<div dir="ltr">Hi Brandon,<div><br></div><div>Apologies-- this slipped my mind last week. In any case yes, unless you've already got something in the works, I'd be happy to take this on. But I will need a little direction here: Where do we actually keep the authoritative source for API documentation? Should I just make this a text document that lives in the neutron-specs repository?<br>
<br>Also, I'm assuming we want to start with where we left off on our mailing list / google doc discussion (with changes from the summit, ie. loadbalancer as root) made part of this specification?</div><div><br></div>
<div>Thanks,</div><div>Stephen</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, May 30, 2014 at 4:10 PM, Brandon Logan <span dir="ltr"><<a href="mailto:brandon.logan@rackspace.com" target="_blank">brandon.logan@rackspace.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Stephen,<br>
<br>
Were you still planning on doing the second blueprint that will<br>
implement the new API calls?<br>
<br>
Thanks,<br>
Brandon<br>
<div class=""><br>
On Thu, 2014-05-29 at 22:36 -0700, Bo Lin wrote:<br>
> Hi Brandon and Stephen,<br>
> Really thanks for your responses and i got to know it.<br>
><br>
><br>
> Thanks!<br>
> ---Bo<br>
><br>
</div>> ______________________________________________________________________<br>
<div class="">> From: "Brandon Logan" <<a href="mailto:brandon.logan@RACKSPACE.COM">brandon.logan@RACKSPACE.COM</a>><br>
> To: "OpenStack Development Mailing List (not for usage questions)"<br>
> <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
> Sent: Friday, May 30, 2014 1:17:57 PM<br>
> Subject: Re: [openstack-dev] [Neutron][LBaaS] Unanswered questions in<br>
> object model refactor blueprint<br>
><br>
><br>
> Hi Bo,<br>
> Sorry, I forgot to respond but yes what Stephen said lol :)<br>
><br>
</div>> ______________________________________________________________________<br>
<div><div class="h5">> From: Stephen Balukoff [<a href="mailto:sbalukoff@bluebox.net">sbalukoff@bluebox.net</a>]<br>
> Sent: Thursday, May 29, 2014 10:42 PM<br>
> To: OpenStack Development Mailing List (not for usage questions)<br>
> Subject: Re: [openstack-dev] [Neutron][LBaaS] Unanswered questions in<br>
> object model refactor blueprint<br>
><br>
><br>
><br>
><br>
> Hi Bo--<br>
><br>
><br>
> Haproxy is able to have IPv4 front-ends with IPv6 back-ends (and visa<br>
> versa) because it actually initiates a separate TCP connection between<br>
> the front end client and the back-end server. The front-end thinks<br>
> haproxy is the server, and the back-end thinks haproxy is the client.<br>
> In practice, therefore, its totally possible to have an IPv6 front-end<br>
> and IPv4 back-end with haproxy (for both http and generic TCP service<br>
> types).<br>
><br>
><br>
> I think this is similarly true for vendor appliances that are capable<br>
> of doing IPv6, and are also initiating new TCP connections from the<br>
> appliance to the back-end.<br>
><br>
><br>
> Obviously, the above won't work if your load balancer implementation<br>
> is doing something "transparent" on the network layer like LVM load<br>
> balancing.<br>
><br>
><br>
> Stephen<br>
><br>
><br>
><br>
><br>
> On Wed, May 28, 2014 at 9:14 PM, Bo Lin <<a href="mailto:linb@vmware.com">linb@vmware.com</a>> wrote:<br>
> Hi Brandon,<br>
><br>
> I have one question. If we support LoadBalancer to Listener<br>
> relationship M:N, then one listener with IPV4 service members<br>
> backend may be shared by a loadbalancer instance with IPV6<br>
> forntend. Does it mean we also need to provide IPV6 - IPV4<br>
> port forwarding functions in LBaaS services products? Does<br>
> iptables or most LBaaS services products such as haproxy or so<br>
> on provide such function? Or I am just wrong in some technique<br>
> details on these LBaaS products.<br>
><br>
><br>
