Hi, I am khushbu an GSOC applicant. So I want help knowing more about this bug. https://blueprints.launchpad.net/zaqar/+spec/prefix-queue-paginationor some documentation like what exactly they mean or how to approach and the link to repo we need to make changes as I am new to this project.
Regards, Khushbu ParakhArya College Of Engineering and ITLinkedin: http://linkedin.com/in/khushbuparakhabout.me/khushbu.parakh > From: openstack-requ...@lists.openstack.org > Subject: Openstack Digest, Vol 32, Issue 18 > To: openstack@lists.openstack.org > Date: Wed, 17 Feb 2016 12:00:04 +0000 > > Send Openstack mailing list submissions to > openstack@lists.openstack.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > or, via email, send a message with subject or body 'help' to > openstack-requ...@lists.openstack.org > > You can reach the person managing the list at > openstack-ow...@lists.openstack.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Openstack digest..." > > > Today's Topics: > > 1. Re: [OpenStack] [CINDER] how to get updated pool info when > multi users create volumes on pool configured? (yang, xing) > 2. Guest networking and magic IP (Andre Goree) > 3. Nexus 9K - Nexus: Segment is an invalid type or not supported > by this driver?? (Michael Gale) > 4. Re: Nexus 9K - Nexus: Segment is an invalid type or not > supported by this driver?? (Anthony T CHOW) > 5. Re: Nexus 9K - Nexus: Segment is an invalid type or not > supported by this driver?? (Michael Gale) > 6. Re: Virtual Firewall Appliance (Martinx - ?????) > 7. Re: Nexus 9K - Nexus: Segment is an invalid type or not > supported by this driver?? (Anthony T CHOW) > 8. add an extra external network (Priyanka) > 9. Re: add an extra external network (Erik McCormick) > 10. Re: Guest networking and magic IP (Tomas Vondra) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 16 Feb 2016 18:47:34 +0000 > From: "yang, xing" <xing.y...@emc.com> > To: Dilip Sunkum Manjunath <dilip.sunkummanjun...@toshiba-tsip.com> > Cc: "itzdi...@gmail.com" <itzdi...@gmail.com>, > "openstack@lists.openstack.org" <openstack@lists.openstack.org> > Subject: Re: [Openstack] [OpenStack] [CINDER] how to get updated pool > info when multi users create volumes on pool configured? > Message-ID: <875b4123-013f-4924-b9bd-caf125925...@emc.com> > Content-Type: text/plain; charset="us-ascii" > > Sounds good. Let me know how it goes. > > Thanks Dilip, > Xing > > > > On Feb 16, 2016, at 1:21 AM, Dilip Sunkum Manjunath > > <dilip.sunkummanjun...@toshiba-tsip.com> wrote: > > > > Hi Xing, > > > > > > Thanks for replay, > > > > > > > > I tried because the use case was to support both in single pool. > > > > I was thinking in same as to read the volume type in scheduler, however > > since it is a new requirement that affects everyone it might not be good to > > change now. > > > > I shall try with the other approach pools for thin /thick and update you. > > > > > > Thanks > > Dilip > > > > > > > > > > > > > > > > > > -----Original Message----- > > From: yang, xing [mailto:xing.y...@emc.com] > > Sent: Friday, February 12, 2016 12:42 PM > > To: Dilip Sunkum Manjunath > > Cc: openstack@lists.openstack.org; itzdi...@gmail.com > > Subject: Re: [OpenStack] [CINDER] how to get updated pool info when multi > > users create volumes on pool configured? > > > > Hi Dilip, > > > > I see. If thin_provisioning is true and max_over_subscription_ratio is > > valid, the scheduler will treat it as thin provisioning. We do not prevent > > driver from reporting both thin and thick support to be true. However, I > > think we need to make a change. > > > > I suggest that you have one pool for thin and the other one for thick but > > don't report both thin and thick support from the same pool. That will > > avoid this problem. > > > > Another possible alternative is to require thin/thick provisioning to be in > > extra specs and use that info in the scheduler, however that will be a new > > requirement that affects everyone. So I am not in favor of that approach. > > > > Can you use one pool for thin and another for thick in your testing? > > > > Thanks, > > Xing > > > > > > > >> On Feb 12, 2016, at 12:05 AM, Dilip Sunkum Manjunath > >> <dilip.sunkummanjun...