-commit...@lists.openstack.org
> :http://lists.openstack.org/cgi-bin/mailman/listinfo/user-committee
>
>
> --
>



-- 
Thanks,
Shamail Tahir
t: @ShamailXD
tz: Eastern Time
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

[Openstack-operators] [recognition] AUC Recognition WG Meeting Today (6/30/16)

[Shamail Tahir]

Hi everyone,

The AUC (Active User Contributor) Recognition WG will be meeting today and
the agenda has been posted on our wiki[1].

Meeting information:
Date: 6/30
Time: 1900 UTC
IRC Channel: #openstack-meeting-3

[1] *https://wiki.openstack.org/wiki/AUCRecognition#Meeting_Information
*

-- 
Thanks,
Shamail Tahir
t: @ShamailXD
tz: Eastern Time
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] Reaching VXLAN tenant networks from outside (without floating IPs)

[Anand Nande]

Maybe you can have something like :
https://bugs.launchpad.net/neutron/+bug/1175211

On Thu, Jun 30, 2016 at 8:54 PM, Gustavo Randich
 wrote:
> Mike, as far as I know those routers allow only outgoing traffic, i.e. VM
> can see external networks, but those external networks cannot connect to VM
> if it doesn't have a FIP, am I right?
>
> Thanks!
> Gustavo
>
> On Wed, Jun 29, 2016 at 7:24 PM, Mike Spreitzer  wrote:
>>
>> Gustavo Randich  wrote on 06/29/2016 03:17:54
>> PM:
>>
>> > Hi operators...
>> >
>> > Transitioning from nova-network to Neutron (Mitaka), one of the key
>> > issues we are facing is how to reach VMs in VXLAN tenant networks
>> > without using precious floating IPs.
>> >
>> > Things that are outside Neutron in our case are:
>> >
>> > - in-house made application orchestrator: needs SSH access to
>> > instances to perform various tasks (start / shutdown apps, configure
>> > filesystems, etc.)
>> >
>> > - various centralized and external monitoring/metrics pollers: need
>> > SNMP / SSH access to gather status and trends
>> >
>> > - internal customers: need SSH access to instance from non-openstack
>> > VPN service
>> >
>> > - ideally, non-VXLAN aware traffic balancer appliances
>> >
>> > We have considered these approaches:
>> >
>> > - putting some of the external components inside a Network Node:
>> > inviable because components need access to multiple Neutron deployments
>> >
>> > - Neutron's VPNaaS: cannot figure how to configure a client-to-site
>> > VPN topology
>> >
>> > - integrate hardware switches capable of VXLAN VTEP: for us in this
>> > stage, it is complex and expensive
>> >
>> > - other?
>>
>> You know Neutron includes routers that can route between tenant networks
>> and external networks, right?  You could use those, if your tenant networks
>> use disjoint IP subnets.
>>
>> Regards,
>> Mike
>>
>>
>
>
> ___
> OpenStack-operators mailing list
> OpenStack-operators@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>



-- 
--Anand Nande

___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] Reaching VXLAN tenant networks from outside (without floating IPs)

[Gustavo Randich]

Mike, as far as I know those routers allow only outgoing traffic, i.e. VM
can see external networks, but those external networks cannot connect to VM
if it doesn't have a FIP, am I right?

Thanks!
Gustavo

On Wed, Jun 29, 2016 at 7:24 PM, Mike Spreitzer  wrote:

> Gustavo Randich  wrote on 06/29/2016 03:17:54
> PM:
>
> > Hi operators...
> >
> > Transitioning from nova-network to Neutron (Mitaka), one of the key
> > issues we are facing is how to reach VMs in VXLAN tenant networks
> > without using precious floating IPs.
> >
> > Things that are outside Neutron in our case are:
> >
> > - in-house made application orchestrator: needs SSH access to
> > instances to perform various tasks (start / shutdown apps, configure
> > filesystems, etc.)
> >
> > - various centralized and external monitoring/metrics pollers: need
> > SNMP / SSH access to gather status and trends
> >
> > - internal customers: need SSH access to instance from non-openstack
> > VPN service
> >
> > - ideally, non-VXLAN aware traffic balancer appliances
> >
> > We have considered these approaches:
> >
> > - putting some of the external components inside a Network Node:
> > inviable because components need access to multiple Neutron deployments
> >
> > - Neutron's VPNaaS: cannot figure how to configure a client-to-site
> > VPN topology
> >
> > - integrate hardware switches capable of VXLAN VTEP: for us in this
> > stage, it is complex and expensive
> >
> > - other?
>
> You know Neutron includes routers that can route between tenant networks
> and external networks, right?  You could use those, if your tenant networks
> use disjoint IP subnets.
>
> Regards,
> Mike
>
>
>
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] [User-committee] [scientific-wg] possible time change for non-US fortnightly meeting

