[Neutron] PTG summary

Slawek Kaplonski skaplons at redhat.com
Wed Nov 4 08:46:42 UTC 2020 

Hi,

Dnia poniedziaƂek, 2 listopada 2020 23:59:58 CET Thomas Goirand pisze:
> Hi Slawek,
> 
> Thanks a lot for the summary, that's very useful.
> 
> On 11/2/20 10:56 PM, Slawek Kaplonski wrote:
> >   * replace ip commands with pyroute2, under a privsep context (elevated
> > 
> > permissions needed)
> 
> Please, please, please, do this, and give it some high priority.
> Spawning thousands of times the ip command simply doesn't scale.

Yes, we know that :) And it's one of our priorities in this cycle.

> 
> > ## Migration to the NFtables
> > During this session we were discussing potential strategies on how to
> > migrate from the old iptables to the new nftables. We need to start
> > planning that work as it major Linux distributions (e.g. RHEL) are
> > planning to deprecate iptables in next releases.
> 
> Did you know that Debian uses nftables by default since Buster, and that
> one must set iptables-legacy as alternative, otherwise Neutron becomes
> mad and fails applying firewall rules?

Yes, that work already has been started - see https://review.opendev.org/#/c/
759874/
But it's a lot of work to do so it may not be very fast and help is welcome in 
that area :)

> 
> I'm not sure about Bullseye, but maybe there, iptables-legacy will even
> be gone?!?
> 
> > ## Leveraging routing-on-the-host in Neutron in our next-gen clusters
> > 
> > As a last topic on Friday we were discussing potential solutions of the
> > _L3 on the host_ in the Neutron. The idea here is very similar to what
> > e.g. __Calico plugin__ is doing currently.
> > More details about potential solutions are described in the etherpad [14].
> > During the discussion Dawid Deja from OVH told us that OVH is also using
> > very similar, downstream only solution.
> > Conclusion of that discussion was that we may have most of the needed code
> > already in Neutron and some stadium projects so as a first step people who
> > are interested in that topic, like Jan Gutter, Miguel and Dawid will work
> > on some deployment guide for such use case.
> 
> It'd be great if people were sharing code for this. I've seen at least 3
> or 4 companies doing it, none sharing any bits... :/

Yes, I think that OVH may consider that.
And also there should be now some collaboration betweem Jan, Miguel and maybe 
others on that topic.

> 
> How well is the Calico plugin working for this? Do we know? Has anyone
> tried it in production? Does it scale well?
> 
> Cheers,
> 
> Thomas Goirand (zigo)


-- 
Slawek Kaplonski
Principal Software Engineer
Red Hat

More information about the openstack-discuss mailing list