@toshiba-tsip.com> wrote: > >> > >> max_over_subscription_ratio > > The information contained in this e-mail message and in any > > attachments/annexure/appendices is confidential to the > > recipient and may contain privileged information. > > If you are not the intended recipient, please notify the > > sender and delete the message along with any > > attachments/annexure/appendices. You should not disclose, > > copy or otherwise use the information contained in the > > message or any annexure. Any views expressed in this e-mail > > are those of the individual sender except where the sender > > specifically states them to be the views of > > Toshiba Software India Pvt. Ltd. (TSIP),Bangalore. > > > > Although this transmission and any attachments are believed to be > > free of any virus or other defect that might affect any computer > > system into which it is received and opened, it is the responsibility > > of the recipient to ensure that it is virus free and no responsibility > > is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or > > damage arising in any way from its use. > > > > > > ------------------------------ > > Message: 2 > Date: Tue, 16 Feb 2016 15:37:06 -0500 > From: Andre Goree <an...@drenet.net> > To: openstack@lists.openstack.org > Subject: [Openstack] Guest networking and magic IP > Message-ID: <2ae919336ea558e2c957b3c6121f7...@drenet.net> > Content-Type: text/plain; charset=US-ASCII; format=flowed > > I have some questions regarding the way that networking is handled via > qemu/kvm+libvirt, namely I'm trying to replicate OpenStack's use of the > magic IP on newly spun-up instances. My apologies in advance if this is > not the proper mailing list for such a question. I've already been to > the libvirt mailing list, but to no avail. > > I am trying to determine how exactly I can manipulate traffic from a > _guest's_ NIC using iptables on the _host_. On the host, there is a > bridged virtual NIC that corresponds to the guest's NIC. That interface > does not have an IP setup on it on the host, however within the vm > itself the IP is configured and everything works as expected. I was > told on the libvirt list that nwfilter handles things like this, but > after further discussion was able to determine that nwfilter does NOT > handle a situation in which one would redirect traffic destined for one > IP to another IP -- a situation that iptables would normally handle. > > I'm wondering, in that case, how OpenStack is (seemingly) "magically" > making this happen? Because libvirt (via nwfilter) handles outbound > traffic produced by a guest system (and thus, that traffic does not > traverse iptables) that there would be no way to facilitate this...but > as we all know, OpenStack does it :) > > Any insight or pointing in the right direction would be so helpful, > thanks in advance! > > > -- > Andre Goree > -=-=-=-=-=- > Email - andre at drenet.net > Website - http://www.drenet.net > PGP key - http://www.drenet.net/pubkey.txt > -=-=-=-=-=- > > > > ------------------------------ > > Message: 3 > Date: Tue, 16 Feb 2016 13:41:44 -0700 > From: Michael Gale <gale.mich...@gmail.com> > To: "openstack@lists.openstack.org" <openstack@lists.openstack.org> > Subject: [Openstack] Nexus 9K - Nexus: Segment is an invalid type or > not supported by this driver?? > Message-ID: > <ca+yxe5knkqjjjtbx69x4qopfpzvq2dyj6zbudnsh0p2mvjb...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Hello, > > I am having issues getting my Liberty environment working with VXLAN > and N9K. > > Currently I am getting the following errors in the logs on startup: > --snip-- > 2016-02-16 13:18:42.097 595 WARNING > networking_cisco.plugins.ml2.drivers.cisco.nexus.mech_cisco_nexus > [req-825a9891-0467-4958-86ca-c98486a7bf52 - - - - -] Nexus: Segment is an > invalid type or not supported by this driv > er. Network type = vxlan Physical network = None. Event not processed. > --snip-- > > When trying to launch an instance: > --snip-- > ERROR neutron.plugins.ml2.managers > [req-d15ab080-7aa4-46e5-a5c3-b62a13c5646d d2b4e18cf27d41418845439f5d788523 > eaa185709c79477fa1e3edfffa4e4c7f - - -] Failed to bind port > 9b32f0e7-6b5b-4ced-84b7-262ea12e090c on host compute1 > > Nexus: Segment is None, Event not processed > --snip-- > > I am assuming I am missing something in the configuration file however I > can't figure it out. Any help is greatly appreciated. > > Thanks > Michael > > Here is my ml2_conf.ini > > --snip-- > # ML2 general > [ml2] > type_drivers = flat,vlan,nexus_vxlan,local > tenant_network_types = nexus_vxlan > mechanism_drivers = linuxbridge,l2population,cisco_nexus > extension_drivers = port_security > path_mtu = 0 > segment_mtu = 0 > > > > # ML2 VLAN networks > [ml2_type_vlan] > network_vlan_ranges = physeth1:100:163 > > [ml2_mech_cisco_nexus:10.92.192.45] > infra1_neutron_agents_container-ee5293cb=1/17 > infra1_neutron_server_container-ed083568=1/17 > infra2_neutron_agents_container-65f32f70=1/18 > infra2_neutron_server_container-1e0b996b=1/18 > infra3_neutron_agents_container-2faafbe7=1/19 > infra3_neutron_server_container-9eabc975=1/19 > compute1=1/21 > compute2=1/22 > username=openstack > password=foo123 > ssh_port=22 > physnet=physeth1 > > [ml2_mech_cisco_nexus:10.92.192.46] > infra1_neutron_agents_container-ee5293cb=1/17 > infra1_neutron_server_container-ed083568=1/17 > infra2_neutron_agents_container-65f32f70=1/18 > infra2_neutron_server_container-1e0b996b=1/18 > infra3_neutron_agents_container-2faafbe7=1/19 > infra3_neutron_server_container-9eabc975=1/19 > compute1=1/21 > compute2=1/22 > username=openstack > password=foo123 > ssh_port=22 > physnet=physeth1 > > # ML2 VXLAN networks > [ml2_type_vxlan] > vxlan_group = > vni_ranges = 1:1000 > > [ml2_type_nexus_vxlan] > # Comma-separated list of <vni_min>:<vni_max> tuples enumerating > # ranges of VXLAN VNI IDs that are available for tenant network allocation. > vni_ranges=50000:55000 > > # Multicast groups for the VXLAN interface. When configured, will > # enable sending all broadcast traffic to this multicast group. Comma > separated > # list of min:max ranges of multicast IP's > # NOTE: must be a valid multicast IP, invalid IP's will be discarded > mcast_ranges=225.1.1.1:225.1.1.2 > > # Security groups > [securitygroup] > enable_security_group = True > enable_ipset = True > > --snip-- > > > and my linuxbridge_agent.ini: > --snip-- > # Linux bridge agent physical interface mappings > [linux_bridge] > > physical_interface_mappings = physeth1:eth11 > > # Linux bridge agent VXLAN networks > [vxlan] > > enable_vxlan = True > vxlan_group = > # VXLAN local tunnel endpoint > local_ip = 10.96.2.141 > l2_population = True > > > # Agent > [agent] > prevent_arp_spoofing = False > > # Security groups > [securitygroup] > firewall_driver = > neutron.agent.linux.iptables_firewall.IptablesFirewallDriver > enable_security_group = True > > --snip-- > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://lists.openstack.org/pipermail/openstack/attachments/20160216/8ddf820d/attachment-0001.html> > > ------------------------------ > > Message: 4 > Date: Tue, 16 Feb 2016 20:53:44 +0000 > From: Anthony T CHOW <anthony.c...@al-enterprise.com> > To: Michael Gale <gale.mich...@gmail.com>, > "openstack@lists.openstack.org" <openstack@lists.openstack.org> > Subject: Re: [Openstack] Nexus 9K - Nexus: Segment is an invalid type > or not supported by this driver?? > Message-ID: > > <he1pr08mb0427e643c54e32d3b2557626d6...@he1pr08mb0427.eurprd08.prod.outlook.com> > > Content-Type: text/plain; charset="utf-8" > > Michael, > > Are you using Linux Bridge or OvS? > > There is a bug report: Linux bridge does not work with cisco_nexus ml2 plugins > > https://bugs.launchpad.net/networking-cisco/+bug/1421024 > > anthony. > > From: Michael Gale [mailto:gale.mich...@gmail.com] > Sent: Tuesday, February 16, 2016 12:42 PM > To: openstack@lists.openstack.org > Subject: [Openstack] Nexus 9K - Nexus: Segment is an invalid type or not > supported by this driver?? > > Hello, > > I am having issues getting my Liberty environment working with VXLAN and > N9K. > > Currently I am getting the following errors in the logs on startup: > --snip-- > 2016-02-16 13:18:42.097 595 WARNING > networking_cisco.plugins.ml2.drivers.cisco.nexus.mech_cisco_nexus > [req-825a9891-0467-4958-86ca-c98486a7bf52 - - - - -] Nexus: Segment is an > invalid type or not supported by this driv > er. Network type = vxlan Physical network = None. Event not processed. > --snip-- > > When trying to launch an instance: > --snip-- > ERROR neutron.plugins.ml2.managers [req-d15ab080-7aa4-46e5-a5c3-b62a13c5646d > d2b4e18cf27d41418845439f5d788523 eaa185709c79477fa1e3edfffa4e4c7f - - -] > Failed to bind port 9b32f0e7-6b5b-4ced-84b7-262ea12e090c on host compute1 > > Nexus: Segment is None, Event not processed > --snip-- > > I am assuming I am missing something in the configuration file however I > can't figure it out. Any help is greatly appreciated. > > Thanks > Michael > > Here is my ml2_conf.ini > > --snip-- > # ML2 general > [ml2] > type_drivers = flat,vlan,nexus_vxlan,local > tenant_network_types = nexus_vxlan > mechanism_drivers = linuxbridge,l2population,cisco_nexus > extension_drivers = port_security > path_mtu = 0 > segment_mtu = 0 > > > > # ML2 VLAN networks > [ml2_type_vlan] > network_vlan_ranges = physeth1:100:163 > > [ml2_mech_cisco_nexus:10.92.192.45] > infra1_neutron_agents_container-ee5293cb=1/17 > infra1_neutron_server_container-ed083568=1/17 > infra2_neutron_agents_container-65f32f70=1/18 > infra2_neutron_server_container-1e0b996b=1/18 > infra3_neutron_agents_container-2faafbe7=1/19 > infra3_neutron_server_container-9eabc975=1/19 > compute1=1/21 > compute2=1/22 > username=openstack > password=foo123 > ssh_port=22 > physnet=physeth1 > > [ml2_mech_cisco_nexus:10.92.192.46] > infra1_neutron_agents_container-ee5293cb=1/17 > infra1_neutron_server_container-ed083568=1/17 > infra2_neutron_agents_container-65f32f70=1/18 > infra2_neutron_server_container-1e0b996b=1/18 > infra3_neutron_agents_container-2faafbe7=1/19 > infra3_neutron_server_container-9eabc975=1/19 > compute1=1/21 > compute2=1/22 > username=openstack > password=foo123 > ssh_port=22 > physnet=physeth1 > > # ML2 VXLAN networks > [ml2_type_vxlan] > vxlan_group = > vni_ranges = 1:1000 > > [ml2_type_nexus_vxlan] > # Comma-separated list of <vni_min>:<vni_max> tuples enumerating > # ranges of VXLAN VNI IDs that are available for tenant network allocation. > vni_ranges=50000:55000 > > # Multicast groups for the VXLAN interface. When configured, will > # enable sending all broadcast traffic to this multicast group. Comma > separated > # list of min:max ranges of multicast IP's > # NOTE: must be a valid multicast IP, invalid IP's will be discarded > mcast_ranges=225.1.1.1:225.1.1.2 > > # Security groups > [securitygroup] > enable_security_group = True > enable_ipset = True > > --snip-- > > > and my linuxbridge_agent.ini: > --snip-- > # Linux bridge agent physical interface mappings > [linux_bridge] > > physical_interface_mappings = physeth1:eth11 > > # Linux bridge agent VXLAN networks > [vxlan] > > enable_vxlan = True > vxlan_group = > # VXLAN local tunnel endpoint > local_ip = 10.96.2.141 > l2_population = True > > > # Agent > [agent] > prevent_arp_spoofing = False > > # Security groups > [securitygroup] > firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver > enable_security_group = True > > --snip-- > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://lists.openstack.org/pipermail/openstack/attachments/20160216/98b7c0f7/attachment-0001.html> > > ------------------------------ > > Message: 5 > Date: Tue, 16 Feb 2016 13:57:26 -0700 > From: Michael Gale <gale.mich...@gmail.com> > To: Anthony T CHOW <anthony.c...@al-enterprise.com> > Cc: "openstack@lists.openstack.org" <openstack@lists.openstack.org> > Subject: Re: [Openstack] Nexus 9K - Nexus: Segment is an invalid type > or not supported by this driver?? > Message-ID: > <ca+yxe5mkm+ob-yyghv-0a4ahqj+mokq-ap423twyvcr2nhy...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Hello, > > I am using Linux Bridge, I did see that bug report however it is marked > as a duplicate of: https://bugs.launchpad.net/neutron/+bug/1433461 which > indicates the issue was fixed in kilo. If I understand the report correctly. > > Michael > > On Tue, Feb 16, 2016 at 1:53 PM, Anthony T CHOW < > anthony.c...@al-enterprise.com> wrote: > > > Michael, > > > > > > > > Are you using Linux Bridge or OvS? > > > > > > > > There is a bug report: *Linux bridge does not work with cisco_nexus ml2 > > plugins* > > > > > > > > https://bugs.launchpad.net/networking-cisco/+bug/1421024 > > > > > > > > anthony. > > > > > > > > *From:* Michael Gale [mailto:gale.mich...@gmail.com] > > *Sent:* Tuesday, February 16, 2016 12:42 PM > > *To:* openstack@lists.openstack.org > > *Subject:* [Openstack] Nexus 9K - Nexus: Segment is an invalid type or > > not supported by this driver?? > > > > > > > > Hello, > > > > > > > > I am having issues getting my Liberty environment working with VXLAN > > and N9K. > > > > > > > > Currently I am getting the following errors in the logs on startup: > > > > --snip-- > > > > 2016-02-16 13:18:42.097 595 WARNING > > networking_cisco.plugins.ml2.drivers.cisco.nexus.mech_cisco_nexus > > [req-825a9891-0467-4958-86ca-c98486a7bf52 - - - - -] Nexus: Segment is an > > invalid type or not supported by this driv > > > > er. Network type = vxlan Physical network = None. Event not processed. > > > > --snip-- > > > > > > > > When trying to launch an instance: > > > > --snip-- > > > > ERROR neutron.plugins.ml2.managers > > [req-d15ab080-7aa4-46e5-a5c3-b62a13c5646d d2b4e18cf27d41418845439f5d788523 > > eaa185709c79477fa1e3edfffa4e4c7f - - -] Failed to bind port > > 9b32f0e7-6b5b-4ced-84b7-262ea12e090c on host compute1 > > > > > > > > Nexus: Segment is None, Event