[Peter Love]

Much better!  (say all the .uk people)

On 30 June 2016 at 09:48, Stig Telfer  wrote:
> Sounds good to me too!
>
> Best wishes,
> Stig
>
>
>> On 29 Jun 2016, at 07:49, Dario Vianello  wrote:
>>
>> Same here :-)
>>
>> Thanks!
>>
>>
>> Dario Vianello
>>
>> Cloud Bioinformatics Application Architect
>> European Bioinformatics Institute (EMBL-EBI)
>> Wellcome Trust Genome Campus, Hinxton, Cambridge, CB10 1SD, UK
>> Email: da...@ebi.ac.uk
>>
>>> On 28 Jun 2016, at 13:42,  
>>>  wrote:
>>>
>>> 0900 would work better for me J
>>>
>>> Thanks
>>>
>>> Alexander
>>>
>>> From: Blair Bethwaite [mailto:blair.bethwa...@gmail.com]
>>> Sent: 28 June 2016 12:37
>>> To: user-committee ; openstack-oper. 
>>> 
>>> Subject: [User-committee] [scientific-wg] possible time change for non-US 
>>> fortnightly meeting
>>>
>>> Hi all,
>>>
>>> Currently the scientific-wg is meeting weekly on irc with alternating times 
>>> week to week - 2100 UTC Tues this week and 0700 UTC Weds next week. The 
>>> basic idea being to have both US and non-US friendly times.
>>>
>>> The former time is pretty well attended but the latter is somewhat hit and 
>>> miss so we're considering whether it should be adjusted. Would it help you 
>>> attend if we pushed the 0700 UTC to 0900 or later?
>>>
>>> Cheers,
>>> Blairo & Stig
>>>
>>> ___
>>> User-committee mailing list
>>> user-commit...@lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/user-committee
>>
>> ___
>> User-committee mailing list
>> user-commit...@lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/user-committee
>
>
> ___
> User-committee mailing list
> user-commit...@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/user-committee

___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] [User-committee] [scientific-wg] possible time change for non-US fortnightly meeting

[Stig Telfer]

Sounds good to me too!

Best wishes,
Stig


> On 29 Jun 2016, at 07:49, Dario Vianello  wrote:
> 
> Same here :-)
> 
> Thanks!
> 
> 
> Dario Vianello
> 
> Cloud Bioinformatics Application Architect
> European Bioinformatics Institute (EMBL-EBI)
> Wellcome Trust Genome Campus, Hinxton, Cambridge, CB10 1SD, UK
> Email: da...@ebi.ac.uk
> 
>> On 28 Jun 2016, at 13:42,  
>>  wrote:
>> 
>> 0900 would work better for me J
>>  
>> Thanks
>>  
>> Alexander
>>  
>> From: Blair Bethwaite [mailto:blair.bethwa...@gmail.com] 
>> Sent: 28 June 2016 12:37
>> To: user-committee ; openstack-oper. 
>> 
>> Subject: [User-committee] [scientific-wg] possible time change for non-US 
>> fortnightly meeting
>>  
>> Hi all,
>> 
>> Currently the scientific-wg is meeting weekly on irc with alternating times 
>> week to week - 2100 UTC Tues this week and 0700 UTC Weds next week. The 
>> basic idea being to have both US and non-US friendly times.
>> 
>> The former time is pretty well attended but the latter is somewhat hit and 
>> miss so we're considering whether it should be adjusted. Would it help you 
>> attend if we pushed the 0700 UTC to 0900 or later?
>> 
>> Cheers,
>> Blairo & Stig
>> 
>> ___
>> User-committee mailing list
>> user-commit...@lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/user-committee
> 
> ___
> User-committee mailing list
> user-commit...@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/user-committee


___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] [User-committee] Seeking feedback: Active User Contributor (AUC) eligibility requirements

[Simon Leinen]

Shamail Tahir writes:
> The AUC Recognition WG has been hard at work on milestone-4 of our
> plan which is to identify the eligibility criteria for each community
> contributor role that is covered by AUC.
> [...] Thank you in advance for your feedback!

+1

Looks good, thanks all for the work figuring these out.
-- 
Simon.

___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators