[openstack-dev] [Neutron][LBaaS] Shim vs Agent Refactor
Dustin Lundquist
dustin at null-ptr.net
Thu Jul 10 21:24:06 UTC 2014
Brandon,
One key limitation of such a driver, is it will not work in installations
where the Neutron server is installed across multiple nodes since the
HAProxy network namespace will be created or updated on the node which
received the Neutron API request. This will work for Devstack and testing
and is a good starting place, but is not usable for many deployments.
-Dustin
On Thu, Jul 10, 2014 at 1:37 PM, Brandon Logan <brandon.logan at rackspace.com>
wrote:
> Okay so after talking to Kyle, we've decided to forego creating a new
> version of the agent right away and just creating a new haproxy driver
> based off the namespace_driver, but it does not require the agent. This
> will speed up development and allow for TLS and L7 features to get in with
> a reference implementation. If anyone objects please let me know. I'm
> going to start on this right away.
>
> Thanks,
> Brandon
> ------------------------------
> *From:* Samuel Bercovici [SamuelB at Radware.com]
> *Sent:* Thursday, July 10, 2014 1:26 PM
>
> *To:* OpenStack Development Mailing List (not for usage questions)
> *Subject:* Re: [openstack-dev] [Neutron][LBaaS] Shim vs Agent Refactor
>
> The haproxy reference is dependent on the agent.
>
> Radware’s solution does not use an agent.
>
> I was making sure that solutions such as ours will be possible.
>
>
>
> *From:* Dustin Lundquist [mailto:dustin at null-ptr.net]
> *Sent:* Thursday, July 10, 2014 8:51 PM
> *To:* OpenStack Development Mailing List (not for usage questions)
> *Subject:* Re: [openstack-dev] [Neutron][LBaaS] Shim vs Agent Refactor
>
>
>
> Samuel,
>
>
>
> I've heard this mentioned before, but looking at the code the haproxy
> namespace driver uses the agent driver interface rather the the abstract
> driver interface. Are you sure the HAProxy driver can be used without the
> agent, if so could you explain how?
>
> Thanks,
>
>
>
>
>
> Dustin Lundquist
>
>
>
>
> On Thursday, July 10, 2014, Samuel Bercovici <SamuelB at radware.com> wrote:
>
> New/updated v2 driver could be done without an agent (same as was possible
> in v1).
>
>
>
> *From:* Doug Wiegley [mailto:dougw at a10networks.com
> <http://UrlBlockedError.aspx>]
> *Sent:* Thursday, July 10, 2014 8:06 PM
> *To:* OpenStack Development Mailing List (not for usage questions)
> *Subject:* Re: [openstack-dev] [Neutron][LBaaS] Shim vs Agent Refactor
>
>
>
> Modified slightly, my read on the decision was:
>
> - Create a v2 agent, and make the ref haproxy driver use the v2 agent
> and v2 obj model.
> - At a lower priority, work on a shim for non-agent older drivers.
> This is de-coupled from the haproxy ref driver, and could happen in
> parallel if we had extra resources. This shim will have odd corner cases
> (a second listener on a vip, e.g.), which will chuck errors.
>
> The ref haproxy driver is highest priority, and thus the v2 agent, as
> lbaas v2 goes nowhere without it.
>
>
>
> Doug
>
>
>
>
>
>
>
> *From: *Samuel Bercovici <SamuelB at Radware.com
> <http://UrlBlockedError.aspx>>
> *Reply-To: *"OpenStack Development Mailing List (not for usage
> questions)" <openstack-dev at lists.openstack.org
> <http://UrlBlockedError.aspx>>
> *Date: *Thursday, July 10, 2014 at 10:36 AM
> *To: *"OpenStack Development Mailing List (not for usage questions)" <
> openstack-dev at lists.openstack.org <http://UrlBlockedError.aspx>>
> *Subject: *Re: [openstack-dev] [Neutron][LBaaS] Shim vs Agent Refactor
>
>
>
> This is also my understanding.
>
>
>
>
>
> *From:* Stephen Balukoff [mailto:sbalukoff at bluebox.net
> <http://UrlBlockedError.aspx>]
> *Sent:* Thursday, July 10, 2014 6:30 PM
> *To:* OpenStack Development Mailing List (not for usage questions)
> *Subject:* Re: [openstack-dev] [Neutron][LBaaS] Shim vs Agent Refactor
>
>
>
> Per the IRC discussion this morning, I believe it was decided that we
> would prioritize creating a v2 agent which should run in parallel with the
> v1 agent. Further, for any subsequent driver shim layer, this should happen
> after the v2 agent is functional.
>
>
>
> ... or I may have misunderstood what was decided in the meeting. :) In
> any case, y'all should feel free to correct me here and/or raise other
> concerns we didn't think about, eh!
>
>
>
> Stephen
>
>
>
> On Wed, Jul 9, 2014 at 3:12 PM, Brandon Logan <brandon.logan at rackspace.com
> <http://UrlBlockedError.aspx>> wrote:
>
> Shim will become quite complicated due to the fact we won't be able to
> actually send any load balancer information to the driver until a load
> balancer is linked to a listener, pool, and member. The reason is because
> for a vip to be created it needs attributes from a load balancer and
> listener. A vip also has a required attribute of pool_id in the old API so
> all the old driver are expecting a pool_id. So this means we need a pool
> first. Since the subnet_id has been moved off the pool and onto the pool
> member, we will need to have a pool with at least one member before we can
> send all that information to the driver.
>
> Now once that is done, it will probably get even crazier with updates and
> deletes to each one of those entities.
>
> So should time and effort be spent on the shim, which is temporary and
> eventually thrown away. Or should time be spent on creating a new version
> of the agent and namspace driver based off the new driver interface, which
> will need to be done anyway?
>
> Doing the shim could end up being faster than creating a new version of
> the agent, but since there are going to be a lot of crazy edge cases, I
> question the stability of it and the time it may take for it to become
> stable.
>
> One problem with not doing the shim is the older drivers cannot be used
> with the new API and will have to be updated. To this, I would argue that
> there is no benefit to using the new API with an old driver versus using
> the Old API with the old driver, right now. Once L7 and TLS get in then
> yes there would be.
>
> I'd just like to get people's ideas on this.
>
> Thanks,
> Brandon
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org <http://UrlBlockedError.aspx>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>
>
> --
> Stephen Balukoff
> Blue Box Group, LLC
> (800)613-4305 x807
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140710/c98e3ce2/attachment.html>
More information about the OpenStack-dev
mailing list