not processed > > > > --snip-- > > > > > > > > I am assuming I am missing something in the configuration file however I > > can't figure it out. Any help is greatly appreciated. > > > > > > > > Thanks > > > > Michael > > > > > > > > Here is my ml2_conf.ini > > > > > > > > --snip-- > > > > # ML2 general > > > > [ml2] > > > > type_drivers = flat,vlan,nexus_vxlan,local > > > > tenant_network_types = nexus_vxlan > > > > mechanism_drivers = linuxbridge,l2population,cisco_nexus > > > > extension_drivers = port_security > > > > path_mtu = 0 > > > > segment_mtu = 0 > > > > > > > > > > > > > > > > # ML2 VLAN networks > > > > [ml2_type_vlan] > > > > network_vlan_ranges = physeth1:100:163 > > > > > > > > [ml2_mech_cisco_nexus:10.92.192.45] > > > > infra1_neutron_agents_container-ee5293cb=1/17 > > > > infra1_neutron_server_container-ed083568=1/17 > > > > infra2_neutron_agents_container-65f32f70=1/18 > > > > infra2_neutron_server_container-1e0b996b=1/18 > > > > infra3_neutron_agents_container-2faafbe7=1/19 > > > > infra3_neutron_server_container-9eabc975=1/19 > > > > compute1=1/21 > > > > compute2=1/22 > > > > username=openstack > > > > password=foo123 > > > > ssh_port=22 > > > > physnet=physeth1 > > > > > > > > [ml2_mech_cisco_nexus:10.92.192.46] > > > > infra1_neutron_agents_container-ee5293cb=1/17 > > > > infra1_neutron_server_container-ed083568=1/17 > > > > infra2_neutron_agents_container-65f32f70=1/18 > > > > infra2_neutron_server_container-1e0b996b=1/18 > > > > infra3_neutron_agents_container-2faafbe7=1/19 > > > > infra3_neutron_server_container-9eabc975=1/19 > > > > compute1=1/21 > > > > compute2=1/22 > > > > username=openstack > > > > password=foo123 > > > > ssh_port=22 > > > > physnet=physeth1 > > > > > > > > # ML2 VXLAN networks > > > > [ml2_type_vxlan] > > > > vxlan_group = > > > > vni_ranges = 1:1000 > > > > > > > > [ml2_type_nexus_vxlan] > > > > # Comma-separated list of <vni_min>:<vni_max> tuples enumerating > > > > # ranges of VXLAN VNI IDs that are available for tenant network allocation. > > > > vni_ranges=50000:55000 > > > > > > > > # Multicast groups for the VXLAN interface. When configured, will > > > > # enable sending all broadcast traffic to this multicast group. Comma > > separated > > > > # list of min:max ranges of multicast IP's > > > > # NOTE: must be a valid multicast IP, invalid IP's will be discarded > > > > mcast_ranges=225.1.1.1:225.1.1.2 > > > > > > > > # Security groups > > > > [securitygroup] > > > > enable_security_group = True > > > > enable_ipset = True > > > > > > > > --snip-- > > > > > > > > > > > > and my linuxbridge_agent.ini: > > > > --snip-- > > > > # Linux bridge agent physical interface mappings > > > > [linux_bridge] > > > > > > > > physical_interface_mappings = physeth1:eth11 > > > > > > > > # Linux bridge agent VXLAN networks > > > > [vxlan] > > > > > > > > enable_vxlan = True > > > > vxlan_group = > > > > # VXLAN local tunnel endpoint > > > > local_ip = 10.96.2.141 > > > > l2_population = True > > > > > > > > > > > > # Agent > > > > [agent] > > > > prevent_arp_spoofing = False > > > > > > > > # Security groups > > > > [securitygroup] > > > > firewall_driver = > > neutron.agent.linux.iptables_firewall.IptablesFirewallDriver > > > > enable_security_group = True > > > > > > > > --snip-- > > > > > > > > > > -- > > ?The Man who says he can, and the man who says he can not.. Are both > correct? > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://lists.openstack.org/pipermail/openstack/attachments/20160216/ed5bd571/attachment-0001.html> > > ------------------------------ > > Message: 6 > Date: Tue, 16 Feb 2016 20:41:36 -0200 > From: Martinx - ????? <thiagocmarti...@gmail.com> > To: Georgios Dimitrakakis <gior...@acmac.uoc.gr> > Cc: Openstack <openstack@lists.openstack.org> > Subject: Re: [Openstack] Virtual Firewall Appliance > Message-ID: > <cajsm8j2tizfp5wgk8cffdvxm05pzpeqlktlc0iw_lvgcjip...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > I don't think that you'll be able to do that in IceHouse, neither on Juno. > > Only Kilo and Liberty have a native function to disable the port_security > per port. Without it, OpenStack Neutron (and also Nova Network, I guess) > will not allow the firewall Instance to work correctly. It will not see any > packets that are not destined to it and also, it will not be able to > forward packets, because the Neutron (and Nova Network), will drop the > packets soon as it leaves the firewall Instance. > > I'm not aware of a solution nice for IceHouse... > > On 16 February 2016 at 06:26, Georgios Dimitrakakis <gior...