[openstack-dev] [Neutron][LBaaS] Requirements Wiki
Jorge Miramontes
jorge.miramontes at RACKSPACE.COM
Thu Mar 20 15:37:28 UTC 2014
Thanks for the input. I too was thinking "IP Access Control" could be solved with the firewall service in Neutron. To clarify what I mean check out our current API docs on this feature here<http://docs.rackspace.com/loadbalancers/api/v1.0/clb-devguide/content/Manage_Access_Lists-d1e3187.html>.
Cheers,
--Jorge
From: Eugene Nikanorov <enikanorov at mirantis.com<mailto:enikanorov at mirantis.com>>
Reply-To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Date: Thursday, March 20, 2014 1:35 AM
To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Subject: Re: [openstack-dev] [Neutron][LBaaS] Requirements Wiki
Hi folks, my comments inlined:
On Thu, Mar 20, 2014 at 6:13 AM, Youcef Laribi <Youcef.Laribi at citrix.com<mailto:Youcef.Laribi at citrix.com>> wrote:
Jorge,
Thanks for taking the time to put up a requirements list. Some comments below:
* Static IP Addresses
* Our current Cloud Load Balancing (CLB) offering utilizes static IP addresses which is something our customers really like, especially when setting up DNS. AWS for example, gives you an A record which you CNAME to.
This should also already be addressed, as you can today specify the VIP’s IP address explicitly on creation. We do not have DNS-based support for LB like in AWS ELB though.
Right, it's already there. Probably that's why it confused me :)
* Active/Passive Failover
* I think this is solved with multiple pools.
The multiple pools support that is coming with L7 rules is to support content-switching based on L7 HTTP information (URL, headers, etc.). There is no support today for an active vs. passive pool.
I'm not sure that's the priority. It depends on if this is widely supported among vendors.
* IP Access Control
* Our current CLB offering allows the user to restrict access through their load balancer by blacklisting/whitelisting cidr blocks and even individual ip addresses. This is just a basic security feature.
Is this controlling access to the VIP’s IP address or to pool members IP addresses? There is also a Firewall service in Neutron. Could this feature better fit in that service?
Agree, it's better to utilize what fwaas has to offer.
Eugene.
Youcef
From: Jorge Miramontes [mailto:jorge.miramontes at RACKSPACE.COM<mailto:jorge.miramontes at RACKSPACE.COM>]
Sent: Wednesday, March 19, 2014 11:44 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS] Requirements Wiki
Oleg, thanks for the updates.
Eugene, High/Medium/Low is fine with me. I really just wanted to find a way to rank even amongst all of 'X' priorities. As people start adding more items we may need more columns to add things such as this, links to blueprints (per Ryan's idea), etc. In terms of the requirements marked with a '?' I can try to clarify here:
* Static IP Addresses
* Our current Cloud Load Balancing (CLB) offering utilizes static IP addresses which is something our customers really like, especially when setting up DNS. AWS for example, gives you an A record which you CNAME to.
* Active/Passive Failover
* I think this is solved with multiple pools.
* IP Access Control
* Our current CLB offering allows the user to restrict access through their load balancer by blacklisting/whitelisting cidr blocks and even individual ip addresses. This is just a basic security feature.
Cheers,
--Jorge
From: Eugene Nikanorov <enikanorov at mirantis.com<mailto:enikanorov at mirantis.com>>
Reply-To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Date: Wednesday, March 19, 2014 7:32 AM
To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Subject: Re: [openstack-dev] [Neutron][LBaaS] Requirements Wiki
Hi Jorge,
Thanks for taking care of the page. I've added priorities, although I'm not sure we need precise priority weights.
Those features that still have '?' need further clarification.
Thanks,
Eugene.
On Wed, Mar 19, 2014 at 11:18 AM, Oleg Bondarev <obondarev at mirantis.com<mailto:obondarev at mirantis.com>> wrote:
Hi Jorge,
Thanks for taking care of this and bringing it all together! This will be really useful for LBaaS discussions.
I updated the wiki to include L7 rules support and also marking already implemented requirements.
Thanks,
Oleg
On Wed, Mar 19, 2014 at 2:57 AM, Jorge Miramontes <jorge.miramontes at rackspace.com<mailto:jorge.miramontes at rackspace.com>> wrote:
Hey Neutron LBaaS folks,
Per last week's IRC meeting I have created a preliminary requirements &
use case wiki page. I requested adding such a page since there appears to
be a lot of new interest in load balancing and feel that we need a
structured way to align everyone's interest in the project. Furthermore,
it appears that understanding everyone's requirements and use cases will
aid in the current object model discussion we all have been having. That
being said, this wiki is malleable and open to discussion. I have added
some preliminary requirements from my team's perspective in order to start
the discussion. My vision is that people add requirements and use cases to
the wiki for what they envision Neutron LBaaS becoming. That way, we can
all discuss as a group, figure out what should and shouldn't be a
requirement and prioritize the rest in an effort to focus development
efforts. ReadyŠsetŠgo!
Here is the link to the wiki ==>
https://wiki.openstack.org/wiki/Neutron/LBaaS/requirements
Cheers,
--Jorge
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140320/4958e535/attachment.html>
More information about the OpenStack-dev
mailing list