<div dir="ltr">Hi Gal,<div><br></div><div>Congratulations, eventually you understand what I mean.</div><div><br></div><div>Yes, in bulk. But I don't think that's an enhancement to the API. The bulk operation is more common scenario. It is more useful and covers the single port-mapping scenario.</div><div><br></div><div>By the way, bulk operation may apply to a subnet, a range(IP1 to IP100) or even all the VMs behind a router. Perhaps, we need make a choice between them while I prefer "range". Because it's more flexible and easier to use.</div><div><br></div><div>Many thanks.</div><div>Germy</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 9, 2015 at 3:30 AM, Carl Baldwin <span dir="ltr"><<a href="mailto:carl@ecbaldwin.net" target="_blank">carl@ecbaldwin.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Tue, Sep 1, 2015 at 11:59 PM, Gal Sagie <<a href="mailto:gal.sagie@gmail.com">gal.sagie@gmail.com</a>> wrote:<br>
> Hello All,<br>
><br>
> I have searched and found many past efforts to implement port forwarding in<br>
> Neutron.<br>
<br>
</span>I have heard a few express a desire for this use case a few times in<br>
the past without gaining much traction. Your summary here seems to<br>
show that this continues to come up. I would be interested in seeing<br>
this move forward.<br>
<span class=""><br>
> I have found two incomplete blueprints [1], [2] and an abandoned patch [3].<br>
><br>
> There is even a project in Stackforge [4], [5] that claims<br>
> to implement this, but the L3 parts in it seems older then current master.<br>
<br>
</span>I looked at this stack forge project. It looks like files copied out<br>
of neutron and modified as an alternative to proposing a patch set to<br>
neutron.<br>
<span class=""><br>
> I have recently came across this requirement for various use cases, one of<br>
> them is<br>
> providing feature compliance with Docker port-mapping feature (for Kuryr),<br>
> and saving floating<br>
> IP's space.<br>
<br>
</span>I think both of these could be compelling use cases.<br>
<span class=""><br>
> There has been many discussions in the past that require this feature, so i<br>
> assume<br>
> there is a demand to make this formal, just a small examples [6], [7], [8],<br>
> [9]<br>
><br>
> The idea in a nutshell is to support port forwarding (TCP/UDP ports) on the<br>
> external router<br>
> leg from the public network to internal ports, so user can use one Floating<br>
> IP (the external<br>
> gateway router interface IP) and reach different internal ports depending on<br>
> the port numbers.<br>
> This should happen on the network node (and can also be leveraged for<br>
> security reasons).<br>
<br>
</span>I'm sure someone will ask how this works with DVR. It should be<br>
implemented so that it works with a DVR router but it will be<br>
implemented in the central part of the router. Ideally, DVR and<br>
legacy routers work the same in this regard and a single bit of code<br>
will implement it for both. If this isn't the case, I think that is a<br>
problem with our current code structure.<br>
<span class=""><br>
> I think that the POC implementation in the Stackforge project shows that<br>
> this needs to be<br>
> implemented inside the L3 parts of the current reference implementation, it<br>
> will be hard<br>
> to maintain something like that in an external repository.<br>
> (I also think that the API/DB extensions should be close to the current L3<br>
> reference<br>
> implementation)<br>
<br>
</span>Agreed.<br>
<span class=""><br>
> I would like to renew the efforts on this feature and propose a RFE and a<br>
> spec for this to the<br>
> next release, any comments/ideas/thoughts are welcome.<br>
> And of course if any of the people interested or any of the people that<br>
> worked on this before<br>
> want to join the effort, you are more then welcome to join and comment.<br>
<br>
</span>I have added this to the agenda for the Neutron drivers meeting. When<br>
the team starts to turn its eye toward Mitaka, we'll discuss it.<br>
Hopefully that will be soon as I'm started to think about it already.<br>
<br>
I'd like to see how the API for this will look. I don't think we'll<br>
need more detail that that for now.<br>
<span class="HOEnZb"><font color="#888888"><br>
Carl<br>
</font></span><span class="im HOEnZb"><br>
> [1] <a href="https://blueprints.launchpad.net/neutron/+spec/router-port-forwarding" rel="noreferrer" target="_blank">https://blueprints.launchpad.net/neutron/+spec/router-port-forwarding</a><br>
> [2] <a href="https://blueprints.launchpad.net/neutron/+spec/fip-portforwarding" rel="noreferrer" target="_blank">https://blueprints.launchpad.net/neutron/+spec/fip-portforwarding</a><br>
> [3] <a href="https://review.openstack.org/#/c/60512/" rel="noreferrer" target="_blank">https://review.openstack.org/#/c/60512/</a><br>
> [4] <a href="https://github.com/stackforge/networking-portforwarding" rel="noreferrer" target="_blank">https://github.com/stackforge/networking-portforwarding</a><br>
> [5] <a href="https://review.openstack.org/#/q/port+forwarding,n,z" rel="noreferrer" target="_blank">https://review.openstack.org/#/q/port+forwarding,n,z</a><br>
><br>
> [6]<br>
> <a href="https://ask.openstack.org/en/question/75190/neutron-port-forwarding-qrouter-vms/" rel="noreferrer" target="_blank">https://ask.openstack.org/en/question/75190/neutron-port-forwarding-qrouter-vms/</a><br>
> [7] <a href="http://www.gossamer-threads.com/lists/openstack/dev/34307" rel="noreferrer" target="_blank">http://www.gossamer-threads.com/lists/openstack/dev/34307</a><br>
> [8]<br>
> <a href="http://openstack.10931.n7.nabble.com/Neutron-port-forwarding-for-router-td46639.html" rel="noreferrer" target="_blank">http://openstack.10931.n7.nabble.com/Neutron-port-forwarding-for-router-td46639.html</a><br>
> [9]<br>
> <a href="http://openstack.10931.n7.nabble.com/Neutron-port-forwarding-from-gateway-to-internal-hosts-td32410.html" rel="noreferrer" target="_blank">http://openstack.10931.n7.nabble.com/Neutron-port-forwarding-from-gateway-to-internal-hosts-td32410.html</a><br>
><br>
><br>
<br>
</span><div class="HOEnZb"><div class="h5">__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</div></div></blockquote></div><br></div>