@acmac.uoc.gr> > wrote: > > > Mark and Martinx thank you both for your suggestions. > > > > I had tried to build PFSense in the past but without success. > > > > Indeed my goal is to run the virtual firewall as an instance since I am on > > an older OpenStack version (IceHouse) with nova-networking and therefore I > > cannot have control over the outgoing connections. > > > > Regards, > > > > G. > > > > > > For running it as an Instance? > >> > >> You can try: > >> > >> - PFSense; > >> > >> - Zentyal; > >> > >> However, youll need to make use of the Neutron feature called > >> "port_security_enabled = false" for the vNIC attached to the > >> "internal" subnet (behind the firewall). > >> > >> Just a curiosity, why dont you use the Neutron native firewall that > >> resides on each L3 Router? > >> > >> On 15 February 2016 at 15:56, Georgios Dimitrakakis wrote: > >> > >> Hi! > >>> > >>> Can anyone suggest me of a virtual firewall appliance which is > >>> compatible with OpenStack? > >>> > >>> Best regards, > >>> > >>> G. > >>> > >>> _______________________________________________ > >>> Mailing list: > >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [1] > >>> Post to : openstack@lists.openstack.org [2] > >>> Unsubscribe : > >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [3] > >>> > >> > >> > >> > >> Links: > >> ------ > >> [1] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >> [2] mailto:openstack@lists.openstack.org > >> [3] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >> [4] mailto:gior...@acmac.uoc.gr > >> > > > > _______________________________________________ > > Mailing list: > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > Post to : openstack@lists.openstack.org > > Unsubscribe : > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://lists.openstack.org/pipermail/openstack/attachments/20160216/584d71dd/attachment-0001.html> > > ------------------------------ > > Message: 7 > Date: Tue, 16 Feb 2016 22:43:06 +0000 > From: Anthony T CHOW <anthony.c...@al-enterprise.com> > To: Michael Gale <gale.mich...@gmail.com> > Cc: "openstack@lists.openstack.org" <openstack@lists.openstack.org> > Subject: Re: [Openstack] Nexus 9K - Nexus: Segment is an invalid type > or not supported by this driver?? > Message-ID: > > <he1pr08mb04270adf6a8af33db00201fed6...@he1pr08mb0427.eurprd08.prod.outlook.com> > > Content-Type: text/plain; charset="utf-8" > > Michael, > > I am not a neutron expect but this bug 1433461 does not seem to be a > duplicate of 1421024. > > Bug 1433461 is for port binding while 1421024 is for Nexus switch not > configured at all. > > This is the fix for 1433461: > > @@ -1337,7 +1337,7 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2, > > 1337<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=2b1c4f121e3e8ba1c5eb2ba6661bf6326e1507c5#n1337> > > updated_port = self._make_port_dict(port) > > 1337<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=355ab2f31cf81575c6e1c0899526177711425428#n1337> > > updated_port = self._make_port_dict(port) > > 1338<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=2b1c4f121e3e8ba1c5eb2ba6661bf6326e1507c5#n1338> > > network = self.get_network(context, > > 1338<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=355ab2f31cf81575c6e1c0899526177711425428#n1338> > > network = self.get_network(context, > > 1339<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=2b1c4f121e3e8ba1c5eb2ba6661bf6326e1507c5#n1339> > > original_port['network_id']) > > 1339<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=355ab2f31cf81575c6e1c0899526177711425428#n1339> > > original_port['network_id']) > > 1340<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=2b1c4f121e3e8ba1c5eb2ba6661bf6326e1507c5#n1340> > > levels = db.get_binding_levels(session, port_id, > > 1340<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=355ab2f31cf81575c6e1c0899526177711425428#n1340> > > levels = db.get_binding_levels(session, port.id, > > 1341<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=2b1c4f121e3e8ba1c5eb2ba6661bf6326e1507c5#n1341> > > port.port_binding.host) > > 1341<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=355ab2f31cf81575c6e1c0899526177711425428#n1341> > > port.port_binding.host) > > 1342<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=2b1c4f121e3e8ba1c5eb2ba6661bf6326e1507c5#n1342> > > mech_context = driver_context.PortContext( > > 1342<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=355ab2f31cf81575c6e1c0899526177711425428#n1342> > > mech_context = driver_context.PortContext( > > 1343<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=2b1c4f121e3e8ba1c5eb2ba6661bf6326e1507c5#n1343> > > self, context, updated_port, network, port.port_binding, > > 1343<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=355ab2f31cf81575c6e1c0899526177711425428#n1343> > > self, context, updated_port, network, port.port_binding, > > > It is to correctly passing the port id to db.get_binding_levels and not just > the first 11 characters of the port id. > > I am interested to find out too. > > Anthony. > > From: Michael Gale [mailto:gale.mich...