+1 "NFTablesDriver"! Also, NFTables, AFAIK, improves IDS systems, like Suricata, for example: https://home.regit.org/2014/02/suricata-and-nftables/
Then, I'm wondering here... What benefits might come for OpenStack Nova / Neutron, if it comes with a NFTables driver, instead of the current IPTables?! * Efficient Security Group design? * Better FWaaS, maybe with NAT(44/66) support? * Native support for IPv6, with the defamed NAT66 built-in, simpler "Floating IP" implementation, for both v4 and v6 networks under a single implementation (*I don't like NAT66, I prefer a `routed Floating IPv6` version*)? * Metadata over IPv6 still using NAT(66) (*I don't like NAT66*), single implementation? * Suricata-as-a-Service?! It sounds pretty cool! :-) On 20 August 2014 23:16, Baohua Yang <yangbao...@gmail.com> wrote: > Great! > We met similar problems. > The current mechanisms produce too many iptables rules, and it's hard to > debug. > Really look forward to seeing a more efficient security group design. > > > On Thu, Jul 10, 2014 at 11:44 PM, Kyle Mestery <mest...@noironetworks.com> > wrote: > >> On Thu, Jul 10, 2014 at 4:30 AM, shihanzhang <ayshihanzh...@126.com> >> wrote: >> > >> > With the deployment 'nova + neutron + openvswitch', when we bulk create >> > about 500 VM with a default security group, the CPU usage of >> neutron-server >> > and openvswitch agent is very high, especially the CPU usage of >> openvswitch >> > agent will be 100%, this will cause creating VMs failed. >> > >> > With the method discussed in mailist: >> > >> > 1) ipset optimization (https://review.openstack.org/#/c/100761/) >> > >> > 3) sg rpc optimization (with fanout) >> > (https://review.openstack.org/#/c/104522/) >> > >> > I have implement these two scheme in my deployment, when we again bulk >> > create about 500 VM with a default security group, the CPU usage of >> > openvswitch agent will reduce to 10%, even lower than 10%, so I think >> the >> > iprovement of these two options are very efficient. >> > >> > Who can help us to review our spec? >> > >> This is great work! These are on my list of things to review in detail >> soon, but given the Neutron sprint this week, I haven't had time yet. >> I'll try to remedy that by the weekend. >> >> Thanks! >> Kyle >> >> > Best regards, >> > shihanzhang >> > >> > >> > >> > >> > >> > At 2014-07-03 10:08:21, "Ihar Hrachyshka" <ihrac...@redhat.com> wrote: >> >>-----BEGIN PGP SIGNED MESSAGE----- >> >>Hash: SHA512 >> >> >> >>Oh, so you have the enhancement implemented? Great! Any numbers that >> >>shows how much we gain from that? >> >> >> >>/Ihar >> >> >> >>On 03/07/14 02:49, shihanzhang wrote: >> >>> Hi, Miguel Angel Ajo! Yes, the ipset implementation is ready, today >> >>> I will modify my spec, when the spec is approved, I will commit the >> >>> codes as soon as possilbe! >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> At 2014-07-02 10:12:34, "Miguel Angel Ajo" <majop...