Open Stack

Are folks using Quantum / Neutron in production? If so:

a) What is your configuration? What drivers are you using? At what scale?

b) Are you happy with it? What problems do you encounter?

I am deploying a Grizzly build after successfully running Diablo and Essex
in production for several years. The production builds are medium sized
(~600 machines). I expect to run into a few problems when deploying new
software. But the things I've seen with quantum do not inspire confidence:

- No support for clean network teardown: once service ports (LB, L3 or
gateway) are added it is not possible to detach them without stopping the
L3, metadata and dhcp services.

- Deleting a network usually requires 5 to 6 separate CLI calls to teardown
each component. The commands to do this are non-intuitive, e.g. to delete a
router you must delete all of the ports on it, but you must use the
"router-interface-delete" which takes a subnet, not a port.

- To update a subnet, e.g. to fix incorrect allocation pools, you must
construct the XML or JSON body of the HTTP request. This is not documented
in the command.

- Then it turns out allocation pools and the CIDR are read-only attributes!

- As far as we can tell, floating IPs must be attached to an ethernet
bridge. This is problematic if you're not using ethernet as your link layer
(e.g. using infiniband).

- Network administration documentation makes confusing and unrealistic
assumptions about deployments: create a private network on 10.0.1.0/24 and
a "public" one with floating IPs on another RFC 1918 block.

- As previously mentioned on this list, no support for multi-host
deployments.

- The documented OVS deployments place six (yes six!) layers of software
bridging between your VM and the public internet.

- Security groups support egress (nice!) but there's no way with the nova
commands to allow-all on egress. So users will need to make new security
groups before they migrate.

- Little to no support in IRC from the neutron devs (on multiple occasions).

I am sure that many of these issues have straightforward solutions, but
nova-network works fine for us now. The only thing driving us into neutron
is the threat of nova-network's deprecation.

This really feels like second-system syndrome to me.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20130927/9c320b32/attachment.html>