People need high performance but also xaaS integrated, slow and free but
also packet logged. And lots of back-ends have multiple characters.
According to the example described in this thread, those characters really
should be modeled as different flavors.
Indeed, I think people just want to know wh
Hi,
Under current FWaaS architecture or framework, only integrating hardware
firewall is not easy. That requires neutron support service level multiple
vendors. In another word, vendors must fit each other for their services
while currently vendors just provides all services through controller.
I
I don't know if this would make more sense. Let's assume that
we add arbitrary blobs(ABs) to IPAM even every neutron object. What
would happen? People can do anything via those APIs. Any new
attribute even the whole model could be passed through those
so-called ABs. Except the architecture issues,
Hi stackers,
I plan to test the https functionality of lbaas. Can anyone paste some
guide hyperlink about installation, deployment and operation?
Thank you.
Germy
.
__
OpenStack Development Mailing List (not for usage questio
uery all the
> mechanism drivers.
>
> Anyway, If this is something you'd like to see implemented (regardless of
> whether my analysis matches your use case) you should considering filing a
> RFE bug so that it will be considered during the drivers meetings.
>
> Salvatore
&g
:
>>
>>> You can have a periodic task that asks your backend if it needs sync
>>> info.
>>> Another option is to define a vendor-specific extension that makes it
>>> easy to retrieve all info in one call via the HTTP API.
>>>
>>> On Sat,
Hi Salvatore,
Thank you so much.
I think I see your points now. Next step, I will have a try to check it.
Many thanks.
Germy
.
On Mon, Oct 12, 2015 at 11:11 PM, Salvatore Orlando
wrote:
> Inline,
> Salvatore
>
> On 12 October 2015 at 10:23, Germy Lure wrote:
>
>> Thank
a callbacks on the Neutron side because the Havana version
> wasn't expecting them.
>
> I've tried out many N+1 combinations (e.g. Icehouse + Juno, Juno + Kilo)
> but I haven't tried a gap that big.
>
> Cheers,
> Kevin Benton
>
> On Sat, Oct 10, 2015 at 1:
You can have a periodic task that asks your backend if it needs sync info.
> Another option is to define a vendor-specific extension that makes it easy
> to retrieve all info in one call via the HTTP API.
>
> On Sat, Oct 10, 2015 at 2:24 AM, Germy Lure wrote:
>
>> Hi all,
>&g
Hi all,
After restarting, Agents load data from Neutron via RPC. What about 3-rd
controller? They only can re-gather data via NBI. Right?
Is it possible to provide some mechanism for those controllers and agents
to sync data? or something else I missed?
Thanks
Germy
_
Hi all,
As you know, openstack projects are developed separately. And
theoretically, people can create networks with Neutron in Kilo version for
Nova in Havana version.
Did Anyone tried it?
Do we have some pages to show what combination can work together?
Thanks.
Germy
.
Hi Gal,
Congratulations, eventually you understand what I mean.
Yes, in bulk. But I don't think that's an enhancement to the API. The bulk
operation is more common scenario. It is more useful and covers the single
port-mapping scenario.
By the way, bulk operation may apply to a subnet, a range(I
ep in mind that we didnt yet discuss full API details but its
> going to be something like that (at least the way i see it)
>
> Hope thats explains it.
>
> Gal.
>
> On Mon, Sep 7, 2015 at 5:21 AM, Germy Lure wrote:
>
>> Hi Gal,
>>
>> I'm sorry for
ces.
In a word, I think the "inside_addr" should be "subnet" or "host".
Hope this is clear enough.
Germy
On Sun, Sep 6, 2015 at 1:05 PM, Gal Sagie wrote:
> Hi Germy,
>
> I am not sure i understand what you mean, can you please explain it
> further?
>
&g
Hi, Gal
Thank you for bringing this up. But I have some suggestions for the API.
An operator or some other component wants to reach several VMs related NOT
only one or one by one. Here, RELATED means that the VMs are in one subnet
or network or a host(similar to reaching dockers on a host).
Via
+1
common.config should be global and general while agent.config should be
local and related to the special back-end.
Maybe, we can add different prefix to the same option.
Germy
On Mon, Aug 31, 2015 at 11:13 PM, Kevin Benton wrote:
> neutron.common.config should have general DHCP options that
Hi,
It's Interesting! I have three points for you here.
a.Support packet tracking which show the path of a packet traveled on the
host, even on the source/destination host.
b.Given a communication type and packet characteristic to find out the
fault point. For example, if you want VM1 talk with VM
Hi Cao,
I have reviewed the specification linked above. Thank you for introducing
such an interesting and important feature. But as I commented inline, I
think it still need some further work to do. Such as how to get those logs
stored? To admin and tenant, I think it's different.
And performance
Hi all,
I have two points.
a. For the problem in this thread, my suggestion is to introduce new
concepts to replace the existing firewall and SG.
Perhaps you have found the overlap between firewall and SG. It's trouble
for user to select.
So the new concepts are edge-firewall for N/S traffic and D
Hi,
Maybe I missed some key points. But why we introduced vpn-endpoint groups
here?