@redhat.com> >> >>> wrote: >> >>>> >> >>>> Nice Shihanzhang, >> >>>> >> >>>> Do you mean the ipset implementation is ready, or just the >> >>>> spec?. >> >>>> >> >>>> >> >>>> For the SG group refactor, I don't worry about who does it, or >> >>>> who takes the credit, but I believe it's important we address >> >>>> this bottleneck during Juno trying to match nova's scalability. >> >>>> >> >>>> Best regards, Miguel Ángel. >> >>>> >> >>>> >> >>>> On 07/02/2014 02:50 PM, shihanzhang wrote: >> >>>>> hi Miguel Ángel and Ihar Hrachyshka, I agree with you that >> >>>>> split the work in several specs, I have finished the work ( >> >>>>> ipset optimization), you can do 'sg rpc optimization (without >> >>>>> fanout)'. as the third part(sg rpc optimization (with fanout)), >> >>>>> I think we need talk about it, because just using ipset to >> >>>>> optimize security group agent codes does not bring the best >> >>>>> results! >> >>>>> >> >>>>> Best regards, shihanzhang. >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> At 2014-07-02 04:43:24, "Ihar Hrachyshka" <ihrac...@redhat.com> >> >>>>> wrote: >> >>> On 02/07/14 10:12, Miguel Angel Ajo wrote: >> >>> >> >>>> Shihazhang, >> >>> >> >>>> I really believe we need the RPC refactor done for this cycle, >> >>>> and given the close deadlines we have (July 10 for spec >> >>>> submission and July 20 for spec approval). >> >>> >> >>>> Don't you think it's going to be better to split the work in >> >>>> several specs? >> >>> >> >>>> 1) ipset optimization (you) 2) sg rpc optimization (without >> >>>> fanout) (me) 3) sg rpc optimization (with fanout) (edouard, you >> >>>> , me) >> >>> >> >>> >> >>>> This way we increase the chances of having part of this for the >> >>>> Juno cycle. If we go for something too complicated is going to >> >>>> take more time for approval. >> >>> >> >>> >> >>> I agree. And it not only increases chances to get at least some of >> >>> those highly demanded performance enhancements to get into Juno, >> >>> it's also "the right thing to do" (c). It's counterproductive to >> >>> put multiple vaguely related enhancements in single spec. This >> >>> would dim review focus and put us into position of getting >> >>> 'all-or-nothing'. We can't afford that. >> >>> >> >>> Let's leave one spec per enhancement. @Shihazhang, what do you >> >>> think? >> >>> >> >>> >> >>>> Also, I proposed the details of "2", trying to bring awareness >> >>>> on the topic, as I have been working with the scale lab in Red >> >>>> Hat to find and understand those issues, I have a very good >> >>>> knowledge of the problem and I believe I could make a very fast >> >>>> advance on the issue at the RPC level. >> >>> >> >>>> Given that, I'd like to work on this specific part, whether or >> >>>> not we split the specs, as it's something we believe critical >> >>>> for neutron scalability and thus, *nova parity*. >> >>> >> >>>> I will start a separate spec for "2", later on, if you find it >> >>>> ok, we keep them as separate ones, if you believe having just 1 >> >>>> spec (for 1 & 2) is going be safer for juno-* approval, then we >> >>>> can incorporate my spec in yours, but then >> >>>> "add-ipset-to-security" is not a good spec title to put all this >> >>>> together. >> >>> >> >>> >> >>>> Best regards, Miguel Ángel. >> >>> >> >>> >> >>>> On 07/02/2014 03:37 AM, shihanzhang wrote: >> >>>>> >> >>>>> hi Miguel Angel Ajo Pelayo! I agree with you and modify my >> >>>>> spes, but I will also optimization the RPC from security group >> >>>>> agent to neutron server. Now the modle is >> >>>>> 'port[rule1,rule2...], port...', I will change it to 'port[sg1, >> >>>>> sg2..]', this can reduce the size of RPC respose message from >> >>>>> neutron server to security group agent. >> >>>>> >> >>>>> At 2014-07-01 09:06:17, "Miguel Angel Ajo Pelayo" >> >>>>> <mangel...