incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sheng Yang <sh...@yasker.org>
Subject Re: Status of VPC
Date Tue, 04 Sep 2012 21:47:01 GMT
On Tue, Sep 4, 2012 at 1:47 PM, Alena Prokharchyk
<Alena.Prokharchyk@citrix.com> wrote:
> On 9/4/12 1:11 PM, "Marcus Sorensen" <shadowsor@gmail.com> wrote:
>
>>Thanks for replying.
>>
>>On Tue, Sep 4, 2012 at 1:41 PM, Alena Prokharchyk
>><Alena.Prokharchyk@citrix.com> wrote:
>>> On 9/4/12 10:21 AM, "Marcus Sorensen" <shadowsor@gmail.com> wrote:
>>>
>>>>I've been working on bringing KVM up to speed on the VPC stuff, and
>>>>there are a few things I've come across that seem to be incomplete for
>>>>Xen as well. I'd just like to get some feedback on the current state
>>>>of VPC. I believe these are not specific issues to my implementation,
>>>>but if they should be working please say something so I can find my
>>>>problem.
>>>>
>>>>static routes - currently there doesn't seem to be anything creating
>>>>ip rules to point to the static_route table, nor does there seem to be
>>>>anything creating the static_route table, although vpc_staticroute.sh
>>>>attempts to modify it
>>>
>>> Anthony, do we add static_route table automatically when the private
>>> gateway is created?
>>>
>>
>>I grepped through the code, and the only thing I could find adding ip
>>rules was ipassoc.sh (the Table_eth* tables) and the only thing I
>>could find doing stuff with a static_route routing table was
>>vpc_staticroute.sh (which complains that table static_route doesn't
>>exist).
>>
>>>
>>>>
>>>>vpn - there is a script vpc_vpn_l2tp.sh, but I can't find anything
>>>>actually utilizing it. I assume there is no working vpn support in any
>>>>platform's Vpc implementation.
>>>
>>> There is no RemoteAccessVPN support in VPC. We support S2S VPN only.
>>>
>>
>>So that vpc_vpn_l2tp.sh is to be ignored/removed? I do see that there
>>are existing Site2Site commands in both the Citrix resouce and the KVM
>>one, I believe they are the existing ones that call ipsectunnel.sh,
>>this will work with VPC without modification, or is the Xen stuff just
>>not that far along yet? Or perhaps better stated, please tell me what
>>VPN support Xen currently has with VPC and the associated commands so
>>I may emulate them for KVM.
>
> It will be ignored. We are not removing it because remote access vpn is
> supported in regular Isolated networks' Virtual Router. As we use the same
> template for VPC/Regular Virtual router, we are just going to maintain 2
> sets of scripts, and call them based on context (based on the fact if
> router belongs to VPC network or regular network)
>
> At the moment, We block Remote Access VPN commands to be executed against
> vpc guest networks, on API level. Sheng, please confirm.

I think we just blocked them from UI now. Need to block it from API as well.

--Sheng
>
> -Alena.
>
>>
>>>>
>>>>password - I've seen some emails regarding this, that the password
>>>>server doesn't seem to be set up for the various private nics
>>>
>>> I'll put the fix to master branch today.
>>>
>>>>
>>>>network ACLs - The functional spec states that all outgoing traffic
>>>>for guest networks is allowed, however I don't see any acls whatsoever
>>>>when creating new tiers
>>>
>>>
>>> I suspect it wasn't merged to master branch yet. Anthony, please do it.
>>>>
>>>
>>>
>>
>
>

Mime
View raw message