> -----Original Message----- > From: Manan Shah [mailto:manan.s...@citrix.com] > Sent: Thursday, 17 January 2013 5:13 AM > To: cloudstack-dev@incubator.apache.org > Subject: Questions related to nTier Apps 2.0 > > Kishan, > > I reviewed the FS and I have quite a few questions. Please see the questions > below and let me know your thoughts. > > We should try and capture all of these items in the nTier Apps 2.0 FS / Design > spec if possible: > > > Open Questions: > > 1. Requirement 2.1: Combine VR and VPC VR: > * Are we going to do this one or not? > * If we do, would we support FW as well as Network ACLs or both? Are we > going to deprecate one of the terminologies and stick to one? > * Currently, Ingress FW is applied on Public IP and Network ACLs is > on > the private network > * Upgrade: On upgrade, would all isolated networks go away and become > VPCs with 1 tier each?
[KK] This is a huge item and currently unassigned. > 2. Requirement 2.2: Load Balancing on all Tiers: > * Assuming VPC VR is providing LB service for all tiers, would the LB on > non-web tiers have a private LB VIP or would it have to be public VIP? > Meaning can I go from web-tier to app tier LB without NAT? [KK] Yes, LB will be supported across tiers without requiring NAT > 3. Requirement 2.4: Physical Devices support: > * Would we support both in-line as well as side-by-side mode? [KK] Only in-line mode will be supported. > * Would we support external LB when using LB service for tier-to-tier > traffic? [KK] Yes > * What role will VPC VR play? Only DHCP and DNS? What about tier-to-tier > Network ACLs? [KK] Tier to tier traffic will still go though VR Network ACLs > * What about S2S VPN, Private GWs? > * For SRX, we lose the IP CIDR flexibility, how will this impact VPC? [KK] This should not be impacted by external LB > * Upgrade: Would we continue to upgrade VPC Tier Network from one > that doesn't support external devices to the one with external devices? [KK] Upgrade won't be supported > 4. Requirement 2.5: KVM Support: > * Are we going to pick this one up? Is the sub-feature complete? [KK] Marcus has already completed this. I'll check if there are any gaps still. > 5. Requirement 2.6: Blacklist of Routes: > * Assuming we will allow a list to be entered [KK] Admin can specify a list using global config. 6. Requirement 2.8: Static > Routes on VPN Gateway: > * Is this happening? [KK] This is not technically feasible since VPN is policy based > 7. Requirement 2.9: Remote-access VPN on VPC > * Is this happening? [KK] This is not happening. Also 2.1 should take care of this. > 8. Requirement 2.11: Ability to give tiers any CIDR, not just from super-net > * Why not just remove the CIDR specification on VPC creation? [KK] Yes, CIDR specification can be removed. > 9. Requirement 2.14: Allow ACL on all layer 4 protocols > * I believe the customers wanted more flexibility on protocols than just > adding a "All" keyword 10. Requirement [KK] I'll make it more flexible to support protocol number. 2.15: Support guest networks > outside of RFC 1918 addresses > * Should we have admins specifically allow this feature? > * Why is this restriction placed? Even if a network is re-used, wouldn't > it go > out through NAT? [KK] I'll get back to you on this. > 11. Requirement 2.17: Redundant VR for VPC: Is this happening? [KK] This is not happening > > > Regards, > Manan Shah
