cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daan Hoogland <daan.hoogl...@gmail.com>
Subject Re: [DISCUSS] vpc gateway networks are guestnetworks
Date Tue, 03 Jun 2014 06:11:43 GMT
valid questions. i will answer in line shortly and expand later (on the wiki)

On Tue, Jun 3, 2014 at 12:51 AM, Chiradeep Vittal
<Chiradeep.Vittal@citrix.com> wrote:
> Hi Daan,
>
> Thanks for the visual. It helps, but the use case outlined seems possible
> with a single VPC?
The organisation at Schuberg Philis choose for heavy use of vpcs. The
request for extra inter-vpc traffic possibilities is a consequence.

> Assuming that for some reason (please educate us) it is not possible to use
> a single VPC, it appears to me that we are inventing a new network type
> (“InterVPC”).
This 'type' already exists. the private gateway functionality
automatically creates it and will also delete it when the gw is
removed.

> Who “owns” this network? Who creates it, updates it, deletes it, can read
> it?
it is created when first attached to a private gateway and will be
deleted when the last private gw is removed from it.

> Is it instantiated from a network offering?
yes, a system offering, but it should be possible to use other offerings.

> If so, what is the
> restriction on this network offering?
TBD

> Can it have an LB for instance?
No unless. we will have to look at redundant routers for vpcs. that
would invalidate one of the use cases for this network.

> Can
> multiple tenants attach to a single “intervpc” network?
related to IAM. I have not decided on this. It would be nice
functionality but also complicates security. First version? No. I will
keep an open mind to it because I don't want to design something that
blocks it.

> Can we extend the private gateway feature to this intervpc use case?
The network part is actually quite simple. there are cidrs but only a
single endpoint. We have to add an endpoint per cidr. The present cidr
can be removed or defined to be the default.


