<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-2022-jp">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:"Calibri Light";
panose-1:2 15 3 2 2 2 4 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
h2
{mso-style-priority:9;
mso-style-link:"Heading 2 Char";
margin-top:2.0pt;
margin-right:0cm;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
line-height:105%;
page-break-after:avoid;
font-size:13.0pt;
font-family:"Calibri Light",sans-serif;
color:#2E74B5;
mso-fareast-language:EN-US;
font-weight:normal;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:SimSun;
mso-fareast-language:ZH-CN;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
span.Heading2Char
{mso-style-name:"Heading 2 Char";
mso-style-priority:9;
mso-style-link:"Heading 2";
font-family:"Calibri Light",sans-serif;
color:#2E74B5;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1770275729;
mso-list-type:hybrid;
mso-list-template-ids:-1485673524 -1557617340 403243011 403243013 403243009 403243011 403243013 403243009 403243011 403243013;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:2017688872;
mso-list-type:hybrid;
mso-list-template-ids:-41512936 67698689 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:18.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:54.0pt;
text-indent:-18.0pt;}
@list l1:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:90.0pt;
text-indent:-9.0pt;}
@list l1:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:126.0pt;
text-indent:-18.0pt;}
@list l1:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:162.0pt;
text-indent:-18.0pt;}
@list l1:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:198.0pt;
text-indent:-9.0pt;}
@list l1:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:234.0pt;
text-indent:-18.0pt;}
@list l1:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:270.0pt;
text-indent:-18.0pt;}
@list l1:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:306.0pt;
text-indent:-9.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hi Liping,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thank you for the feedback!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Do you mean to have disabled security groups as an optional configuration for Kuryr?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Do you have any opinion on the consequences/acceptability of disabling SG?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Gary<o:p></o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"><span style="color:#1F497D"><o:p> </o:p></span></a></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><a name="_____replyseparator"></a><b><span style="mso-fareast-language:ZH-CN">From:</span></b><span style="mso-fareast-language:ZH-CN"> Liping Mao (limao) [mailto:limao@cisco.com]
<br>
<b>Sent:</b> Tuesday, September 13, 2016 12:56 PM<br>
<b>To:</b> OpenStack Development Mailing List (not for usage questions) <openstack-dev@lists.openstack.org><br>
<b>Subject:</b> Re: [openstack-dev] [Kuryr] IPVLAN data path proposal<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Hi Ivan<span style="font-family:SimSun">�$B!$�(B</span><span style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">It sounds cool<span style="font-family:SimSun">�$B!*�(B</span><o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">for security group and allowed address pair<span style="font-family:SimSun">�$B!$�(B</span><o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">Maybe we can disable port-security<span style="font-family:SimSun">�$B!$�(B</span>because all the docker in one vm will share one security group on the vm port. I'm not sure how to use sg for each docker<span style="font-family:SimSun">�$B!$�(B</span>maybe
just disable port-security can be one of the choice. then do not need allowed address pairs in this case. <o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">Regards<span style="font-family:SimSun">�$B!$�(B</span><o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">Lipimg Mao<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<span style="font-family:SimSun">�$B:_�(B</span> 2016<span style="font-family:SimSun">�$BG/�(B</span>9<span style="font-family:SimSun">�$B7n�(B</span>12<span style="font-family:SimSun">�$BF|!$�(B</span>19:31<span style="font-family:SimSun">�$B!$�(B</span>Coughlan, Ivan <<a href="mailto:ivan.coughlan@intel.com">ivan.coughlan@intel.com</a>>
<span style="font-family:SimSun">�$B<LF;!'�(B</span><o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><b>Overview</b><o:p></o:p></p>
<p class="MsoNormal">Kuryr proposes to address the issues of double encapsulation and exposure of containers as neutron entities when containers are running within VMs.<o:p></o:p></p>
<p class="MsoNormal">As an alternative to the vlan-aware-vms and use of ovs within the VM, we propose to:<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">
</span></span><![endif]>Use allowed-address-pairs configuration for the VM neutron port<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">
</span></span><![endif]>Use IPVLAN for wiring the Containers within VM<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">In this way:<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">
</span></span><![endif]>Achieve efficient data path to container within VM<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">
</span></span><![endif]>Better leverage OpenStack EPA(Enhanced Platform Awareness) features to accelerate the data path (more details below)<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">
</span></span><![endif]>Mitigate the risk of vlan-aware-vms not making neutron in time<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">
