<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-text-html" lang="x-unicode"> Thanks Brandon<br>
      <br>
      <div class="moz-cite-prefix">On 05/20/15 22:58, Brandon Logan
        wrote:<br>
      </div>
      <blockquote cite="mid:1432187894561.41638@RACKSPACE.COM"
        type="cite">
        <p>​Just to add a few things,<br>
        </p>
        <p>Barbican is not yet implemented in Octavia, though the code
          is there, we just need to spend a few hours hooking it all up
          and testing it out.<br>
        </p>
        <p><br>
        </p>
        <p>Also, the security groups are used by octavia right now so
          that only the ports on the listener are accessible.  Basically
          if a loadbalancer has listeners on ports 80 and 443, the vip
          ports will only allow traffic on those ports.  It shouldn't
          allow other traffic.<br>
        </p>
      </blockquote>
      That is great to hear. I assume that if we are using security
      groups we will also be able to define rules regarding which
      networks the listeners are allowed to accept traffic from? <br>
      <br>
      Is that assumption correct? <br>
      <blockquote cite="mid:1432187894561.41638@RACKSPACE.COM"
        type="cite">
        <p> </p>
        <p><br>
        </p>
        <p>Thanks,<br>
        </p>
        <p>Brandon<br>
        </p>
        <div style="word-wrap:break-word">
          <hr tabindex="-1" style="display:inline-block; width:98%">
          <div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
              color="#000000" face="Calibri, sans-serif"><b>From:</b>
              Doug Wiegley <a class="moz-txt-link-rfc2396E"
                href="mailto:dougwig@parksidesoftware.com"><dougwig@parksidesoftware.com></a><br>
              <b>Sent:</b> Thursday, May 21, 2015 12:49 AM<br>
              <b>To:</b> <a class="moz-txt-link-abbreviated"
                href="mailto:maishsk+openstack@maishsk.com">maishsk+openstack@maishsk.com</a>;
              OpenStack Development Mailing List (not for usage
              questions); Maish Saidel-Keesing<br>
              <b>Subject:</b> Re: [openstack-dev] [lbaas] [octavia]
              [barbican] Relationship between Octavia and Barbican and
              Octavia 1.0 questions</font>
            <div> </div>
          </div>
          <div>Hi Maish,
            <div class=""><br class="">
            </div>
            <div class="">Thanks for the feedback, some answers below.
               Please also be aware of the lbaas use cases session
              tomorrow at 9am (yuck, I know), <a moz-do-not-send="true"
href="https://etherpad.openstack.org/p/YVR-neutron-lbaas-use-cases"
                class="">https://etherpad.openstack.org/p/YVR-neutron-lbaas-use-cases</a></div>
            <div class=""><br class="">
            </div>
            <div class=""><br class="">
              <div>
                <blockquote type="cite" class="">
                  <div class="">On May 19, 2015, at 12:05 AM, Maish
                    Saidel-Keesing <<a moz-do-not-send="true"
                      href="mailto:maishsk@maishsk.com" class="">maishsk@maishsk.com</a>>

                    wrote:</div>
                  <br class="Apple-interchange-newline">
                  <div class="">
                    <div bgcolor="#FFFFFF" class="">Hello all,<br
                        class="">
                      <br class="">
                      Going over today's presentation "Load Balancing as
                      a Service, Kilo and Beyond"[1] (great
                      presentation!!) - there are a few questions I have
                      regarding the future release:<br class="">
                      <br class="">
                      For Octavia 1.0:<br class="">
                      <br class="">
                      1. Can someone explain to me how the flow would
                      work for spinning up a a new Amphora with regards
                      to interaction between Neutron, LBaaS and
                      Barbican?<br class="">
                      Same question as well regarding how the standby is
                      created and its relationship with Barbican.<br
                        class="">
                    </div>
                  </div>
                </blockquote>
                <div><br class="">
                </div>
                <div>The lbaas API runs inside neutron-server.  The
                  general flow is:</div>
                <div><br class="">
                </div>
                <div>- User interacts with neutron CLI/API or horizon
                  (in liberty), and creates an LB.</div>
                <div>- Lbaas plugin in neutron creates logical models,
                  fetches cert data from barbican, and calls the backend
                  lbaas driver.</div>
                <div>- The backend driver does what it needs to to
                  instantiate the LB. Today this is a synchronous call
                  that waits for the nova boot, but by Liberty, it will
                  likely be an async call to the octavia controller to
                  finish the job.</div>
                <div><br class="">
                </div>
                <div>Once Octavia has control, it is doing:</div>
                <div><br class="">
                </div>
                <div>- Get REST calls for objects,</div>
                <div>- Talk to nova, spin up an amphora image,</div>
                <div>- Talk to neutron, plumb in the networks,</div>
                <div>- Send the amphora its config.</div>
                <br class="">
                <blockquote type="cite" class="">
                  <div class="">
                    <div bgcolor="#FFFFFF" class=""><br class="">
                      2. Will the orchestration (Heat) also be
                      implemented when Octavia 1.0 is released or only
                      further down the line?<br class="">
                      If not what would you suggest be the way to
                      orchestrate LBaaS until this is ready?<br class="">
                    </div>
                  </div>
                </blockquote>
                <div><br class="">
                </div>
                <div>We need to talk to the Heat folks and coordinate
                  this, which we are planning to do soon.</div>
                <br class="">
                <blockquote type="cite" class="">
                  <div class="">
                    <div bgcolor="#FFFFFF" class=""><br class="">
                      3. Is there some kind of hook into Security groups
                      also planned for the Amphora to also protect the
                      Load Balancer?<br class="">
                    </div>
                  </div>
                </blockquote>
                <div><br class="">
                </div>
                <div>Not at present, but I recorded this in the feature
                  list on the etherpad above.</div>
                <br class="">
                <blockquote type="cite" class="">
                  <div class="">
                    <div bgcolor="#FFFFFF" class=""><br class="">
                      I think that based on the answers to these
                      questions above - additional questions will
                      follow.<br class="">
                      <br class="">
                      Thanks<br class="">
                      <br class="">
                      [1] <a moz-do-not-send="true"
                        class="moz-txt-link-freetext"
                        href="https://www.youtube.com/watch?v=-eAKur8lErU">
                        https://www.youtube.com/watch?v=-eAKur8lErU</a><br
                        class="">
                      <div class="moz-signature">-- <br class="">
                        Best Regards,<br class="">
                        Maish Saidel-Keesing</div>
                    </div>
__________________________________________________________________________<br
                      class="">
                    OpenStack Development Mailing List (not for usage
                    questions)<br class="">
                    Unsubscribe: <a moz-do-not-send="true"
                      href="mailto:OpenStack-dev-request@lists.openstack.org"
                      class="">
                      OpenStack-dev-request@lists.openstack.org</a>?subject:unsubscribe<br
                      class="">
                    <a moz-do-not-send="true"
                      href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"
                      class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br
                      class="">
                  </div>
                </blockquote>
              </div>
              <br class="">
            </div>
          </div>
        </div>
      </blockquote>
      <br>
      <div class="moz-signature">-- <br>
        Best Regards,<br>
        Maish Saidel-Keesing</div>
    </div>
  </body>
</html>