> Thanks!<br>
><br>
</div></div>> ______________________________________________________________<br>
<div class="HOEnZb"><div class="h5">> From: "Vijay B" <<a href="mailto:os.vbvs@gmail.com">os.vbvs@gmail.com</a>><br>
><br>
> To: "OpenStack Development Mailing List (not for usage<br>
> questions)" <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
><br>
> Sent: Thursday, May 29, 2014 6:18:42 AM<br>
><br>
> Subject: Re: [openstack-dev] [Neutron][LBaaS] Unanswered<br>
> questions in object model refactor blueprint<br>
><br>
><br>
> Hi Brandon!<br>
><br>
><br>
> Please see inline..<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> On Wed, May 28, 2014 at 12:01 PM, Brandon Logan<br>
> <<a href="mailto:brandon.logan@rackspace.com">brandon.logan@rackspace.com</a>> wrote:<br>
> Hi Vijay,<br>
><br>
> On Tue, 2014-05-27 at 16:27 -0700, Vijay B wrote:<br>
> > Hi Brandon,<br>
> ><br>
> ><br>
> > The current reviews of the schema itself are<br>
> absolutely valid and<br>
> > necessary, and must go on. However, the place of<br>
> implementation of<br>
> > this schema needs to be clarified. Rather than make<br>
> any changes<br>
> > whatsoever to the existing neutron db schema for<br>
> LBaaS, this new db<br>
> > schema outlined needs to be implemented for a<br>
> separate LBaaS core<br>
> > service.<br>
> ><br>
><br>
> Are you suggesting a separate lbaas database from the<br>
> neutron database?<br>
> If not, then I could use some clarification. If so,<br>
> I'd advocate against<br>
> that right now because there's just too many things<br>
> that would need to<br>
> be changed. Later, when LBaaS becomes its own service<br>
> then yeah that<br>
> will need to happen.<br>
><br>
><br>
> v> Ok, so as I understand it, in this scheme, there is no new<br>
> schema or db, there will be a new set of tables resident in<br>
> neutron_db schema itself, alongside legacy lbaas tables. Let's<br>
> consider a rough view of the implementation.<br>
><br>
><br>
> Layer 1 - We'll have a new lbaas v3.0 api in neutron, with the<br>
> current lbaas service plugin having to support it in addition<br>
> to the legacy lbaas extensions that it already supports. We'll<br>
> need to put in new code anyway that will process the v3.0<br>
> lbaas api no matter what our approach is.<br>
> Layer 2 - Management code that will take care of updating the<br>
> db with entities in pending_create, then invoking the right<br>
> provider driver, choosing/scheduling the plugin drivers or the<br>
> agent drivers, invoking them, getting the results, and<br>
> updating the db.<br>
> Layer 3 - The drivers themselves (either plugin drivers (like<br>
> the HAProxy namespace driver/Netscaler) or plugin drivers +<br>
> agent drivers).<br>
><br>
><br>
> While having the new tables sit alongside the legacy tables is<br>
> one way to implement the changes, I don't see how this<br>
> approach leads to a lesser amount of changes overall. Layer 2<br>
> above will be the major place where changes can be<br>
> complicated. Also, it will be confusing to have two sets of<br>
> lbaas tables in the same schema.<br>
><br>
><br>
> I don't want a separate lbaas database under neutron, and<br>
> neither do I want it within neutron. I'm not suggesting that<br>
> we create a db schema alone, I'm saying we must build it with<br>
> the new LBaaS service (just like neutron itself when it got<br>
> created). If we don't do this now, we'll end up reimplementing<br>
> the logic implemented in neutron for the new lbaas v3.0 API<br>
> all over again for the new core LBaaS service. We'd rather do<br>
> it in the new one in one effort.<br>
><br>
><br>
><br>
> I could be missing some constraints that drive taking the<br>
> former approach - please help me understand those - I don't<br>
> want to be discounting any one approach without thorough<br>