"ipsec-site-connection" for IPSec VPN only, "gre-connection" for GRE VPN
only, and "mpls-connection" for MPLS VPN only. You see, different
connections for different vpn types. Indeed, We can't reuse connection API
Hi all,
I think we just power the scheduler API to be able to add and remove
candidates is enough.
As mentioned this thread, the agent just doesn't receive new request but
still keep old service alive.
So, just stop schedule new request to it. Direct and simple.
Hope my expression is clear enough
gt;
>>>
>>>
>>> Hi,
>>>
>>>
>>>
>>> I also agree, IMHO we need flow synchronization method so we can avoid
>>> network downtime and stray flows.
>>>
>>>
>>>
>>> Regards,
>>>
>>
of it, AT should be separated from
Router, at least SNAT. IMHO it's better to provide a unified service
including all kinds of AT, such as FIP, SNAT and DNAT.
BR,
Germy
On Fri, Nov 7, 2014 at 2:42 PM, Germy Lure wrote:
> Hi Akilesh,
> Thanks for your response. I have some comments
le attribute extension can solve part
>> problem, no need to separate it at this time. For example, add a snat-ip
>> field in the route, like fip.
>>
>> However if multiple snat ip is needed, and control which tenant ip is
>> served by each snat ip, separate plugin may
on L3. From this point, L2 is the core of network
service and L3 is the core of other advanced services. ML3 is coming.
Besides, It's strange that L3's API contains a field called "snat_enable".
Isn't it?
BR,
Germy
On Wed, Nov 5, 2014 at 5:37 PM, Akilesh K wrote:
>
ard; we might add a startup flag to reset all flows and
> not reset them by default.
> While I agree the "flow synchronisation" process proposed in the previous
> post is valuable too, I hope we might be able to fix this with a simpler
> approach.
>
> Salvat
Hi,
Address Translation(FIP, snat and dnat) looks like an advanced service. Why
it is integrated into L3 router? Actually, this is not how it's done in
practice. They are usually provided by Firewall device but not router.
What's the design concept?
Thanks&Regards,
Germy
Hi,
Consider the triggering of restart agent, I think it's nothing but:
1). only restart agent
2). reboot the host that agent deployed on
When the agent started, the ovs may:
a.have all correct flows
b.have nothing at all
c.have partly correct flows, the others may need to be reprogrammed,
delete
Hi,
masoom:
I think firstly you can just check that if you could ping from left to
right without installing VPN connection.
If it worked, then you should cat the system logs to confirm the
configure's OK.
You can ping and tcpdump to dialog where packets are blocked.
stackers:
I think we should gi
Hi, Xu Han,
Can we distinguish version by parsing the opt_value? Is there any service
binding v4 address but providing service for v6? or v6 for v4?
BTW, Why not the format is directly opt_name_value:opt_value_value, like "
server-ip-address":"1.1.1.1"?
BR,
Germy
On Fri, Sep 26, 2014 at 2:39 PM
Hi stackers,
I have an idea about service provider framework. Anyone interested in this
topic can give me some suggestions.
My idea is that providers report their services capability dynamically not
configured in neutron.conf. See details by the link below.
https://docs.google.com/presentation/d/
Hi Trinath,
I think the vendor company has many experts to review their codes. They can
do it well.
But I still have some comments inline.
Germy
On Thu, Sep 18, 2014 at 1:42 PM, trinath.soman...@freescale.com <
trinath.soman...@freescale.com> wrote:
> Though Code reviews for vendor code takes
Yes, it's really important.
I have some more comments inline, but unless growing another monster thread
I'd rather start a different, cross-project discussion (which will
hopefully not become just a cross-project monster thread!)
Salvatore
On 15 September 2014 08:29, Germy Lure wro
s standard examples for those new cores and
vendors.
U are right, "A separate repo won't have an impact on what is packaged and
released". The open source can stays in the core repo or a different one.
In any case, we need them there for referencing and version releasing.
Any vendo
but without the open source drivers being separated as well, it's
> very difficult for the framework for external drivers to be stable enough
> to be useful.
>
Architecture and API. The community should ensure core and API stable
enough and high quality. Vendors for external drivers.
W
better model for 3rd party driver developers to follow
> and would enforce a stable internal API in the Neutron core.
>
The community should and just need focus on the Neutron core and provide
framework for vendors' devices. Vendors just need adapt Neutron API and
focus on their codes&#x
Hi stackers,
According to my statistics(J2), the LOC of vendors' plugin and driver is
about 102K, while the whole under neutron is 220K.
That is to say the community has paid and is paying over 46% energy to
maintain vendors' code. If we take mails, bugs,
BPs and so on into consideration, this pe
Hi Stackers,
Network TOPO like this: VM1(net1)--Router1---IPSec VPN
tunnel---Router2--VM2(net2)
If left and right side deploy on different OpenStack environments, it works
well. But in the same environment, Router1 and Router2 are namespace
implement in the same network node. I cannot ping
38 matches
Mail list logo
