cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alena Prokharchyk <>
Subject Re: [4.1 feature RFC] L4-L7 network services in shared network
Date Wed, 17 Oct 2012 16:51:33 GMT
Murali, I've added some comments inline, please review.

On 10/17/12 8:56 AM, "Venkata SwamyBabu Budumuru"
<> wrote:

>Here is my list of comments/queries after reviewing the FS.
>(1) when  the shared n/w scope is set to "domain/project", how is the
>external device allocation happen? Is it going to be dedicated to
>domain/project if we select "dedicated" during n/w offering creation ? I
>have this question because in case of isolated we dedicate devices to
>(2) how does network GC happen? What happens in the following cases
>	(a) Do we GC the VR when the shared network is just enabled with DNS,
>DHCP but no L4-L7 features with external devices?
>	(b) Do we GC the VR when the shared network is enabled with all the
>services including L4-L7 features with external devices?

We never do GC for Shared networks, only for Isolated. And we should keep
this logic.

>(3) I have a question about the following line mentioned in FS.
>	" listPublicIpAddresses API shall be enhanced to take network ID
>corresponding to the shared network in the advanced zone. When listAll
>API parameter is set to true, API shall return list of the public IP's
>associated with the network which caller is authorised to see."

Murali, we already have a parameter for this in listPublicIpAddresses,
called "associatedNetworkId". This is the id of the network ip address is
associated with. Please re-use this one, just make sure it accepts Id of
the Shared network

>	(a)	What else is the caller (non-cloud-admin)  is authorized to see
>apart from what his account owns?
>	(b)	Does this list sourceNAT IP ?
>(4) Since the shared n/w is used by multiple accounts, who is allowed to
>call "restartNetwork"? Is it only allowed by admin/normal accounts/
>(domain admins in case where shared n/w scope is "domain")

>(5) Any differences between restartNetwork with cleanup=true and false?

Yes, there is a diff. When cleanup=true, restart network does:

* delete current network rules
* shutdown network elements
* implement network elements
* re-apply the rules

When cleanup=false, the first 2 steps are skipped. In the past we didn't
allow cleanup to be true for Shared networks, but Rohit did some changes
in this area (I'm yet to submit his code to master). So cleanup=true can
be passed for all types of networks now.

>(6) Any support for offering upgrades? Like upgrade from an offering
>using F5 to an offering using NetScaler as LB provider?

I don't think we should support network offering upgrade for Shared

>(7) Any plans to support a different public pool for shared n/w's apart
>from what we define at zone level during creation?

We shouldn't divide the pool based on the network type this public ip
address can be possibly associated with.

>-----Original Message-----
>From: Murali Reddy []
>Sent: Tuesday, October 16, 2012 8:28 PM
>Subject: [4.1 feature RFC] L4-L7 network services in shared network
>CloudStack supports guest networks of type isolated and shared. While
>there is rich support of L4-L7 network services like firewall, NAT, LB in
>the isolated networks, similar network services are not available in the
>networks of shared type. While there is EIP and ELB services which
>provides NAT and LB service in basic zone which uses shared network,
>there are no firewall, NAT, LB services available to the shared networks
>created in the advanced zone. For enterprise/private clouds and simple
>deployments it make sense to enable L4-L7 services in the shared
>networks. I am proposing that CloudStack should enable L4-L7 network
>services in the shared networks created in the advanced zone. I opened
>new feature request for 4.1 release [1] and documented the functional
>requirements at [2]. Please comment.

View raw message