>
> From: Daan Hoogland <daan.hoogland@gmail.com>
> Date: Monday, June 2, 2014 at 3:42 AM
>
> To: Chiradeep Vittal <chiradeep.vittal@citrix.com>
> Cc: Alena Prokharchyk <Alena.Prokharchyk@citrix.com>, Sheng Yang
> <Sheng.Yang@citrix.com>, Alex Huang <Alex.Huang@citrix.com>,
> "dev@cloudstack.apache.org" <dev@cloudstack.apache.org>, Jayapal Reddy Uradi
> <jayapalreddy.uradi@citrix.com>
> Subject: Re: [DISCUSS] vpc gateway networks are guestnetworks
>
> H,
>
> Please, have a look at the example picture in
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/inter+vpc+network
>
> It depicts a mix of the use cases I described earlier and gives an
> overview of the possibilities required.
>
> regards,
> Daan
>
> On Tue, May 27, 2014 at 10:15 PM, Daan Hoogland <daan.hoogland@gmail.com>
> wrote:
>
> Absolutely, will be next week I am afraid.
>
> On Tue, May 27, 2014 at 7:04 PM, Chiradeep Vittal
> <Chiradeep.Vittal@citrix.com> wrote:
>
> Hi Daan,
>
> Sounds interesting! Could I beg you to post some images / figures and more
> text so that I can understand better?
>
> Thanks
> —
> Chiradeep
>
> From: Daan Hoogland <daan.hoogland@gmail.com>
> Date: Monday, May 26, 2014 at 3:39 AM
> To: Chiradeep Vittal <chiradeep.vittal@citrix.com>
> Cc: Alena Prokharchyk <Alena.Prokharchyk@citrix.com>, Sheng Yang
> <Sheng.Yang@citrix.com>, Alex Huang <Alex.Huang@citrix.com>,
> "dev@cloudstack.apache.org" <dev@cloudstack.apache.org>, Jayapal Reddy Uradi
> <jayapalreddy.uradi@citrix.com>
> Subject: Re: [DISCUSS] vpc gateway networks are guestnetworks
>
> Chiradeep,
>
> I read the vpc-peering option again and it seems not to give us
> enough. We want a superset of this feature where more then two vpc can
> be connected to the same intervpc network. Use cases are
> - have a single monitor and other management devices for several
> applications in different vpcs
> - have a promotion mechanism across test/acceptance/prod/postprod
> environments
> - (as long as we don't have redundant vpc routers) have a management
> environment connected to two vpc's to manage fail-over/dr scenario's
>
> using all peer to peer connections for this can get rather mashy.
> What do you think?
>
> Daan
>
>
> On Fri, May 23, 2014 at 10:56 PM, Daan Hoogland <daan.hoogland@gmail.com>
> wrote:
>
> As you can see it isn’t trivial.
>
> I guess you refer to the overlapping cidrs. I am afraid that some
> responsibility here will have to lay with the domain admin(s). If we
> limit inter vpc networks to one domain we can enforce the ip ranges
> not to overlap.
>
> the routing problem is tackled by a next hop field near the cidr.
>
> I am sure I am missing some other non trivial challenges.
>
> On Fri, May 23, 2014 at 7:23 PM, Chiradeep Vittal
> <Chiradeep.Vittal@citrix.com> wrote:
>
> I guess the ‘proper’ way to have done this would be to have a
> ‘createPrivateGateway’ API that is independent of the vpc and a
> attachPrivateGateway that attaches it to the vpc.
>
> Re: next hop, I’d like to see an FS for this feature. It seems to me that it
> is very similar to VPC peering (http://goo.gl/Y7tNkM).
> As you can see it isn’t trivial.
>
> From: Daan Hoogland <daan.hoogland@gmail.com>
> Date: Friday, May 23, 2014 at 2:06 AM
> To: Chiradeep Vittal <chiradeep.vittal@citrix.com>, Alena Prokharchyk
> <Alena.Prokharchyk@citrix.com>, Sheng Yang <Sheng.Yang@citrix.com>, Alex
> Huang <Alex.Huang@citrix.com>
> Cc: "dev@cloudstack.apache.org" <dev@cloudstack.apache.org>
> Subject: [DISCUSS] vpc gateway networks are guestnetworks
>
> Hi,
>
> please considder this ugly peace of my work I am now compiling into
> cloudstack master VpcManagerImpl.createVpcPrivateGateway(..) that will
> fix a bug:
>
>           {   // experimental block, this is a hack
>               // set vpc id in network to null
>               // might be needed for all types of broadcast domains
>               // the ugly hack is that vpc gateway nets are created as
> guest network
>               // while they are not.
>               // A more permanent solution would be to define a type of
> 'gatewaynetwork'
>               // so that handling code is not mixed between the two
>               NetworkVO gatewaynet = _ntwkDao.findById(privateNtwk.getId());
>               gatewaynet.setVpcId(vpcId);
>               _ntwkDao.persist(gatewaynet);
>           }
>
> the problem I want to solve is that vpc routers, when restarting
> assign the ip of the gateway to their gw-interface [1]. this is a ip
> conflict and it has bitten us. My first take was to create the network
> without passing the vpc id but that lead to all kinds of errors so I
> reverted. It seemed cleaner then this solution I am scheming for now.
> If this doesn't lead to obvious errors in my environment I will commit
> and be happy to again revert when integration tests fail. It is in any
> case not a permanent solution.
>
> Question: should the network for gateways be a special type that is
> handled almost the same as guest network (except for in this case) or
> is more refactoring needed?
> in any case I think this is something that will have to be dealt with soon.
>
> One consideration on the side: I want to add a next-hop field to the
> cidrs on the gateway so that it is possible to create a network with
> more vpcs that direct traffic to each other. The use case for this is
> a vpc for a customers mangement network connected to one for
> production and one for acceptance and one ....
>
> please flame, criticize or pose your questions
>
> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-6485
>
> --
> Daan
>
>
>
>
> --
> Daan
>
>
>
>
> --
> Daan
>
>
>
>
> --
> Daan
>
>
>
>
> --
> Daan
>



-- 
Daan

Mime
View raw message