incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alena Prokharchyk <Alena.Prokharc...@citrix.com>
Subject Re: Status of VPC
Date Tue, 04 Sep 2012 20:47:34 GMT
On 9/4/12 1:11 PM, "Marcus Sorensen" <shadowsor@gmail.com> wrote:

>Thanks for replying.
>
>On Tue, Sep 4, 2012 at 1:41 PM, Alena Prokharchyk
><Alena.Prokharchyk@citrix.com> wrote:
>> On 9/4/12 10:21 AM, "Marcus Sorensen" <shadowsor@gmail.com> wrote:
>>
>>>I've been working on bringing KVM up to speed on the VPC stuff, and
>>>there are a few things I've come across that seem to be incomplete for
>>>Xen as well. I'd just like to get some feedback on the current state
>>>of VPC. I believe these are not specific issues to my implementation,
>>>but if they should be working please say something so I can find my
>>>problem.
>>>
>>>static routes - currently there doesn't seem to be anything creating
>>>ip rules to point to the static_route table, nor does there seem to be
>>>anything creating the static_route table, although vpc_staticroute.sh
>>>attempts to modify it
>>
>> Anthony, do we add static_route table automatically when the private
>> gateway is created?
>>
>
>I grepped through the code, and the only thing I could find adding ip
>rules was ipassoc.sh (the Table_eth* tables) and the only thing I
>could find doing stuff with a static_route routing table was
>vpc_staticroute.sh (which complains that table static_route doesn't
>exist).
>
>>
>>>
>>>vpn - there is a script vpc_vpn_l2tp.sh, but I can't find anything
>>>actually utilizing it. I assume there is no working vpn support in any
>>>platform's Vpc implementation.
>>
>> There is no RemoteAccessVPN support in VPC. We support S2S VPN only.
>>
>
>So that vpc_vpn_l2tp.sh is to be ignored/removed? I do see that there
>are existing Site2Site commands in both the Citrix resouce and the KVM
>one, I believe they are the existing ones that call ipsectunnel.sh,
>this will work with VPC without modification, or is the Xen stuff just
>not that far along yet? Or perhaps better stated, please tell me what
>VPN support Xen currently has with VPC and the associated commands so
>I may emulate them for KVM.

It will be ignored. We are not removing it because remote access vpn is
supported in regular Isolated networks' Virtual Router. As we use the same
template for VPC/Regular Virtual router, we are just going to maintain 2
sets of scripts, and call them based on context (based on the fact if
router belongs to VPC network or regular network)

At the moment, We block Remote Access VPN commands to be executed against
vpc guest networks, on API level. Sheng, please confirm.

-Alena.

>
>>>
>>>password - I've seen some emails regarding this, that the password
>>>server doesn't seem to be set up for the various private nics
>>
>> I'll put the fix to master branch today.
>>
>>>
>>>network ACLs - The functional spec states that all outgoing traffic
>>>for guest networks is allowed, however I don't see any acls whatsoever
>>>when creating new tiers
>>
>>
>> I suspect it wasn't merged to master branch yet. Anthony, please do it.
>>>
>>
>>
>



Mime
View raw message