@redhat.com> wrote: >> >>>>>> >> >>>>>> >> >>>>>> Ok, I was talking with Édouard @ IRC, and as I have time to >> >>>>>> work into this problem, I could file an specific spec for >> >>>>>> the security group RPC optimization, a masterplan in two >> >>>>>> steps: >> >>>>>> >> >>>>>> 1) Refactor the current RPC communication for >> >>>>>> security_groups_for_devices, which could be used for full >> >>>>>> syncs, etc.. >> >>>>>> >> >>>>>> 2) Benchmark && make use of a fanout queue per security >> >>>>>> group to make sure only the hosts with instances on a >> >>>>>> certain security group get the updates as they happen. >> >>>>>> >> >>>>>> @shihanzhang do you find it reasonable? >> >>>>>> >> >>>>>> >> >>>>>> >> >>>>>> ----- Original Message ----- >> >>>>>>> ----- Original Message ----- >> >>>>>>>> @Nachi: Yes that could a good improvement to factorize >> >>>>>>>> the RPC >> >>>>>>> mechanism. >> >>>>>>>> >> >>>>>>>> Another idea: What about creating a RPC topic per >> >>>>>>>> security group (quid of the >> >>>>>>> RPC topic >> >>>>>>>> scalability) on which an agent subscribes if one of its >> >>>>>>>> ports is >> >>>>>>> associated >> >>>>>>>> to the security group? >> >>>>>>>> >> >>>>>>>> Regards, Édouard. >> >>>>>>>> >> >>>>>>>> >> >>> >> >>> >> >>>>>>> Hmm, Interesting, >> >>> >> >>>>>>> @Nachi, I'm not sure I fully understood: >> >>> >> >>> >> >>>>>>> SG_LIST [ SG1, SG2] SG_RULE_LIST = [SG_Rule1, SG_Rule2] .. >> >>>>>>> port[SG_ID1, SG_ID2], port2 , port3 >> >>> >> >>> >> >>>>>>> Probably we may need to include also the SG_IP_LIST = >> >>>>>>> [SG_IP1, SG_IP2] ... >> >>> >> >>> >> >>>>>>> and let the agent do all the combination work. >> >>> >> >>>>>>> Something like this could make sense? >> >>> >> >>>>>>> Security_Groups = {SG1:{IPs:[....],RULES:[....], >> >>>>>>> SG2:{IPs:[....],RULES:[....]} } >> >>> >> >>>>>>> Ports = {Port1:[SG1, SG2], Port2: [SG1] .... } >> >>> >> >>> >> >>>>>>> @Edouard, actually I like the idea of having the agent >> >>>>>>> subscribed to security groups they have ports on... That >> >>>>>>> would remove the need to include all the security groups >> >>>>>>> information on every call... >> >>> >> >>>>>>> But would need another call to get the full information of >> >>>>>>> a set of security groups at start/resync if we don't >> >>>>>>> already have any. >> >>> >> >>> >> >>>>>>>> >> >>>>>>>> On Fri, Jun 20, 2014 at 4:04 AM, shihanzhang < >> >>>>>>> ayshihanzh...@126.com > >> >>>>>>>> wrote: >> >>>>>>>> >> >>>>>>>> >> >>>>>>>> >> >>>>>>>> hi Miguel Ángel, I am very agree with you about the >> >>>>>>>> following point: >> >>>>>>>>> * physical implementation on the hosts (ipsets, >> >>>>>>>>> nftables, ... ) >> >>>>>>>> --this can reduce the load of compute node. >> >>>>>>>>> * rpc communication mechanisms. >> >>>>>>>> -- this can reduce the load of neutron server can you >> >>>>>>>> help me to review my BP specs? >> >>>>>>>> >> >>>>>>>> >> >>>>>>>> >> >>>>>>>> >> >>>>>>>> >> >>>>>>>> >> >>>>>>>> >> >>>>>>>> At 2014-06-19 10:11:34, "Miguel Angel Ajo Pelayo" < >> >>>>>>> mangel...@redhat.com > >> >>>>>>>> wrote: >> >>>>>>>>> >> >>>>>>>>> Hi it's a very interesting topic, I was getting ready >> >>>>>>>>> to raise the same concerns about our security groups >> >>>>>>>>> implementation, >> >>>>>>> shihanzhang >> >>>>>>>>> thank you for starting this topic. >> >>>>>>>>> >> >>>>>>>>> Not only at low level where (with our default security >> >>>>>>>>> group rules -allow all incoming from 'default' sg- the >> >>>>>>>>> iptable rules will grow in ~X^2 for a tenant, and, the >> >>>>>>>>> "security_group_rules_for_devices" rpc call from >> >>>>>>>>> ovs-agent to neutron-server grows to message sizes of >> >>>>>>>>>> 100MB, >> >>>>>>>>> generating serious scalability issues or >> >>>>>>>>> timeouts/retries that totally break neutron service. >> >>>>>>>>> >> >>>>>>>>> (example trace of that RPC call with a few instances >> >>>>>>>>> http://www.fpaste.org/104401/14008522/ ) >> >>>>>>>>> >> >>>>>>>>> I believe that we also need to review the RPC calling >> >>>>>>>>> mechanism for the OVS agent here, there are several >> >>>>>>>>> possible approaches to >> >>>>>>> breaking >> >>>>>>>>> down (or/and CIDR compressing) the information we >> >>>>>>>>> return via this >> >>>>>>> api >> >>>>>>>>> call. >> >>>>>>>>> >> >>>>>>>>> >> >>>>>>>>> So we have to look at two things here: >> >>>>>>>>> >> >>>>>>>>> * physical implementation on the hosts (ipsets, >> >>>>>>>>> nftables, ... ) * rpc communication mechanisms. >> >>>>>>>>> >> >>>>>>>>> Best regards, Miguel Ángel. >> >>>>>>>>> >> >>>>>>>>> ----- Mensaje original ----- >> >>>>>>>>> >> >>>>>>>>>> Do you though about nftables that will replace >> >>>>>>> {ip,ip6,arp,eb}tables? >> >>>>>>>>>> It also based on the rule set mechanism. The issue >> >>>>>>>>>> in that proposition, it's only stable since the >> >>>>>>>>>> begin >> >>>>>>> of the >> >>>>>>>>>> year and on Linux kernel 3.13. But there lot of pros >> >>>>>>>>>> I don't list here (leverage iptables >> >>>>>>> limitation, >> >>>>>>>>>> efficient update rule, rule set, standardization of >> >>>>>>>>>> netfilter commands...). >> >>>>>>>>> >> >>>>>>>>>> Édouard. >> >>>>>>>>> >> >>>>>>>>>> On Thu, Jun 19, 2014 at 8:25 AM, henry hly < >> >>>>>>>>>> henry4...@gmail.com > wrote: >> >>>>>>>>> >> >>>>>>>>>>> we have done some tests, but have different >> >>>>>>>>>>> result: the >> >>>>>>> performance is >> >>>>>>>>>>> nearly the same for empty and 5k rules in iptable, >> >>>>>>>>>>> but huge gap between enable/disable iptable hook >> >>>>>>>>>>> on linux bridge >> >>>>>>>>>> >> >>>>>>>>> >> >>>>>>>>>>> On Thu, Jun 19, 2014 at 11:21 AM, shihanzhang < >> >>>>>>> ayshihanzh...@126.com >> >>>>>>>>>>>> >> >>>>>>>>>>> wrote: >> >>>>>>>>>> >> >>>>>>>>> >> >>>>>>>>>>>> Now I have not get accurate test data, but I can >> >>>>>>>>>>>> confirm the following points? >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>>>> 1. In compute node, the iptable's chain of a VM >> >>>>>>>>>>>> is liner, >> >>>>>>> iptable >> >>>>>>>>>>>> filter it one by one, if a VM in default >> >>>>>>>>>>>> security group and this default security group >> >>>>>>>>>>>> have many members, but ipset chain is set, the >> >>>>>>>>>>>> time >> >>>>>>> ipset >> >>>>>>>>>>>> filter one and many member is not much >> >>>>>>>>>>>> difference. >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>>>> 2. when the iptable rule is very large, the >> >>>>>>>>>>>> probability of >> >>>>>>> failure >> >>>>>>>>>>>> that iptable-save save the iptable rule is very >> >>>>>>>>>>>> large. >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>> >> >>>>>>>>>>>> At 2014-06-19 10:55:56, "Kevin Benton" < >> >>>>>>>>>>>> blak...@gmail.com >> >>>>>>>> wrote: >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>> >> >>>>>>>>>>>>> This sounds like a good idea to handle some of >> >>>>>>>>>>>>> the >> >>>>>>> performance >> >>>>>>>>>>>>> issues until the ovs firewall can be >> >>>>>>>>>>>>> implemented down the the line. >> >>>>>>>>>>>> >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>>>>> Do you have any performance comparisons? >> >>>>>>>>>>>> >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>>>>> On Jun 18, 2014 7:46 PM, "shihanzhang" < >> >>>>>>> ayshihanzh...