[openstack-dev] [Neutron][LBaaS] Shim vs Agent Refactor
Brandon Logan
brandon.logan at RACKSPACE.COM
Fri Jul 11 01:44:17 UTC 2014
Dustin,
Oh I understand that, but this is just an easy way to get a reference implementation in that can be used for testing newer features such as TLS and L7. Like I said before, sorry I keep course correcting on this but it's a very fluid process when there are so many unknowns.
Thanks,
Brandon
________________________________
From: Dustin Lundquist [dustin at null-ptr.net]
Sent: Thursday, July 10, 2014 4:24 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS] Shim vs Agent Refactor
Brandon,
One key limitation of such a driver, is it will not work in installations where the Neutron server is installed across multiple nodes since the HAProxy network namespace will be created or updated on the node which received the Neutron API request. This will work for Devstack and testing and is a good starting place, but is not usable for many deployments.
-Dustin
On Thu, Jul 10, 2014 at 1:37 PM, Brandon Logan <brandon.logan at rackspace.com<mailto:brandon.logan at rackspace.com>> wrote:
Okay so after talking to Kyle, we've decided to forego creating a new version of the agent right away and just creating a new haproxy driver based off the namespace_driver, but it does not require the agent. This will speed up development and allow for TLS and L7 features to get in with a reference implementation. If anyone objects please let me know. I'm going to start on this right away.
Thanks,
Brandon
________________________________
From: Samuel Bercovici [SamuelB at Radware.com]
Sent: Thursday, July 10, 2014 1:26 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS] Shim vs Agent Refactor
The haproxy reference is dependent on the agent.
Radware’s solution does not use an agent.
I was making sure that solutions such as ours will be possible.
From: Dustin Lundquist [mailto:dustin at null-ptr.net<mailto:dustin at null-ptr.net>]
Sent: Thursday, July 10, 2014 8:51 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS] Shim vs Agent Refactor
Samuel,
I've heard this mentioned before, but looking at the code the haproxy namespace driver uses the agent driver interface rather the the abstract driver interface. Are you sure the HAProxy driver can be used without the agent, if so could you explain how?
Thanks,
Dustin Lundquist
On Thursday, July 10, 2014, Samuel Bercovici <SamuelB at radware.com<mailto:SamuelB at radware.com>> wrote:
New/updated v2 driver could be done without an agent (same as was possible in v1).
From: Doug Wiegley [mailto:dougw at a10networks.com<http://UrlBlockedError.aspx>]
Sent: Thursday, July 10, 2014 8:06 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS] Shim vs Agent Refactor
Modified slightly, my read on the decision was:
* Create a v2 agent, and make the ref haproxy driver use the v2 agent and v2 obj model.
* At a lower priority, work on a shim for non-agent older drivers. This is de-coupled from the haproxy ref driver, and could happen in parallel if we had extra resources. This shim will have odd corner cases (a second listener on a vip, e.g.), which will chuck errors.
The ref haproxy driver is highest priority, and thus the v2 agent, as lbaas v2 goes nowhere without it.
Doug
From: Samuel Bercovici <SamuelB at Radware.com<http://UrlBlockedError.aspx>>
Reply-To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<http://UrlBlockedError.aspx>>
Date: Thursday, July 10, 2014 at 10:36 AM
To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<http://UrlBlockedError.aspx>>
Subject: Re: [openstack-dev] [Neutron][LBaaS] Shim vs Agent Refactor
This is also my understanding.
From: Stephen Balukoff [mailto:sbalukoff at bluebox.net<http://UrlBlockedError.aspx>]
Sent: Thursday, July 10, 2014 6:30 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS] Shim vs Agent Refactor
Per the IRC discussion this morning, I believe it was decided that we would prioritize creating a v2 agent which should run in parallel with the v1 agent. Further, for any subsequent driver shim layer, this should happen after the v2 agent is functional.
... or I may have misunderstood what was decided in the meeting. :) In any case, y'all should feel free to correct me here and/or raise other concerns we didn't think about, eh!
Stephen
On Wed, Jul 9, 2014 at 3:12 PM, Brandon Logan <brandon.logan at rackspace.com<http://UrlBlockedError.aspx>> wrote:
Shim will become quite complicated due to the fact we won't be able to actually send any load balancer information to the driver until a load balancer is linked to a listener, pool, and member. The reason is because for a vip to be created it needs attributes from a load balancer and listener. A vip also has a required attribute of pool_id in the old API so all the old driver are expecting a pool_id. So this means we need a pool first. Since the subnet_id has been moved off the pool and onto the pool member, we will need to have a pool with at least one member before we can send all that information to the driver.
Now once that is done, it will probably get even crazier with updates and deletes to each one of those entities.
So should time and effort be spent on the shim, which is temporary and eventually thrown away. Or should time be spent on creating a new version of the agent and namspace driver based off the new driver interface, which will need to be done anyway?
Doing the shim could end up being faster than creating a new version of the agent, but since there are going to be a lot of crazy edge cases, I question the stability of it and the time it may take for it to become stable.
One problem with not doing the shim is the older drivers cannot be used with the new API and will have to be updated. To this, I would argue that there is no benefit to using the new API with an old driver versus using the Old API with the old driver, right now. Once L7 and TLS get in then yes there would be.
I'd just like to get people's ideas on this.
Thanks,
Brandon
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org<http://UrlBlockedError.aspx>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
--
Stephen Balukoff
Blue Box Group, LLC
(800)613-4305 x807<tel:%28800%29613-4305%20x807>
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140711/f755fbf8/attachment.html>
More information about the OpenStack-dev
mailing list