[openstack-dev] [neutron] L2 gateway as a service

Armando M. armamig at gmail.com
Thu Nov 20 20:29:13 UTC 2014


On 20 November 2014 02:08, Salvatore Orlando <sorlando at nicira.com> wrote:

>
>
> On 20 November 2014 02:19, Sukhdev Kapur <sukhdevkapur at gmail.com> wrote:
>
>> Folks,
>>
>> Like Ian, I am jumping in this very late as well - as I decided to travel
>> Europe after the summit, just returned back and  catching up :-):-)
>>
>> I have noticed that this thread has gotten fairly convoluted and painful
>> to read.
>>
>> I think Armando summed it up well in the beginning of the thread. There
>> are basically three written proposals (listed in Armando's email - I pasted
>> them again here).
>>
>> [1] https://review.openstack.org/#/c/134179/
>> [2] https://review.openstack.org/#/c/100278/
>> [3] https://review.openstack.org/#/c/93613/
>>
>>
> In this thread I have seen other specs being mentioned as "related".
> Namely:
> 1) https://review.openstack.org/#/c/93329/ (BGP VPN)
> 2) https://review.openstack.org/#/c/101043/ (MPLS vpn)
> 3) https://review.openstack.org/#/c/87825/ (external device integration)
> Note that I am not saying they should be put as well in the mix. I'm only
> listing them here as a "recap".
> There are probably other "ideas" not yet put in the form of a concrete
> specification. In order to avoid further confusion, I would just blindly
> ignore proposals which do not exist in the form a specification.
>

Ah, I know what you're trying to do here...I am not gonna fall into your
trap :)


>
>
>
>> On this thread I see that the authors of first two proposals have already
>> agreed to consolidate and work together. This leaves with two proposals.
>> Both Ian and I were involved with the third proposal [3] and have
>> reasonable idea about it. IMO, the use cases addressed by the third
>> proposal are very similar to use cases addressed by proposal [1] and [2]. I
>> can volunteer to  follow up with Racha and Stephen from Ericsson to see if
>> their use case will be covered with the new combined proposal. If yes, we
>> have one converged proposal. If no, then we modify the proposal to
>> accommodate their use case as well. Regardless, I will ask them to review
>> and post their comments on [1].
>>
>
> One thing that I've noticed in the past is that contributors are led to
> think that the owner of the specification will also be the lead for the
> subsequent work. There nothing farther from truth. Sometimes I write specs
> with the exact intent of having somebody else lead the implementation. So
> don't feel bad to abandon a spec if you realize your use cases can be
> completely included in another specification.
>

Stating the obvious, but yes point taken!


>
>
>>
>> Having said that, this covers what we discussed during the morning
>> session on Friday in Paris. Now, comes the second part which Ian brought up
>> in the afternoon session on Friday.
>> My initial reaction was, when heard his use case, that this new
>> proposal/API should cover that use case as well (I am being bit optimistic
>> here :-)). If not, rather than going into the nitty gritty details of the
>> use case, let's see what modification is required to the proposed API to
>> accommodate Ian's use case and adjust it accordingly.
>>
>
> Unfortunately I did not attend that discussion. Possibly 90% of the people
> reading this thread did not attend it. It would be nice if Ian or somebody
> else posted a write-up, adding more details to what has already been shared
> in this thread. If you've already done so please share a link as my
> google-fu is not that good these days.
>
>
>>
>> Now, the last point (already brought up by Salvatore as well as Armando)
>> - the abstraction of the API, so that it meets the Neutron API criteria. I
>> think this is the critical piece. I also believe the API proposed by [1] is
>> very close. We should clean it up and take out references to ToR's or
>> physical vs virtual devices. The API should work at an abstract level so
>> that it can deal with both physical as well virtual devices. If we can
>> agree to that, I believe we can have a solid solution.
>>
>
>> Having said that I would like to request the community to review the
>> proposal submitted by Maruti in [1] and post comments on the spec with the
>> intent to get a closure on the API. I see lots of good comments already on
>> the spec. Lets get this done so that we can have a workable (even if not
>> perfect) version of API in Kilo cycle. Something which we can all start to
>> play with. We can always iterate over it, and make change as we get more
>> and more use cases covered.
>>
>
> "Iterate" is the key here I believe. As long as we pretend to achieve the
> perfect API at the first attempt we'll just keep having this discussion. I
> think the first time a L2 GW API was proposed, it was for Grizzly.
> For instance, it might relatively easy to define an API which can handle
> both physical and virtual devices. The user workflow for a ToR terminated
> L2 GW is different from the workflow for a virtual appliance owned by
> tenant, and this will obviously reflected in the API. On the other hand, a
> BGP VPN might be a completely different use case, and therefore have a
> completely different set of APIs.
>

+1


>
> Beyond APIs there are two more things to mention.
> First, we need some sort of open source reference implementation for every
> use case. For hardware VTEP obviously this won't be possible, but perhaps
> [1] can be used for integration tests.
>

I think, once the API settled there may be multiple implementations for
bridging logical nets with physical ones; one could be hardware vtep schema
implemented by a switch, one other could be the same schema implemented on
a white box, or something totally different. If we designed the API
correctly, that should not matter. I believe that [1] should clearly state
that. I'll make sure this point is captured.


> The complexity of providing this implementation might probably drive the
> roadmap for supporting L2 GW use cases.
> Second, I still believe this is an "advanced service" and therefore a
> candidate for being outside of neutron's main repo (which, if you're
> following the discussions does not mean "outside of neutron"). The
> arguments I've seen so far do not yet convince me this thing has to be
> tightly integrated into the core neutron.
>

My working assumption is that this is going to bake elsewhere outside the
core. However this will need integration hooks to the core the same way
other advanced services do, so it's of paramount that the vendor spin-off
goes ahead, so that efforts, like this one, can evolve at the pace they are
comfortable with.


>
>
> Salvatore
>
>
> [1] http://openvswitch.org/pipermail/dev/2013-October/032530.html
>
>
>
>
>>
>> Make sense?
>>
>> cheers..
>> -Sukhdev
>>
>>
>> On Tue, Nov 18, 2014 at 6:44 PM, Armando M. <armamig at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> On 18 November 2014 16:22, Ian Wells <ijw.ubuntu at cack.org.uk> wrote:
>>>
>>>> Sorry I'm a bit late to this, but that's what you get from being on
>>>> holiday...  (Which is also why there are no new MTU and VLAN specs yet, but
>>>> I swear I'll get to them.)
>>>>
>>>
>>> Ah! I hope it was good at least :)
>>>
>>>
>>>>
>>>> On 17 November 2014 01:13, Mathieu Rohon <mathieu.rohon at gmail.com>
>>>> wrote:
>>>>
>>>>> Hi
>>>>>
>>>>> On Fri, Nov 14, 2014 at 6:26 PM, Armando M. <armamig at gmail.com> wrote:
>>>>> > Last Friday I recall we had two discussions around this topic. One
>>>>> in the
>>>>> > morning, which I think led to Maruti to push [1]. The way I
>>>>> understood [1]
>>>>> > was that it is an attempt at unifying [2] and [3], by choosing the
>>>>> API
>>>>> > approach of one and the architectural approach of the other.
>>>>> >
>>>>> > [1] https://review.openstack.org/#/c/134179/
>>>>> > [2] https://review.openstack.org/#/c/100278/
>>>>> > [3] https://review.openstack.org/#/c/93613/
>>>>> >
>>>>> > Then there was another discussion in the afternoon, but I am not
>>>>> 100% of the
>>>>> > outcome.
>>>>>
>>>>> Me neither, that's why I'd like ian, who led this discussion, to sum
>>>>> up the outcome from its point of view.
>>>>>
>>>>
>>>> So, the gist of what I said is that we have three, independent, use
>>>> cases:
>>>>
>>>> - connecting two VMs that like to tag packets to each other (VLAN clean
>>>> networks)
>>>> - connecting many networks to a single VM (trunking ports)
>>>> - connecting the outside world to a set of virtual networks
>>>>
>>>> We're discussing that last use case here.  The point I was made was
>>>> that:
>>>>
>>>> - there are more encaps in the world than just VLANs
>>>> - they can all be solved in the same way using an edge API
>>>>
>>>
>>> No disagreement all the way up to this point, assumed that I don't worry
>>> about what this edge API really is.
>>>
>>>
>>>> - if they are solved using an edge API, the job of describing the
>>>> network you're trying to bring in (be it switch/port/vlan, or MPLS label
>>>> stack, or l2tpv3 endpoint data) is best kept outside of Neutron's API,
>>>> because Neutron can't usefully do anything with it other than validate it
>>>> and hand it off to whatever network control code is being used.  (Note that
>>>> most encaps will likely *not* be implemented in Neutron's inbuilt control
>>>> code.)
>>>>
>>>
>>> This is where the disagreement begins, as far as I am concerned; in fact
>>> we already have a well defined way of describing what a network entity in
>>> Neutron is, namely an L2 broadcast domain abstraction. An L2 gateway API
>>> that is well defined and well scoped should just express how one can be
>>> connected to another, nothing more, at least as a starting point.
>>>
>>>
>>>>
>>>> Now, the above argument says that we should keep this out of Neutron.
>>>> The problem with that is that people are using the OVS mechanism driver and
>>>> would like a solution that works with that, implying something that's
>>>> *inside* Neutron.  For that case, it's certainly valid to consider another
>>>> means of implementation, but it wouldn't be my personal choice.  (For what
>>>> it's worth I'm looking at ODL based controller implementations, so this
>>>> isn't an issue for me personally.)
>>>>
>>>> If one were to implement the code in the Neutron API, even as an
>>>> extension, I would question whether it's a sensible thing to attempt before
>>>> the RPC server/REST server split is done, since it also extends the API
>>>> between them.
>>>>
>>>> > All this churn makes me believe that we probably just need to stop
>>>>> > pretending we can achieve any sort of consensus on the approach and
>>>>> let the
>>>>> > different alternatives develop independently, assumed they can all
>>>>> develop
>>>>> > independently, and then let natural evolution take its course :)
>>>>>
>>>>> I tend to agree, but I think that one of the reason why we are looking
>>>>> for a consensus, is because API evolutions proposed through
>>>>> Neutron-spec are rejected by core-dev, because they rely on external
>>>>> components (sdn controller, proprietary hardware...) or they are not a
>>>>> high priority for neutron core-dev.
>>>>> By finding a consensus, we show that several players are interested in
>>>>> such an API, and it helps to convince core-dev that this use-case, and
>>>>> its API, is missing in neutron.
>>>>>
>>>>
>>>> There are lots of players interested in an API, that much is clear, and
>>>> all the more so if you consider that this feature has strong analogies with
>>>> use cases such as switch port exposure and MPLS.  The problem is that it's
>>>> clearly a fairly complex API with some variety of ways to implement it, and
>>>> both of these things work against its acceptance.  Additionally, per the
>>>> above discussion, I would say it's not essential for it to be core Neutron
>>>> functionality.
>>>>
>>>
>>>> Now, if there is room for easily propose new API in Neutron, It make
>>>>> sense to leave new API appear and evolve, and then " let natural
>>>>> evolution take its course ", as you said.
>>>>>
>>>>
>>>> Natural selection works poorly on APIs because once they exist they're
>>>> hard to change and/or retire, due to backward compatibility requirements.
>>>>
>>>
>>> Well, that is true assumed that someone can or is willing to use them :)
>>>
>>>
>>>>
>>>>
>>>>> To me, this is in the scope of the "advanced services" project.
>>>>>
>>>>
>>>> Advanced services or no, the point I was making is that this is not
>>>> something that should fit under the Neutron API endpoint.  Since it's not
>>>> really related to any of the other advanced services it's not particularly
>>>> necessary that it fit under the Advanced Services API endpoint either,
>>>> although it could.  My Unix design leanings say to me that if things are
>>>> not related they shouldn't be combined, though - the simplest thing that
>>>> does the job is the right answer.
>>>> --
>>>> Ian.
>>>>
>>>> _______________________________________________
>>>> OpenStack-dev mailing list
>>>> OpenStack-dev at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141120/3abe6234/attachment.html>


More information about the OpenStack-dev mailing list