[openstack-dev] [neutron][tap-as-a-service] weekly meeting

Fawad Khaliq fawad at plumgrid.com
Thu Nov 19 17:18:41 UTC 2015


Hi Yamamoto,

Thanks for resuming work on this effort. TAP-as-a-service is a very
important feature, and great to see we are considering use case scenarios
and adjusting APIs accordingly. I have some thoughts on the use case
scenarios, which are seen as most common ones, when talking to operators.

There are two types of tap filters, which serve some of the use cases:

   * Port based packet mirroring/redirection
   * Policy based packet mirroring/redirection

I see both of them as important from operator use case scenarios. Also, I
mentioned traffic redirection in addition to the traffic mirroring and that
serves use cases where services like IPS are deployed and incorporated.

Do you happen to have a blueprint proposed with the original API
demonstrated that we can iterate over and add the use cases and adjust the
API accordingly to take further for review?

Thanks,
Fawad Khaliq


On Wed, Nov 18, 2015 at 1:57 PM, Irena Berezovsky <irenab.dev at gmail.com>
wrote:

>
>
> On Wed, Nov 18, 2015 at 8:31 AM, Takashi Yamamoto <yamamoto at midokura.com>
> wrote:
>
>> hi,
>>
>> On Thu, Nov 12, 2015 at 2:11 AM, Vikram Hosakote (vhosakot)
>> <vhosakot at cisco.com> wrote:
>> > Hi,
>> >
>> > TAAS looks great for traffic monitoring.
>> >
>> > Some questions about TAAS.
>> >
>> > 1) Can TAAS be used for provider networks as well, or just for tenant
>> > networks ?
>>
>> currently only for VM ports on tenant networks.
>>
>> >
>> > 2) Will there be any performance impact is every neutron port and every
>> > packet is mirrored/duplicated ?
>>
>> i guess per-port impact is negligible.
>> there's definitely per-packet impacts.
>> i don't have any numbers though.
>>
>> >
>> > 3) How is TAAS better than a non-mirroring approaches like
>> packet-sniffing
>> > (wireshark/tcpdump) and tracking interface counters/metrics ?
>>
>> i think taas is richer but probably slower than them.
>>
>> >
>> > 4) Is TAAS a legal/lawful way to intercept/duplicate customer traffic
>> in a
>> > production cloud ? Or, TAAS is used just for debugging/troubleshooting ?
>>
>> although i'm not sure about legal/lawful requirements,
>> i guess taas can be used for such purposes.
>>
>
> You check this presentation for potential usage scenarios:
>
>
> https://www.openstack.org/summit/vancouver-2015/summit-videos/presentation/tap-as-a-service-taas-port-monitoring-for-neutron-networks
>
> >
>> > I was not able to find answers for these questions in
>> > https://etherpad.openstack.org/p/mitaka-neutron-unplugged-track.
>> >
>> > Thanks!
>> >
>> >
>> > Regards,
>> > Vikram Hosakote
>> > vhosakot at cisco.com
>> > Software Engineer
>> > Cloud and Virtualization Group (CVG)
>> > Cisco Systems
>> > Boxborough MA USA
>> >
>> > From: Takashi Yamamoto <yamamoto at midokura.com>
>> > Reply-To: "OpenStack Development Mailing List (not for usage questions)"
>> > <openstack-dev at lists.openstack.org>
>> > Date: Tuesday, November 10, 2015 at 10:08 PM
>> > To: "OpenStack Development Mailing List (not for usage questions)"
>> > <openstack-dev at lists.openstack.org>
>> > Subject: [openstack-dev] [neutron][tap-as-a-service] weekly meeting
>> >
>> > hi,
>> >
>> > tap-as-a-service meeting will be held weekly, starting today.
>> > http://eavesdrop.openstack.org/#Tap_as_a_Service_Meeting
>> > anyone interested in the project is welcome.
>> > sorry for immediate notice.
>> >
>> >
>> __________________________________________________________________________
>> > OpenStack Development Mailing List (not for usage questions)
>> > Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>> >
>> >
>> >
>> __________________________________________________________________________
>> > OpenStack Development Mailing List (not for usage questions)
>> > Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>> >
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151119/47e8deff/attachment.html>


More information about the OpenStack-dev mailing list