[openstack-dev] [Neutron] Segments, subnet types, and IPAM
salv.orlando at gmail.com
Sat Mar 12 05:04:25 UTC 2016
Some thoughts inline.
On 11 March 2016 at 23:15, Carl Baldwin <carl at ecbaldwin.net> wrote:
> I have started to get into coding  for the Neutron routed networks
> specification .
> This spec proposes a new association between network segments and
> subnets. This affects how IPAM needs to work because until we know
> where the port is going to land, we cannot allocate an IP address for
> it. Also, IPAM will need to somehow be aware of segments. We have
> proposed a host / segment mapping which could be transformed to a host
> / subnet mapping for IPAM purposes.
> I wanted to get the opinion of folks like Salvatore, John Belamaric,
> and you (if you interested) on this. How will this affect the
> interface to pluggable IPAM and how can pluggable implementations can
> accommodate this change. Obviously, we wouldn't require
> implementations to support it but routed networks wouldn't be very
> useful without it. So, those implementations would not be compatible
> when routed networks are deployed.
I think it is ok to augment the IPAM interface. As any API, it needs to
I don't think we have a story for its versioning; therefore I reckon that
the simplest way to achieve this would be adding a new method for
segment-aware IPAM, that only drivers supporting routing networks will be
required to implement.
> Another related topic was brought up in the recent Neutron mid-cycle.
> We talked about adding a service type attribute to to subnets. The
> reason for this change is to allow operators to create special subnets
> on a network to be used only by certain kinds of ports. For example,
> DVR fip namespace gateway ports burn a public IP for no good reason.
> This new feature would allow operators to create a special subnet in
> the network with private addressing only to be used by these ports.
> Another example would give operators the ability to use private
> subnets for router external gateway ports if shared SNAT is not needed
> or doesn't need to use public IPs.
> These are two ways in which subnets are taking on extra
> characteristics which distinguish them from other subnets on the same
> network. That is why I lumped them together in to one thread.
I wonder if we could satisfy this requirement with tags - as it seems these
subnets are anyway operator-owned you should probably not worry about
regular tenants fiddling with them, and therefore the "helper" subnet
needed for the fip namespace could just be tagged to the purpose.
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev