[openstack-dev] [neutron] Confusion around the complexity

Chris Friesen chris.friesen at windriver.com
Thu Jan 12 23:22:36 UTC 2017 

On 01/12/2017 04:46 PM, Joshua Harlow wrote:
> So I don't want to start to much of a flame-war and am really just trying to
> understand things that may be beyond me (so treat me nicely, ha).
>
> The basic question that I've been wondering revolves around the following kind
> of 'thought experiment' that asks something along the lines of:
>
> """
> If I am a user of openstack, say I'm an iphone developer, trying to get my
> 'game' and associated 'game APIs' setup in a manner that is HA (say fronted by a
> load-balancer), using my custom image, secure and visible to either an intranet
> or to the large internet then what is the steps I would have to do when
> interacting with openstack to accomplish this and what would the provider of
> openstack have to give to me as endpoints to make this possible.
> """
>
> One of the obvious ones is nova and glance, and the API and usage there feels
> pretty straightforward as is (isn't really relevant to this conversation
> anyway). The one that feels bulky and confusing (at least for me) is the things
> I'd have to do in neutron to create and/or select networks, create and/or select
> subnets, create and/or select ports and so-on...
>
> As a supposed iphone developer (dev/ops, yadayada) just trying to get his/her
> game to market why would I really want to know about selecting networks, create
> and/or selecting subnets, create and/or selecting ports and so-on...

Nova/neutron now support "get me a network" which can simplify basic setups 
quite a bit.

Also, it's possible that the service provider could have created the 
networks/subnets for you when you initially set up the account, at which point 
you just boot up an instance on the right network.

As for why you would want to deal with the nitty gritty, consider a basic setup 
with a loadbalancer, multiple HTTP servers, and a backend DB.  The loadbalancer 
needs to be on a network that is routable to the public internet.  The HTTP 
servers need to be accessible from the loadbalancer, but we probably don't want 
them visible to the public internet.  The backend DB should only be accessible 
from the HTTP servers, not the loadbalancer, and it definitely shouldn't be on 
the public internet.  So we're talking maybe two separate virtual networks.  In 
real life the DB would probably be HA, so you'd have multiple DB servers (likely 
with their own private network for sync traffic) and maybe another loadbalancer 
in front of them.

Chris

More information about the OpenStack-dev mailing list