<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px"><div dir="ltr" id="yui_3_16_0_1_1422481704824_13387"></div><div style="" class="" id="yui_3_16_0_1_1422481704824_3060"><div id="yui_3_16_0_1_1422481704824_13425">Some follow up questions on this.</div><div id="yui_3_16_0_1_1422481704824_13426"><br></div></div>
<div style="" class="" id="yui_3_16_0_1_1422481704824_2826"><div id="yui_3_16_0_1_1422481704824_13905" dir="ltr">In the specs, i see that during a "create_port", there's provisions to query the external source by "Pluggable IPAM" to return the IP.</div></div>
<div style="" class="" id="yui_3_16_0_1_1422481704824_2822"><div id="yui_3_16_0_1_1422481704824_14476">This works fine
for cases where the external source (say, DHCP server) can be queried
for the IP address when a launch happens.</div><div id="yui_3_16_0_1_1422481704824_14480"><br></div><div id="yui_3_16_0_1_1422481704824_14481" dir="ltr">Is there a
provision to have the flexibility of a "late IP assignment"?</div><div id="yui_3_16_0_1_1422481704824_15620" dir="ltr"><br> </div></div>
<div style="" class="" id="yui_3_16_0_1_1422481704824_3065">I am thinking of cases, like
the temporary unavailability of external IP source or lack of standard
interfaces in which case data packet snooping is used to find the IP address of a
VM after launch. Something similar to late binding of IP addresses.</div>
<div style="" class="" id="yui_3_16_0_1_1422481704824_3066"><div id="yui_3_16_0_1_1422481704824_15621" dir="ltr">This means the create_port may not get the IP address from the pluggable IPAM. In that case, launch of a VM (or create_port) shouldn't fail. The Pluggable IPAM should have some provision to return something equivalent to "unavailable" during create_port and be able to
do an update_port when the IP address becomes available.</div></div>
<div style="" class="" id="yui_3_16_0_1_1422481704824_3067"><br style="" class="" clear="none">
</div>
<div style="" class="" id="yui_3_16_0_1_1422481704824_3068">I don't see that option. Please correct me if I am wrong.</div>
<div style="" class="" id="yui_3_16_0_1_1422481704824_3069"><br style="" class="" clear="none">
</div>
<div style="" class="" id="yui_3_16_0_1_1422481704824_3070">Thanks,</div>
<div style="" class="" id="yui_3_16_0_1_1422481704824_3071">Paddu <br style="" class=""></div> <div id="yui_3_16_0_1_1422481704824_13408" class="qtdSeparateBR"><br><br></div><div id="yui_3_16_0_1_1422481704824_13404" style="display: block;" class="yahoo_quoted"> <div id="yui_3_16_0_1_1422481704824_13403" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 13px;"> <div id="yui_3_16_0_1_1422481704824_13402" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div id="yui_3_16_0_1_1422481704824_13407" dir="ltr"> <font id="yui_3_16_0_1_1422481704824_13406" size="2" face="Arial"> On Thursday, December 18, 2014 7:59 AM, Padmanabhan Krishnan <kprad1@yahoo.com> wrote:<br> </font> </div> <br><br> <div id="yui_3_16_0_1_1422481704824_13401" class="y_msg_container"><div id="yiv6578240926"><div id="yui_3_16_0_1_1422481704824_13400"><div id="yui_3_16_0_1_1422481704824_13399" style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;"><div id="yui_3_16_0_1_1422481704824_13405">Hi John,</div><div dir="ltr" id="yiv6578240926yui_3_16_0_1_1418918247120_3194">Thanks for the pointers. I shall take a look and get back.</div><div dir="ltr" id="yiv6578240926yui_3_16_0_1_1418918247120_3195"><br clear="none"></div><div dir="ltr" id="yiv6578240926yui_3_16_0_1_1418918247120_3196">Regards,</div><div dir="ltr" id="yiv6578240926yui_3_16_0_1_1418918247120_3197">Paddu<br clear="none"></div><div id="yiv6578240926yui_3_16_0_1_1418918247120_3191"><span></span></div> <div id="yui_3_16_0_1_1422481704824_17335" class="yiv6578240926qtdSeparateBR"><br clear="none"><br clear="none"></div><div class="yiv6578240926yqt9653174525" id="yiv6578240926yqt58175"><div id="yui_3_16_0_1_1422481704824_17339" class="yiv6578240926yahoo_quoted" style="display:block;"> <div id="yui_3_16_0_1_1422481704824_17338" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;"> <div id="yui_3_16_0_1_1422481704824_17337" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;"> <div id="yui_3_16_0_1_1422481704824_17336" dir="ltr"> <font id="yui_3_16_0_1_1422481704824_17340" size="2" face="Arial"> On Thursday, December 18, 2014 6:23 AM, John Belamaric <jbelamaric@infoblox.com> wrote:<br clear="none"> </font> </div> <br clear="none"><br clear="none"> <div class="yiv6578240926y_msg_container"><div id="yiv6578240926"><div>
<div>Hi Paddu,</div>
<div><br clear="none">
</div>
<div>Take a look at what we are working on in Kilo [1] for external IPAM. While this does not address DHCP specifically, it does allow you to use an external source to allocate the IP that OpenStack uses, which may solve your problem.</div>
<div><br clear="none">
</div>
<div>Another solution to your question is to invert the logic - you need to take the IP allocated by OpenStack and program the DHCP server to provide a fixed IP for that MAC.</div>
<div><br clear="none">
</div>
<div>You may be interested in looking at this Etherpad [2] that Don Kehn put together gathering all the various DHCP blueprints and related info, and also at this BP [3] for including a DHCP relay so we can utilize external DHCP more easily.</div>
<div><br clear="none">
</div>
<div>
<div>[1] https://blueprints.launchpad.net/neutron/+spec/neutron-ipam</div>
</div>
<div>[2] https://etherpad.openstack.org/p/neutron-dhcp-org</div>
<div>[3] https://blueprints.launchpad.net/neutron/+spec/dhcp-relay</div>
<div><br clear="none">
</div>
<div>John</div>
<div><br clear="none">
</div>
<span id="yiv6578240926OLK_SRC_BODY_SECTION">
</span><div class="yiv6578240926yqt2352854655" id="yiv6578240926yqt41372"><div style="font-family:Calibri;font-size:11pt;text-align:left;color:black;BORDER-BOTTOM:medium none;BORDER-LEFT:medium none;PADDING-BOTTOM:0in;PADDING-LEFT:0in;PADDING-RIGHT:0in;BORDER-TOP:#b5c4df 1pt solid;BORDER-RIGHT:medium none;PADDING-TOP:3pt;">
<span style="font-weight:bold;">From: </span>Padmanabhan Krishnan <<a rel="nofollow" shape="rect" ymailto="mailto:kprad1@yahoo.com" target="_blank" href="mailto:kprad1@yahoo.com">kprad1@yahoo.com</a>><br clear="none">
<span style="font-weight:bold;">Reply-To: </span>Padmanabhan Krishnan <<a rel="nofollow" shape="rect" ymailto="mailto:kprad1@yahoo.com" target="_blank" href="mailto:kprad1@yahoo.com">kprad1@yahoo.com</a>>, "OpenStack Development Mailing List (not for usage questions)" <<a rel="nofollow" shape="rect" ymailto="mailto:openstack-dev@lists.openstack.org" target="_blank" href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br clear="none">
<span style="font-weight:bold;">Date: </span>Wednesday, December 17, 2014 at 6:06 PM<br clear="none">
<span style="font-weight:bold;">To: </span>"<a rel="nofollow" shape="rect" ymailto="mailto:openstack-dev@lists.openstack.org" target="_blank" href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>" <<a rel="nofollow" shape="rect" ymailto="mailto:openstack-dev@lists.openstack.org" target="_blank" href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br clear="none">
<span style="font-weight:bold;">Subject: </span>Re: [openstack-dev] [Neutron] fixed ip info shown for port even when dhcp is disabled<br clear="none">
</div>
<div><br clear="none">
</div>
<div>
<div>
<div style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
<div dir="ltr" id="yiv6578240926yui_3_16_0_1_1418831515084_16619"><span id="yiv6578240926yui_3_16_0_1_1418831515084_16807">This means whatever tools the operators are using, it need to make sure the IP address assigned inside the VM matches with Openstack has assigned to the port.</span></div>
<div dir="ltr" id="yiv6578240926yui_3_16_0_1_1418831515084_17767"><span id="yiv6578240926yui_3_16_0_1_1418831515084_16807">Bringing the question that i had in another thread on the same topic:</span></div>
<div dir="ltr" id="yiv6578240926yui_3_16_0_1_1418831515084_17111"><br clear="none">
<span id="yiv6578240926yui_3_16_0_1_1418831515084_16807"></span></div>
<div dir="ltr" id="yiv6578240926yui_3_16_0_1_1418831515084_17422"><span id="yiv6578240926yui_3_16_0_1_1418831515084_16807">If one wants to use the provider DHCP server and not have Openstack's DHCP or L3 agent/DVR, it may not be possible to do so even with DHCP disabled in Openstack
network. Even if the provider DHCP server is configured with the same start/end range in the same subnet, there's no guarantee that it will match with Openstack assigned IP address for bulk VM launches or when there's a failure case.</span></div>
<div dir="ltr" id="yiv6578240926yui_3_16_0_1_1418831515084_19867"><span id="yiv6578240926yui_3_16_0_1_1418831515084_16807">So, how does one deploy external DHCP with Openstack?</span></div>
<div dir="ltr" id="yiv6578240926yui_3_16_0_1_1418831515084_20505"><span id="yiv6578240926yui_3_16_0_1_1418831515084_16807"><br clear="none">
</span></div>
<div dir="ltr" id="yiv6578240926yui_3_16_0_1_1418831515084_18704"><span id="yiv6578240926yui_3_16_0_1_1418831515084_16807">If Openstack hasn't assigned a IP address when DHCP is disabled for a network, can't port_update be done with the provider DHCP specified IP address to put the
anti-spoofing and security rules?</span></div>
<div dir="ltr" id="yiv6578240926yui_3_16_0_1_1418831515084_20507"><span id="yiv6578240926yui_3_16_0_1_1418831515084_16807"></span></div>
<div dir="ltr" id="yiv6578240926yui_3_16_0_1_1418831515084_20509">With Openstack assigned IP address, port_update cannot be done since IP address aren't in sync and can overlap.</div>
<div dir="ltr" id="yiv6578240926yui_3_16_0_1_1418831515084_21990"><br clear="none">
</div>
<div dir="ltr" id="yiv6578240926yui_3_16_0_1_1418831515084_20511">Thanks,</div>
<div dir="ltr" id="yiv6578240926yui_3_16_0_1_1418831515084_20513">Paddu<br clear="none">
</div>
<div class="yiv6578240926qtdSeparateBR"><br clear="none">
<br clear="none">
</div>
<div class="yiv6578240926yahoo_quoted" id="yiv6578240926yui_3_16_0_1_1418831515084_16632" style="display:block;">
<div id="yiv6578240926yui_3_16_0_1_1418831515084_16631" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;">
<div id="yiv6578240926yui_3_16_0_1_1418831515084_16630" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;">
<div class="yiv6578240926y_msg_container" id="yiv6578240926yui_3_16_0_1_1418831515084_16629"><br clear="none">
On 12/16/14 4:30 AM, "Pasquale Porreca" <<a rel="nofollow" shape="rect" id="yiv6578240926yui_3_16_0_1_1418831515084_17761" ymailto="mailto:pasquale.porreca@dektech.com.au" target="_blank" href="mailto:pasquale.porreca@dektech.com.au">pasquale.porreca@dektech.com.au</a>><br clear="none">
wrote:<br clear="none">
<br clear="none">
>I understood and I agree that assigning the ip address to the port is<br clear="none">
>not a bug, however showing it to the user, at least in Horizon dashboard<br clear="none">
>where it pops up in the main instance screen without a specific search,<br clear="none">
>can be very confusing.<br clear="none">
><br clear="none">
>On 12/16/14 12:25, Salvatore Orlando wrote:<br clear="none">
>> In Neutron IP address management and distribution are separated<br clear="none">
>>concepts.<br clear="none">
>> IP addresses are assigned to ports even when DHCP is disabled. That IP<br clear="none">
>> address is indeed used to configure anti-spoofing rules and security<br clear="none">
>>groups.<br clear="none">
>> <br clear="none">
>> It is however understandable that one wonders why an IP address is<br clear="none">
>>assigned<br clear="none">
>> to a port if there is no DHCP server to communicate that address.<br clear="none">
