[openstack-dev] [Neutron]why FIP is integrated into router not as a separated service like XxxaaS?

Akilesh K akilesh1597 at gmail.com
Wed Nov 5 09:37:51 UTC 2014


@Germy Lure,
I cannot give you a direct answer as I am not a developer.

But let me point out that openstack can make use of many agents for l3 and
above and not just neutron-l3-agent. You may even create your own agent.

The 'neutron-l3-agent' works that way just to keep things simple. One point
to consider is that Tenants may share same network space. So it becomes
necessary to tie a router which belongs to a tenant to the tenant's
security groups. If you try to distribute routing and firewall service you
might end up making it too complicated.


On Wed, Nov 5, 2014 at 2:40 PM, Carl Baldwin <carl at ecbaldwin.net> wrote:

> I don't think I know the precise answer to your question.  My best guess
> is that floating ips were one of the initial core L3 features implemented
> before other advanced services existed.  Implementing them in this way may
> have been the path of least resistance at the time.
>
> Are you suggesting a change?  What change?  What advantages would your
> change bring?  Do you see something fundamentally wrong with the current
> approach?  Does it have some deficiency that you can point out?  Basically,
> we need a suggested modification with some good justification to spend time
> making that modification.
>
> Carl
> Hi,
>
> Address Translation(FIP, snat and dnat) looks like an advanced service.
> Why it is integrated into L3 router? Actually, this is not how it's done in
> practice. They are usually provided by Firewall device but not router.
>
> What's the design concept?
>
> Thanks&Regards,
> Germy
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141105/c4ac31ec/attachment.html>


More information about the OpenStack-dev mailing list