> consideration. Right now, it looks to me like this approach is<br>
> being taken only to accommodate the HAProxy namespace driver.<br>
> Really that is the only driver which seems to be very<br>
> intertwined with neutron in the way it uses namespaces.<br>
><br>
><br>
><br>
><br>
> ><br>
> > What we should be providing in neutron is a switch<br>
> (a global conf)<br>
> > that can be set to instruct neutron to do one of two<br>
> things:<br>
> ><br>
> ><br>
> > 1. Use the existing neutron LBaaS API, with the<br>
> backend being the<br>
> > existing neutron LBaaS db schema. This is the status<br>
> quo.<br>
> > 2. Use the existing neutron LBaaS API, with the<br>
> backend being the new<br>
> > LBaaS service. This will invoke calls not to<br>
> neutron's current LBaaS<br>
> > code at all, rather, it will call into a new set of<br>
> proxy "backend"<br>
> > code in neutron that will translate the older LBaaS<br>
> API calls into the<br>
> > newer REST calls serviced by the new LBaaS service,<br>
> which will write<br>
> > down these details accordingly in its new db schema.<br>
> As long as the<br>
> > request and response objects to legacy neutron LBaaS<br>
> calls are<br>
> > preserved as is, there should be no issues. Writing<br>
> unit tests should<br>
> > also be comparatively more straightforward, and old<br>
> functional tests<br>
> > can be retained, and newer ones will not clash with<br>
> legacy code.<br>
> > Legacy code itself will work, having not been<br>
> touched at all. The<br>
> > blueprint for the db schema that you have referenced<br>
> ><br>
> (<a href="https://review.openstack.org/#/c/89903/5/specs/juno/lbaas-api-and-objmodel-improvement.rst" target="_blank">https://review.openstack.org/#/c/89903/5/specs/juno/lbaas-api-and-objmodel-improvement.rst</a>) should be implemented for this new LBaaS service, post reviews.<br>
> ><br>
><br>
> I think the point of this blueprint is to get the API<br>
> and object model<br>
> less confusing for the Neutron LBaaS service plugin.<br>
> I think it's too<br>
> early to create an LBaaS service because we have not<br>
> yet cleaned up the<br>
> tight integration points between Neutron LBaaS and<br>
> LBaaS. Creating a<br>
> new service would require only API interactions<br>
> between Neutron and this<br>
> LBaaS service, which currently is not possible due to<br>
> these tight<br>
> integration points.<br>
><br>
><br>
> v> The tight integration points between LBaaS and neutron that<br>
> I see are:<br>
><br>
><br>
> 1. The usage of namespaces.<br>
> 2. L2 and L3 plumbing within the namespaces and tracking them<br>
> in the neutron and lbaas tables,<br>
> 3. Plugin driver and agent driver scheduling<br>
> framework/mechanism for LB drivers.<br>
> 4. The way drivers directly update the neutron db, which I<br>
> think makes for a lack of clear functional demarcation.<br>
><br>
><br>
> Regardless of how we use the new API and db model, will<br>
> namespaces be used? If they still need to be supported, the<br>
> tight integration isn't going to go anywhere.<br>
><br>
><br>
> This is why I think it will be best to keep the legacy drivers<br>
> within neutron, and not give an option to newer deployments to<br>
> use that concurrently with the new lbaas core service. The<br>
> changes will be lesser this way because we won't touch legacy<br>
> code.<br>
><br>
><br>
><br>
> While I fully understand that we're trying to change the way<br>
> we look at the lbaas deployments, and the db object model is<br>
> an effort towards that, we need to ensure that the execution<br>
> is kept elegant as well. For drivers for lb solutions like f5<br>
> or Netscaler, these pain points can be done away with because<br>
> they do their own network provisioning and we keep track of<br>
> them only to clean up (especially for virtual appliance<br>
> solutions).<br>
><br>