>>Operators<br clear="none">
>> might decide to use different tools to ensure the IP address is then<br clear="none">
>> assigned to the instance's ports. On XenServer for instance one could<br clear="none">
>>use a<br clear="none">
>> guest agent reading network configuration from XenStore; as another<br clear="none">
>> example, older versions of Openstack used to inject network<br clear="none">
>>configuration<br clear="none">
>> into the instance file system; I reckon that today's configdrive might<br clear="none">
>>also<br clear="none">
>> be used to configure instance's networking.<br clear="none">
>> <br clear="none">
>> Summarising I don't think this is a bug. Nevertheless if you have any<br clear="none">
>>idea<br clear="none">
>> regarding improvements on the API UX feel free to file a bug report.<br clear="none">
>> <br clear="none">
>> Salvatore<br clear="none">
>> <br clear="none">
>> On 16 December 2014 at 10:41, Pasquale Porreca <<br clear="none">
>> <a rel="nofollow" shape="rect" ymailto="mailto:pasquale.porreca@dektech.com.au" target="_blank" href="mailto:pasquale.porreca@dektech.com.au">
pasquale.porreca@dektech.com.au</a>> wrote:<br clear="none">
>>><br clear="none">
>>> Is there a specific reason for which a fixed ip is bound to a port on a<br clear="none">
>>> subnet where dhcp is disabled? it is confusing to have this info shown<br clear="none">
>>> when the instance doesn't have actually an ip on that port.<br clear="none">
>>> Should I fill a bug report, or is this a wanted behavior?<br clear="none">
>>><br clear="none">
>>> --<br clear="none">
>>> Pasquale Porreca<br clear="none">
>>><br clear="none">
>>> DEK Technologies<br clear="none">
>>> Via dei Castelli Romani, 22<br clear="none">
>>> 00040 Pomezia (Roma)<br clear="none">
>>><br clear="none">
>>> Mobile +39 3394823805<br clear="none">
>>> Skype paskporr<br clear="none">
>>><br clear="none">
>>> _______________________________________________<br clear="none">
>>> OpenStack-dev mailing list<br clear="none">
>>> <a rel="nofollow" shape="rect" ymailto="mailto:OpenStack-dev@lists.openstack.org" target="_blank" href="mailto:OpenStack-dev@lists.openstack.org">
OpenStack-dev@lists.openstack.org</a><br clear="none">
>>> <a rel="nofollow" shape="rect" target="_blank" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br clear="none">
>>><br clear="none">
>> <br clear="none">
>> <br clear="none">
>> <br clear="none">
>> _______________________________________________<br clear="none">
>> OpenStack-dev mailing list<br clear="none">
>> <a rel="nofollow" shape="rect" ymailto="mailto:OpenStack-dev@lists.openstack.org" target="_blank" href="mailto:OpenStack-dev@lists.openstack.org">
OpenStack-dev@lists.openstack.org</a><br clear="none">
>> <a rel="nofollow" shape="rect" target="_blank" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br clear="none">
>> <br clear="none">
><br clear="none">
>-- <br clear="none">
>Pasquale Porreca<br clear="none">
><br clear="none">
>DEK Technologies<br clear="none">
>Via dei Castelli Romani, 22<br clear="none">
>00040 Pomezia (Roma)<br clear="none">
><br clear="none">
>Mobile +39 3394823805<br clear="none">
>Skype paskporr<br clear="none">
><br clear="none">
>_______________________________________________<br clear="none">
>OpenStack-dev mailing list<br clear="none">
><a rel="nofollow" shape="rect" ymailto="mailto:OpenStack-dev@lists.openstack.org" target="_blank" href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br clear="none">
><a rel="nofollow" shape="rect" target="_blank" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br clear="none">
<br clear="none">
<br clear="none">
</div>
</div>
</div>
</div>
</div>
</div>
</div></div>
</div></div><br clear="none"><br clear="none"></div> </div> </div> </div></div> </div></div></div><br><br></div> </div> </div> </div> </div></body></html>