@gmail.com] > Sent: Tuesday, February 16, 2016 12:57 PM > To: Anthony T CHOW > Cc: openstack@lists.openstack.org > Subject: Re: [Openstack] Nexus 9K - Nexus: Segment is an invalid type or not > supported by this driver?? > > Hello, > > I am using Linux Bridge, I did see that bug report however it is marked > as a duplicate of: https://bugs.launchpad.net/neutron/+bug/1433461 which > indicates the issue was fixed in kilo. If I understand the report correctly. > > Michael > > On Tue, Feb 16, 2016 at 1:53 PM, Anthony T CHOW > <anthony.c...@al-enterprise.com<mailto:anthony.c...@al-enterprise.com>> wrote: > Michael, > > Are you using Linux Bridge or OvS? > > There is a bug report: Linux bridge does not work with cisco_nexus ml2 plugins > > https://bugs.launchpad.net/networking-cisco/+bug/1421024 > > anthony. > > From: Michael Gale > [mailto:gale.mich...@gmail.com<mailto:gale.mich...@gmail.com>] > Sent: Tuesday, February 16, 2016 12:42 PM > To: openstack@lists.openstack.org<mailto:openstack@lists.openstack.org> > Subject: [Openstack] Nexus 9K - Nexus: Segment is an invalid type or not > supported by this driver?? > > Hello, > > I am having issues getting my Liberty environment working with VXLAN and > N9K. > > Currently I am getting the following errors in the logs on startup: > --snip-- > 2016-02-16 13:18:42.097 595 WARNING > networking_cisco.plugins.ml2.drivers.cisco.nexus.mech_cisco_nexus > [req-825a9891-0467-4958-86ca-c98486a7bf52 - - - - -] Nexus: Segment is an > invalid type or not supported by this driv > er. Network type = vxlan Physical network = None. Event not processed. > --snip-- > > When trying to launch an instance: > --snip-- > ERROR neutron.plugins.ml2.managers [req-d15ab080-7aa4-46e5-a5c3-b62a13c5646d > d2b4e18cf27d41418845439f5d788523 eaa185709c79477fa1e3edfffa4e4c7f - - -] > Failed to bind port 9b32f0e7-6b5b-4ced-84b7-262ea12e090c on host compute1 > > Nexus: Segment is None, Event not processed > --snip-- > > I am assuming I am missing something in the configuration file however I > can't figure it out. Any help is greatly appreciated. > > Thanks > Michael > > Here is my ml2_conf.ini > > --snip-- > # ML2 general > [ml2] > type_drivers = flat,vlan,nexus_vxlan,local > tenant_network_types = nexus_vxlan > mechanism_drivers = linuxbridge,l2population,cisco_nexus > extension_drivers = port_security > path_mtu = 0 > segment_mtu = 0 > > > > # ML2 VLAN networks > [ml2_type_vlan] > network_vlan_ranges = physeth1:100:163 > > [ml2_mech_cisco_nexus:10.92.192.45] > infra1_neutron_agents_container-ee5293cb=1/17 > infra1_neutron_server_container-ed083568=1/17 > infra2_neutron_agents_container-65f32f70=1/18 > infra2_neutron_server_container-1e0b996b=1/18 > infra3_neutron_agents_container-2faafbe7=1/19 > infra3_neutron_server_container-9eabc975=1/19 > compute1=1/21 > compute2=1/22 > username=openstack > password=foo123 > ssh_port=22 > physnet=physeth1 > > [ml2_mech_cisco_nexus:10.92.192.46] > infra1_neutron_agents_container-ee5293cb=1/17 > infra1_neutron_server_container-ed083568=1/17 > infra2_neutron_agents_container-65f32f70=1/18 > infra2_neutron_server_container-1e0b996b=1/18 > infra3_neutron_agents_container-2faafbe7=1/19 > infra3_neutron_server_container-9eabc975=1/19 > compute1=1/21 > compute2=1/22 > username=openstack > password=foo123 > ssh_port=22 > physnet=physeth1 > > # ML2 VXLAN networks > [ml2_type_vxlan] > vxlan_group = > vni_ranges = 1:1000 > > [ml2_type_nexus_vxlan] > # Comma-separated list of <vni_min>:<vni_max> tuples enumerating > # ranges of VXLAN VNI IDs that are available for tenant network allocation. > vni_ranges=50000:55000 > > # Multicast groups for the VXLAN interface. When configured, will > # enable sending all broadcast traffic to this multicast group. Comma > separated > # list of min:max ranges of multicast IP's > # NOTE: must be a valid multicast IP, invalid IP's will be discarded > mcast_ranges=225.1.1.1:225.1.1.2 > > # Security groups > [securitygroup] > enable_security_group = True > enable_ipset = True > > --snip-- > > > and my linuxbridge_agent.ini: > --snip-- > # Linux bridge agent physical interface mappings > [linux_bridge] > > physical_interface_mappings = physeth1:eth11 > > # Linux bridge agent VXLAN networks > [vxlan] > > enable_vxlan = True > vxlan_group = > # VXLAN local tunnel endpoint > local_ip = 10.96.2.141 > l2_population = True > > > # Agent > [agent] > prevent_arp_spoofing = False > > # Security groups > [securitygroup] > firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver > enable_security_group = True > > --snip-- > > > > > -- > > ?The Man who says he can, and the man who says he can not.. Are both correct? > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://lists.openstack.org/pipermail/openstack/attachments/20160216/f520c0e4/attachment-0001.html> > > ------------------------------ > > Message: 8 > Date: Wed, 17 Feb 2016 10:18:43 +0530 > From: Priyanka <ppn...@cse.iitb.ac.in> > To: OpenStack Mailing List <openstack@lists.openstack.org> > Subject: [Openstack] add an extra external network > Message-ID: <56c3fbab.8060...@cse.iitb.ac.in> > Content-Type: text/plain; charset=utf-8; format=flowed > > Hi, > > I have an multinode openstack juno setup with VXLAN tunneling. I have an > external network ext-net through which I assign floating IPs to the > VMs. I have limited IPs in the external network subnet. I want to assign > an additional external network so that I can assign the IPs from this > new external network to the new VMs that I create. The VMs are attached > to the same internal network demo-net and router demo-router. > > Thanks, > > > Priyanka > > > > ------------------------------ > > Message: 9 > Date: Wed, 17 Feb 2016 01:21:13 -0500 > From: Erik McCormick <emccorm...@cirrusseven.com> > To: Priyanka <ppn...@cse.iitb.ac.in> > Cc: OpenStack Mailing List <openstack@lists.openstack.org> > Subject: Re: [Openstack] add an extra external network > Message-ID: > <cahui5co3817uu8kuxkydgbtuqntvmauyxuwhudydip1vwtp...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Is the additional IP block contiguous with the existing one or at least on > the neighbirhood? > > -Erik > On Feb 17, 2016 12:06 AM, "Priyanka" <ppn...@cse.iitb.ac.in> wrote: > > > Hi, > > > > I have an multinode openstack juno setup with VXLAN tunneling. I have an > > external network ext-net through which I assign floating IPs to the VMs. I > > have limited IPs in the external network subnet. I want to assign an > > additional external network so that I can assign the IPs from this new > > external network to the new VMs that I create. The VMs are attached to the > > same internal network demo-net and router demo-router. > > > > Thanks, > > > > > > Priyanka > > > > _______________________________________________ > > Mailing list: > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > Post to : openstack@lists.openstack.org > > Unsubscribe : > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://lists.openstack.org/pipermail/openstack/attachments/20160217/69a5aace/attachment-0001.html> > > ------------------------------ > > Message: 10 > Date: Wed, 17 Feb 2016 11:02:24 +0000 (UTC) > From: Tomas Vondra <von...@czech-itc.cz> > To: openstack@lists.openstack.org > Subject: Re: [Openstack] Guest networking and magic IP > Message-ID: <loom.20160217t115824-...@post.gmane.org> > Content-Type: text/plain; charset=us-ascii > > Andre Goree <andre@...> writes: > > > I am trying to determine how exactly I can manipulate traffic from a > > _guest's_ NIC using iptables on the _host_. On the host, there is a > > bridged virtual NIC that corresponds to the guest's NIC. That interface > > does not have an IP setup on it on the host, however within the vm > > itself the IP is configured and everything works as expected. > > Hi! > No IP on the interface does not prevent you from using iptables. The kernel > filters any packets it sees. From what I remember from the OpenStack > developers, you can't use iptables with OpenVSwitch, but attaching rules to > a linux brcrl bridge should be perfectly fine. > Tomas > > > > > > > ------------------------------ > > _______________________________________________ > Openstack mailing list > openstack@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > End of Openstack Digest, Vol 32, Issue 18 > *****************************************
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
