[openstack-dev] [Neutron][LBaaS] Requirements Wiki

Jorge Miramontes jorge.miramontes at RACKSPACE.COM
Fri Mar 21 16:18:15 UTC 2014


Hey Youcef,

Correct. It gives the tenant the ability to control which client ip addresses can and cannot access the vip.

Cheers,
--Jorge

From: Youcef Laribi <Youcef.Laribi at citrix.com<mailto:Youcef.Laribi at citrix.com>>
Reply-To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Date: Thursday, March 20, 2014 12:51 PM
To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Subject: Re: [openstack-dev] [Neutron][LBaaS] Requirements Wiki

Jorge,

Just to clarify, is this a feature to control which client IP addresses can access the VIP?

Thanks,
Youcef

From: Jorge Miramontes [mailto:jorge.miramontes at RACKSPACE.COM]
Sent: Thursday, March 20, 2014 8:37 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS] Requirements Wiki

Thanks for the input. I too was thinking "IP Access Control" could be solved with the firewall service in Neutron. To clarify what I mean check out our current API docs on this feature here<http://docs.rackspace.com/loadbalancers/api/v1.0/clb-devguide/content/Manage_Access_Lists-d1e3187.html>.

Cheers,
--Jorge

From: Eugene Nikanorov <enikanorov at mirantis.com<mailto:enikanorov at mirantis.com>>
Reply-To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Date: Thursday, March 20, 2014 1:35 AM
To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Subject: Re: [openstack-dev] [Neutron][LBaaS] Requirements Wiki

Hi folks, my comments inlined:

On Thu, Mar 20, 2014 at 6:13 AM, Youcef Laribi <Youcef.Laribi at citrix.com<mailto:Youcef.Laribi at citrix.com>> wrote:
Jorge,

Thanks for taking the time to put up a requirements list. Some comments below:

  *   Static IP Addresses

     *   Our current Cloud Load Balancing (CLB) offering utilizes static IP addresses which is something our customers really like, especially when setting up DNS. AWS for example, gives you an A record which you CNAME to.
This should also already be addressed, as you can today specify the VIP’s IP address explicitly on creation. We do not have DNS-based support for LB like in AWS ELB though.
Right, it's already there. Probably that's why it confused me :)

  *   Active/Passive Failover

     *   I think this is solved with multiple pools.
The multiple pools support that is coming with L7 rules is to support content-switching based on L7 HTTP information (URL, headers, etc.). There is no support today for an active vs. passive pool.
I'm not sure that's the priority. It depends on if this is widely supported among vendors.


  *   IP Access Control

     *   Our current CLB offering allows the user to restrict access through their load balancer by blacklisting/whitelisting cidr blocks and even individual ip addresses. This is just a basic security feature.
Is this controlling access to the VIP’s IP address or to pool members IP addresses? There is also a Firewall service in Neutron. Could this feature better fit in that service?
Agree, it's better to utilize what fwaas has to offer.

Eugene.



Youcef

From: Jorge Miramontes [mailto:jorge.miramontes at RACKSPACE.COM<mailto:jorge.miramontes at RACKSPACE.COM>]
Sent: Wednesday, March 19, 2014 11:44 AM

To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS] Requirements Wiki

Oleg, thanks for the updates.

Eugene, High/Medium/Low is fine with me. I really just wanted to find a way to rank even amongst all of 'X' priorities. As people start adding more items we may need more columns to add things such as this, links to blueprints (per Ryan's idea), etc. In terms of the requirements marked with a '?' I can try to clarify here:


  *   Static IP Addresses

     *   Our current Cloud Load Balancing (CLB) offering utilizes static IP addresses which is something our customers really like, especially when setting up DNS. AWS for example, gives you an A record which you CNAME to.

  *   Active/Passive Failover

     *   I think this is solved with multiple pools.

  *   IP Access Control

     *   Our current CLB offering allows the user to restrict access through their load balancer by blacklisting/whitelisting cidr blocks and even individual ip addresses. This is just a basic security feature.

Cheers,
--Jorge

From: Eugene Nikanorov <enikanorov at mirantis.com<mailto:enikanorov at mirantis.com>>
Reply-To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Date: Wednesday, March 19, 2014 7:32 AM
To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Subject: Re: [openstack-dev] [Neutron][LBaaS] Requirements Wiki

Hi Jorge,

Thanks for taking care of the page. I've added priorities, although I'm not sure we need precise priority weights.
Those features that still have '?' need further clarification.

Thanks,
Eugene.


On Wed, Mar 19, 2014 at 11:18 AM, Oleg Bondarev <obondarev at mirantis.com<mailto:obondarev at mirantis.com>> wrote:
Hi Jorge,

Thanks for taking care of this and bringing it all together! This will be really useful for LBaaS discussions.
I updated the wiki to include L7 rules support and also marking already implemented requirements.

Thanks,
Oleg

On Wed, Mar 19, 2014 at 2:57 AM, Jorge Miramontes <jorge.miramontes at rackspace.com<mailto:jorge.miramontes at rackspace.com>> wrote:
Hey Neutron LBaaS folks,

Per last week's IRC meeting I have created a preliminary requirements &
use case wiki page. I requested adding such a page since there appears to
be a lot of new interest in load balancing and feel that we need a
structured way to align everyone's interest in the project. Furthermore,
it appears that understanding everyone's requirements and use cases will
aid in the current object model discussion we all have been having. That
being said, this wiki is malleable and open to discussion. I have added
some preliminary requirements from my team's perspective in order to start
the discussion. My vision is that people add requirements and use cases to
the wiki for what they envision Neutron LBaaS becoming. That way, we can
all discuss as a group, figure out what should and shouldn't be a
requirement and prioritize the rest in an effort to focus development
efforts. ReadyŠsetŠgo!

Here is the link to the wiki ==>
https://wiki.openstack.org/wiki/Neutron/LBaaS/requirements

Cheers,
--Jorge


_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140321/1501fe82/attachment.html>


More information about the OpenStack-dev mailing list