<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Courier;
panose-1:2 7 4 9 2 2 5 2 4 4;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.line
{mso-style-name:line;}
span.string
{mso-style-name:string;}
span.number
{mso-style-name:number;}
span.consword
{mso-style-name:consword;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle25
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hi Youcef,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">How does HTTPS differ from TCP with port 443? Normally when I see HTTPS I think connection termination .<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Each LBaaS offering may differ in its capabilities hence I think they need to be advertised as a resource or schema. Without this, a client has to do trial and error to find out what is supported which is not
very good. IMO, resources would be the easiest.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Peter.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Youcef Laribi [mailto:Youcef.Laribi@eu.citrix.com]
<br>
<b>Sent:</b> Friday, November 09, 2012 3:12 PM<br>
<b>To:</b> OpenStack Development Mailing List<br>
<b>Subject:</b> Re: [openstack-dev] Quantum LBaaS API HTTPS support<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Hi Peter,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">The “HTTPS” protocol described is end-to-end, the load balancer is not doing any SSL-offload here. So there still no need for cert management as we agreed in San Diego.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">On adding “GET /protocols” , “GET /lb_methods” and “GET /algorithms” APIs, they were in the spec in the initial version
</span><span style="font-family:Wingdings;color:#1F497D">J</span><span style="color:#1F497D"> I removed them after I revised the spec to include feedback, because to be complete we would also need to list the session persistence modes supported, the types of
health monitors supported, etc. Where would we stop? I felt that is what the spec doc is for: to specify what the core API supports. If extensions support additional protocols, algorithms, session persistence modes, new type of health monitors, etc. then they
would need to document these. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">This goes back to your initial point about a schema for the API. How do I discover the extensions supported by an API without reading some doc. I feel the solution is not to add calls like /protocols to compensate
for the lack of schemas. I don’t know how other OpenStack APIs deal with this.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Youcef<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Mellquist, Peter [mailto:peter.mellquist@hp.com]
<br>
<b>Sent:</b> Friday, November 09, 2012 2:51 PM<br>
<b>To:</b> OpenStack Development Mailing List<br>
<b>Subject:</b> [openstack-dev] Quantum LBaaS API HTTPS support<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">In the current LBaaS API spec, <a href="http://wiki.openstack.org/Quantum/LBaaS/API_1.0">
http://wiki.openstack.org/Quantum/LBaaS/API_1.0</a>, I noticed that there are examples of vips with HTTPS specified as the protocol.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="line-height:9.0pt;background:#F3F5F7"><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">{<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.0pt;background:#F3F5F7"><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"vips"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">:[<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.0pt;background:#F3F5F7"><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black"> {<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.0pt;background:#F3F5F7"><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"id"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">:
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"02b1fef7-16f5-4917-bf19-c40a9af805ed"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">,<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.0pt;background:#F3F5F7"><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"tenant_id"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">:
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"310df60f-2a10-4ee5-9554-98393092194c"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">,<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.0pt;background:#F3F5F7"><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"name"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">:
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"web_vip"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">,<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.0pt;background:#F3F5F7"><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"network_id"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">:
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"96a4386a-f8c3-42ed-afce-d7954eee77b3"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">,<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.0pt;background:#F3F5F7"><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"address"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black"> :
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"10.30.176.47"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">,<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.0pt;background:#F3F5F7"><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"protocol"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">:
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"HTTPS"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">,<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.0pt;background:#F3F5F7"><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"port"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">:
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#0080C0">443</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">,<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.0pt;background:#F3F5F7"><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"pool_id"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black"> :
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"cfc6589d-f949-4c66-99d2-c2da56ef3764"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">,<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.0pt;background:#F3F5F7"><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"session_persistence"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black"> : {</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"type"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">:</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"APP_COOKIE"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">,
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"cookie_name"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">:</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"jsessionid"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">},<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.0pt;background:#F3F5F7"><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"admin_state_up"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">:
</span><b><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:teal">true</span></b><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">,<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.0pt;background:#F3F5F7"><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"status"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">:
</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:#004080">"PENDING_CREATE"</span><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.0pt;background:#F3F5F7"><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black"> }<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.0pt;background:#F3F5F7"><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black"> ]<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.0pt;background:#F3F5F7"><span lang="EN" style="font-size:7.0pt;font-family:Courier;color:black">}<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Is the plan to add certificate management APIs to support this? In San Diego, I recall hearing we would only go after HTTP and TCP to begin with and hold on HTTPS and cert mgmt but perhaps this is no longer the case ?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">What about adding a /protocols resource to advertise all supported protocols ( HTTP, TCP, etc )? This would help tenants to see what is supported and only use these in the vip creation. To think of it, /lb_methods ( a.k.a. /algorithms
) would also make sense.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Peter.<o:p></o:p></p>
</div>
</body>
</html>