@126.com > >> >>>>>>>>>>>>> wrote: >> >>>>>>>>>>>> >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>> >> >>>>>>>>>>>>>> Hello all, >> >>>>>>>>>>>>> >> >>>>>>>>>>>> >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>> >> >>>>>>>>>>>>>> Now in neutron, it use iptable implementing >> >>>>>>>>>>>>>> security >> >>>>>>> group, but >> >>>>>>>>>>>>>> the performance of this implementation is >> >>>>>>>>>>>>>> very poor, there >> >>>>>>> is a bug: >> >>>>>>>>>>>>>> https://bugs.launchpad.net/neutron/+bug/1302272 >> >>>>>>>>>>>>>> >> >>>>>>>>>>>>>> >> >>to >> >>>>>>> reflect this >> >>>>>>>>>>>>>> problem. In his test, w ith default security >> >>>>>>>>>>>>>> groups(which has remote security group), >> >>>>>>>>>>>>>> beyond 250-300 VMs, there were around 6k >> >>>>>>>>>>>>>> Iptable rules >> >>>>>>> on evry >> >>>>>>>>>>>>>> compute node, although his patch can reduce >> >>>>>>>>>>>>>> the processing time, but >> >>>>>>> it don't >> >>>>>>>>>>>>>> solve this problem fundamentally. I have >> >>>>>>>>>>>>>> commit a BP to solve this >> >>>>>>> problem: >> >>>>>>>>>>>>>> >> >>>>>>> >> https://blueprints.launchpad.net/neutron/+spec/add-ipset-to-security >> >>> >> >>>>>>> >> >>> >> >>>>>>>>>>>>>>> >> >>>>>>>>>>>> >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>>>>>> There are other people interested in this >> >>>>>>>>>>>>>> it? >> >>>>>>>>>>>>> >> >>>>>>>>>>>> >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>> >> >>>>>>>>>>>>>> _______________________________________________ >> >>> >> >>>>>>>>>>>>>> >> >>>>>>>>>>>>>> >> >>>>>>>>> >> >>>>>>>>>>>> >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>>>>>> OpenStack-dev mailing list >> >>>>>>>>>>>>> >> >>>>>>>>>>>> >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>>>>>> OpenStack-dev@lists.openstack.org >> > > > >> >>>>>>>>>>>> >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>>>>>> >> >>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >>> >> >>>>>>> >> >>> >> >>>>>>>>>>>>>>> >> >>>>>>>>>>>> >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>> >> >>>>>>>>>>>> _______________________________________________ >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>>>> OpenStack-dev mailing list >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>>>> OpenStack-dev@lists.openstack.org >> > >> >>>>>>>>>> >> >>>>>>>>>>>> >> >>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >>>>>>> >> >>>>>>> >> >>>> >> >>>>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>> >> >>>>>>>>>>> _______________________________________________ >> >>>>>>>>>> >> >>>>>>>>>>> OpenStack-dev mailing list >> >>>>>>>>>> >> >>>>>>>>>>> OpenStack-dev@lists.openstack.org >> >> >>>>>>>>>>> >> >>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >>>>>>> >> >>>>>>> >> >>>> >> >>>>>>>>> >> >>>>>>>>>> _______________________________________________ >> >>>>>>>>>> OpenStack-dev mailing list >> >>>>>>>>>> OpenStack-dev@lists.openstack.org >> >> >>>>>>>>>> >> >>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >>>>>>> >> >>>>>>> >> >>> >> >>>>>>>>> _______________________________________________ >> >>>>>>>>> OpenStack-dev mailing list >> >>>>>>>>> OpenStack-dev@lists.openstack.org > >> >>>>>>>>> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >>> >> >>>>>>>>> >> >>>>>>>>> >> >>> >> >>>>>>>> >> >>>>>>>> >> >>>>>>>> _______________________________________________ >> >>>>>>>> OpenStack-dev mailing list >> >>>>>>>> OpenStack-dev@lists.openstack.org >> >>>>>>>> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >>> >> >>>>>>>> >> >>>>>>>> >> >>> >> >>>>>>>> >> >>>>>>>> >> >>>>>>>> _______________________________________________ >> >>>>>>>> OpenStack-dev mailing list >> >>>>>>>> OpenStack-dev@lists.openstack.org >> >>>>>>>> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >>> >> >>>>>>>> >> >>>>>>>> >> >>> >> >>> >> >>>>>>> _______________________________________________ >> >>>>>>> OpenStack-dev mailing list >> >>>>>>> OpenStack-dev@lists.openstack.org >> >>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >>> >> >>>>>>> >> >>>>>> >> >>>>>> >> >>> >> >>> _______________________________________________ >> >>>>>> OpenStack-dev mailing list OpenStack-dev@lists.openstack.org >> >>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>>> >> >>> >> >>>>>> >> >>_______________________________________________ >> >>>>> OpenStack-dev mailing list OpenStack-dev@lists.openstack.org >> >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >>>>> >> >>> >> >>>>> >> >>>>> >> >>>> _______________________________________________ OpenStack-dev >> >>>> mailing list OpenStack-dev@lists.openstack.org >> >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >>>>>> >> >>>>>>_______________________________________________ >> >>>>>>OpenStack-dev >> >>>> >> >>mailing list >> >>>>>> OpenStack-dev@lists.openstack.org >> >>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>>> >> >>_______________________________________________ >> >>>>> OpenStack-dev mailing list OpenStack-dev@lists.openstack.org >> >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >>>>> >> >>>> >> >>>>_______________________________________________ >> >>>>OpenStack-dev >> >>>>> >> >>mailing list >> >>>> OpenStack-dev@lists.openstack.org >> >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >>> >> >>>> >> >>> >> >>> >> >>> >> >>> >> >>> _______________________________________________ OpenStack-dev >> >>> mailing list OpenStack-dev@lists.openstack.org >> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >>> >> >>-----BEGIN PGP SIGNATURE----- >> >>Version: GnuPG/MacGPG2 v2.0.22 (Darwin) >> >>Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >> >> >> >>iQEcBAEBCgAGBQJTtWPVAAoJEC5aWaUY1u57PyMH/3Honqp3NQN5d1crkgn2y4zR >> >>IiMlTMoeloaLx84Fv7Ya44evA+ZX1dDIfozrig+/uuWlVXql4EIl9vcGQ2T0xvoE >> >>WXo7eu6D4ysca1Bx0AAmNi3IY0jC3QP46V3slmOWYHW2GAwRrrWHLyuOfCubPros >> >>7zlOEC5MRZsh1KY3fj+bX1a7dmR6QdKqnya/JdP8I0bkkYxOXAivX+gFJCTGeB23 >> >>1Ss//rr781W9mynwB2rXssUQZU3ySK7PQmMEAVZUPkPAIzbtlTfq7nbV1GPzL3Di >> >>/qEXL0cEx57fv9l8SvqYHqVpeh09dbh3h7kKKovwgNKCpiD1oMDoWgCS+PelZFc= >> >>=TxAT >> >>-----END PGP SIGNATURE----- >> >> >> >>_______________________________________________ >> >>OpenStack-dev mailing list >> >>OpenStack-dev@lists.openstack.org >> >>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > >> > >> > >> > >> > _______________________________________________ >> > OpenStack-dev mailing list >> > OpenStack-dev@lists.openstack.org >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > >> >> _______________________________________________ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > > > -- > Best wishes! > Baohua > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