><br>
> It will however mean that we'll have the additional task of<br>
> implementing the new core service before we can use the new db<br>
> object model. I say we should just go for that effort and make<br>
> it happen.<br>
><br>
><br>
><br>
><br>
><br>
><br>
> ><br>
> > The third option would be to turn off neutron LBaaS<br>
> API, and use the<br>
> > new LBaaS core service directly, but for this we can<br>
> simply disable<br>
> > neutron lbaas, and don't need a config parameter in<br>
> neutron.<br>
> ><br>
> ><br>
> > Implementing this db schema within neutron instead<br>
> will be not just<br>
> > complicated, but a huge effort that will go waste in<br>
> future once the<br>
> > new LBaaS service is implemented. Also, migration<br>
> will unnecessarily<br>
> > retain the same steps needed to go from legacy<br>
> neutron LBaaS to the<br>
> > new core LBaaS service in this approach (twice, in<br>
> succession) in case<br>
> > for any reason the version goes from legacy neutron<br>
> LBaaS -> new<br>
> > neutron LBaaS -> new LBaaS core service.<br>
><br>
> I totally agree that this is technical debt, but I<br>
> believe it is the<br>
> best option we have right now since LBaaS needs to<br>
> live in the Neutron<br>
> code and process because of the tight integration<br>
> points. Since this<br>
> object model refactor has been slated for Juno, and<br>
> these tight<br>
> integration points may or may not be cleaned up by<br>
> Juno, staying within<br>
> Neutron seems to be the best option right now.<br>
><br>
><br>
> v> As I described above, I think the tight integration points<br>
> are best kept in legacy code and not carried over to the new<br>
> implementation. The cleanest way to do it would be to clearly<br>
> demarcate neutron related operations (L2/L3) from LBaaS. But I<br>
> am keen to get your views on what the difficult integration<br>
> points are so that I get a better understanding of the<br>
> motivations behind keeping the new tables in neutron.<br>
><br>
><br>
><br>
><br>
> Regards,<br>
> Vijay<br>
><br>
><br>
><br>
><br>
> ><br>
> ><br>
> > Going forward, the legacy neutron LBaaS API can be<br>
> deprecated, and the<br>
> > new API that directly contacts the new LBaaS core<br>
> service can be used.<br>
> ><br>
> ><br>
> > We have discussed the above architecture previously,<br>
> but outside of<br>
> > the ML, and a draft of the blueprint for this new<br>
> LBaaS core service<br>
> > is underway, and is a collation of all the<br>
> discussions among a large<br>
> > number of LBaaS engineers including yourself during<br>
> the summit - I<br>
> > will be posting it for review within a couple of<br>
> days, as planned.<br>
> ><br>
> ><br>
> ><br>
> ><br>
> > Regards,<br>
> > Vijay<br>
> ><br>
> ><br>
> > On Tue, May 27, 2014 at 12:32 PM, Brandon Logan<br>
> > <<a href="mailto:brandon.logan@rackspace.com">brandon.logan@rackspace.com</a>> wrote:<br>
> > Referencing this blueprint:<br>
> ><br>
> <a href="https://review.openstack.org/#/c/89903/5/specs/juno/lbaas-api-and-objmodel-improvement.rst" target="_blank">https://review.openstack.org/#/c/89903/5/specs/juno/lbaas-api-and-objmodel-improvement.rst</a><br>
> ><br>
> > Anyone who has suggestions to possible<br>
> issues or can answer<br>
> > some of<br>
> > these questions please respond.<br>
> ><br>
> ><br>
> > 1. LoadBalancer to Listener relationship M:N<br>
> vs 1:N<br>
> > The main reason we went with the M:N was so<br>
> IPv6 could use the<br>
> > same<br>
> > listener as IPv4. However this can be<br>
> accomplished by the<br>
> > user just<br>
> > creating a second listener and pool with the<br>
> same<br>
> > configuration. This<br>
> > will end up being a bad user experience when<br>
> the listener and<br>
> > pool<br>
> > configuration starts getting complex (adding<br>
> in TLS, health<br>
> > monitors,<br>
