<div dir="ltr">Hello!<div><br></div><div>This e-mail is concerning the "<span style="font-family:Cambria,serif;font-size:12.800000190734863px">Multiple load balanced services per floating IP" feature:</span></div>
<div><span style="font-family:Cambria,serif;font-size:12.800000190734863px"><br></span></div><div><span style="font-family:Cambria,serif;font-size:12.800000190734863px">Sam, I think you said:</span></div><div><br></div><div class="gmail_extra">
<br><div class="gmail_quote">On Tue, Feb 11, 2014 at 5:26 AM, Samuel Bercovici <span dir="ltr"><<a href="mailto:SamuelB@radware.com" target="_blank">SamuelB@radware.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p style="margin-right:0in;margin-left:0.5in;margin-bottom:0.0001pt;vertical-align:baseline"><span style="font-size:10pt;font-family:Symbol"><span><br>·<span style="font-style:normal;font-variant:normal;font-weight:normal;font-size:7pt;line-height:normal;font-family:'Times New Roman'">
</span></span></span><u></u><span dir="LTR"></span><span style="font-family:Cambria,serif">Multiple load balanced services per floating IP - You can already multiple VIPs using the same IP address for different services.<u></u><u></u></span></p>
<p style="margin:0in 0in 0.0001pt;vertical-align:baseline"><br></p></div></div></blockquote><div><br></div><div>And Eugene said:</div><div><br></div><div><div class="im" style="font-family:arial,sans-serif;font-size:12.800000190734863px">
<font face="Arial"><span style="line-height:17.25px;white-space:pre-wrap">> </span></font><span style="font-family:Arial;font-style:italic;line-height:17.25px;white-space:pre-wrap">Multiple load balanced services per floating IP</span></div>
<div style="font-family:arial,sans-serif;font-size:12.800000190734863px">That is what blueprint 'multiple vips per pool' is trying to address.</div></div><div style="font-family:arial,sans-serif;font-size:12.800000190734863px">
<br></div><div style="font-family:arial,sans-serif;font-size:12.800000190734863px"><br></div><div style="font-family:arial,sans-serif;font-size:12.800000190734863px">Is this blueprint not yet implemented? When I attempt to create multiple VIPs using the same IP in my test cluster, I get:</div>
<div style="font-family:arial,sans-serif;font-size:12.800000190734863px"><br></div><div><font face="arial, sans-serif">sbalukoff@testbox:~$ neutron lb-vip-create --name test-vip2 --protocol-port 8000 --protocol HTTP --subnet-id a4370142-dc49-4633-9679-ce5366c482f5 --address 10.48.7.7 test-lb2</font><br>
</div><div><font face="arial, sans-serif">Unable to complete operation for network aa370a26-742d-4eb6-a6f3-a8c344c664de. The IP address 10.48.7.7 is in use.</font><br></div><div><font face="arial, sans-serif"><br></font></div>
<div><font face="arial, sans-serif">From that, I gathered there was a uniqueness check on the IP address.</font></div><div><font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif">If this has been implemented previously, could y'all point me at a working example showcasing the CLI or API commands used to create multiple services per floating IP (or just point out to me what I'm doing wrong)?</font></div>
<div><font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif">Regardless of the above: I think splitting the concept of a 'VIP' into 'instance' and 'listener' objects has a couple other benefits as well:</font></div>
<div><font face="arial, sans-serif"><br></font></div><div><ul><li><span style="font-family:arial,sans-serif">You can continue to do a simple uniqueness check on the IP address, as only one instance should have a given IP.<br>
</span><br></li><li><span style="font-family:arial,sans-serif">The 'instance' object can contain a 'tenant_id' attribute, which means that at the model level, we enforce the idea that a given floating IP can only be used by one tenant (which is good, from a security perspective).<br>
</span><br></li><li><span style="font-family:arial,sans-serif">This seems less ambiguous from a terminology perspective. The name 'VIP' in other contexts means 'virtual IP address', which is the same thing as a floating IP, which in other contexts is usually considered to be unique to a subset of devices that share the IP (or pass it between them). It doesn't necessarily have anything to do with layers 4 and above in the OSI model. However, if in the context of Neutron LBaaS, "VIP" has a "protocol-port" attribute, this means it's no longer just a floating IP: It's a floating IP + TCP port (plus other attributes that make sense for a TCP service). This feels like Neutron LBaaS is trying to redefine what a "virtual IP" is, and is in any case going to be confusing for new comers expecting it to be one thing when it's actually another.</span><br>
</li></ul></div><div> Thanks,</div><div>Stephen</div></div><br clear="all"><div><br></div>-- <br><span></span>Stephen Balukoff
<br>Blue Box Group, LLC
<br>(800)613-4305 x807
</div></div>