</span></span><![endif]>Provide a solution that works on existing and previous openstack releases<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">This work should be done in a way permitting the user to optionally select this feature.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<h2><b><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:windowtext">Required Changes</span></b><o:p></o:p></h2>
<p class="MsoNormal">The four main changes we have identified in the current kuryr codebase are as follows:<o:p></o:p></p>
<p class="MsoListParagraphCxSpFirst" style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:18.0pt;mso-add-space:auto;text-indent:-18.0pt;line-height:105%;mso-list:l1 level1 lfo4">
<![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>Introduce an option of enabling �$B!H�(BIPVLAN in VM�$B!I�(B use case. This can be achieved by using a config file option or possibly passing a command line argument. The IPVLAN master interface must also be identified.<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:18.0pt;mso-add-space:auto;text-indent:-18.0pt;line-height:105%;mso-list:l1 level1 lfo4">
<![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>If using �$B!H�(BIPVLAN in VM�$B!I�(B use case, Kuryr should no longer create a new port in Neutron or the associated VEth pairs. Instead, Kuryr will create a new IPVLAN slave interface on top of the VM�$B!G�(Bs master interface and pass this slave
interface to the Container netns.<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:18.0pt;mso-add-space:auto;text-indent:-18.0pt;line-height:105%;mso-list:l1 level1 lfo4">
<![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>If using �$B!H�(BIPVLAN in VM�$B!I�(B use case, the VM�$B!G�(Bs port ID needs to be identified so we can associate the additional IPVLAN addresses with the port. This can be achieved by querying Neutron�$B!G�(Bs show-port function and passing the VMs IP
address.<o:p></o:p></p>
<p class="MsoListParagraphCxSpLast" style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:18.0pt;mso-add-space:auto;text-indent:-18.0pt;line-height:105%;mso-list:l1 level1 lfo4">
<![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>If using �$B!H�(BIPVLAN in VM�$B!I�(B use case, Kuryr should associate the additional IPVLAN addresses with the VMs port. This can be achieved using Neutron�$B!G�(Bs
<span style="font-family:"Courier New"">allowed-address-pairs</span> flag in the <span style="font-family:"Courier New"">
port-update</span> function. We intend to make use of Kuryr�$B!G�(Bs existing IPAM functionality to request these IPs from Neutron.<o:p></o:p></p>
<p class="MsoNormal"><b> </b><o:p></o:p></p>
<p class="MsoNormal"><b>Asks</b><o:p></o:p></p>
<p class="MsoNormal">We wish to discuss the pros and cons.<o:p></o:p></p>
<p class="MsoNormal">For example, containers exposure as proper neutron entities and the utility of neutron�$B!G�(Bs allowed-address-pairs is not yet well understood.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">We also wish to understand if this approach is acceptable for kuryr?<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><b>EPA</b><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#252525;background:white">The Enhanced Platform Awareness initiative is a continuous program to enable fine-tuning of the platform for virtualized network functions.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#252525;background:white">This is done by exposing the processor and platform capabilities through the management and orchestration layers.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#252525;background:white">When a virtual network function is instantiated by an Enhanced Platform Awareness enabled orchestrator, the application requirements can be more efficiently matched with the platform capabilities.</span><o:p></o:p></p>
<p class="MsoNormal"><a href="http://itpeernetwork.intel.com/openstack-kilo-release-is-shaping-up-to-be-a-milestone-for-enhanced-platform-awareness/">http://itpeernetwork.intel.com/openstack-kilo-release-is-shaping-up-to-be-a-milestone-for-enhanced-platform-awareness/</a><o:p></o:p></p>
<p class="MsoNormal"><a href="https://networkbuilders.intel.com/docs/OpenStack_EPA.pdf">https://networkbuilders.intel.com/docs/OpenStack_EPA.pdf</a><o:p></o:p></p>
<p class="MsoNormal"><a href="https://www.brighttalk.com/webcast/12229/181563/epa-features-in-openstack-kilo">https://www.brighttalk.com/webcast/12229/181563/epa-features-in-openstack-kilo</a><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Regards,<o:p></o:p></p>
<p class="MsoNormal">Ivan�$B!D�(B.<o:p></o:p></p>
<p>--------------------------------------------------------------<br>
Intel Research and Development Ireland Limited<br>
Registered in Ireland<br>
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare<br>
Registered Number: 308263<o:p></o:p></p>
<p>This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all
copies.<o:p></o:p></p>
</div>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:SimSun;mso-fareast-language:ZH-CN">__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="mailto:OpenStack-dev-request@lists.openstack.org">OpenStack-dev-request@lists.openstack.org</a>?subject:unsubscribe<br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><o:p></o:p></span></p>
</div>
</blockquote>
</div>
<p>--------------------------------------------------------------<br>
Intel Research and Development Ireland Limited<br>
Registered in Ireland<br>
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare<br>
Registered Number: 308263</p>
<p>This e-mail and any attachments may contain confidential material for the
sole use of the intended recipient(s). Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact the
sender and delete all copies.</p>
<p></p>
</body>
</html>