> > SNI, etc). A good reason to not do the M:N<br>
> is because the<br>
> > logic on might<br>
> > get complex when dealing with status. I'd<br>
> like to get<br>
> > people's opinions<br>
> > on this on whether we should do M:N or just<br>
> 1:N. Another<br>
> > option, is to<br>
> > just implement 1:N right now and later<br>
> implement the M:N in<br>
> > another<br>
> > blueprint if it is decided that the user<br>
> experience suffers<br>
> > greatly.<br>
> ><br>
> > My opinion: I like the idea of leaving it to<br>
> another blueprint<br>
> > to<br>
> > implement. However, we would need to watch<br>
> out for any major<br>
> > architecture changes in the time itis not<br>
> implemented that<br>
> > could make<br>
> > this more difficult than what it needs to<br>
> be.<br>
> ><br>
> > 2. Pool to Health Monitor relationship 1:N<br>
> vs 1:1<br>
> > Currently, I believe this is 1:N however it<br>
> was suggested to<br>
> > deprecate<br>
> > this in favor of 1:1 by Susanne and Kyle<br>
> agreed. Are there<br>
> > any<br>
> > objections to channging to 1:1?<br>
> ><br>
> > My opinion: I'm for 1:1 as long as there<br>
> aren't any major<br>
> > reasons why<br>
> > there needs to be 1:N.<br>
> ><br>
> > 3. Does the Pool object need a status field<br>
> now that it is a<br>
> > pure<br>
> > logical object?<br>
> ><br>
> > My opinion: I don't think it needs the<br>
> status field. I think<br>
> > the<br>
> > LoadBalancer object may be the only thing<br>
> that needs a status,<br>
> > other<br>
> > than the pool members for health<br>
> monitoring. I might be<br>
> > corrected on<br>
> > this though.<br>
> ><br>
> ><br>
> _______________________________________________<br>
> > OpenStack-dev mailing list<br>
> > <a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
> ><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
> ><br>
> ><br>
> > _______________________________________________<br>
> > OpenStack-dev mailing list<br>
> > <a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
> ><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
><br>
> _______________________________________________<br>
> OpenStack-dev mailing list<br>
> <a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> OpenStack-dev mailing list<br>
> <a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
><br>
> <a href="https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=DYApm8uTUC2lxp%2B0qmdN9UhsdAxGdWaIHf5dr1N1tJE%3D%0A&s=ec3a8e21156d1b946db652fac0dab2e2268340aea37bd8c30adbf52fe2f3e8de" target="_blank">https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=DYApm8uTUC2lxp%2B0qmdN9UhsdAxGdWaIHf5dr1N1tJE%3D%0A&s=ec3a8e21156d1b946db652fac0dab2e2268340aea37bd8c30adbf52fe2f3e8de</a><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> OpenStack-dev mailing list<br>
> <a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
><br>
><br>
><br>
><br>
><br>
> --<br>
> Stephen Balukoff<br>
> Blue Box Group, LLC<br>
> <a href="tel:%28800%29613-4305%20x807" value="+18006134305">(800)613-4305 x807</a><br>
><br>
> _______________________________________________<br>
> OpenStack-dev mailing list<br>
> <a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
> <a href="https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=SPXsODyQQDMdWpsIy6DIIIQT2Ao%2FZRwloVLU6nM0qzw%3D%0A&s=4e8589eef4ccff3b179e9ff7822030cc792a654c8221b4544877949dd949d3e4" target="_blank">https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=SPXsODyQQDMdWpsIy6DIIIQT2Ao%2FZRwloVLU6nM0qzw%3D%0A&s=4e8589eef4ccff3b179e9ff7822030cc792a654c8221b4544877949dd949d3e4</a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> OpenStack-dev mailing list<br>
> <a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br>
_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><span></span>Stephen Balukoff
<br>Blue Box Group, LLC
<br>(800)613-4305 x807
</div>