incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kishan Kavala <Kishan.Kav...@citrix.com>
Subject RE: Questions related to nTier Apps 2.0
Date Thu, 24 Jan 2013 09:59:40 GMT


> -----Original Message-----
> From: Manan Shah [mailto:manan.shah@citrix.com]
> Sent: Thursday, 17 January 2013 5:13 AM
> To: cloudstack-dev@incubator.apache.org
> Subject: Questions related to nTier Apps 2.0
> 
> Kishan,
> 
> I reviewed the FS and I have quite a few questions. Please see the questions
> below and let me know your thoughts.
> 
> We should try and capture all of these items in the nTier Apps 2.0 FS / Design
> spec if possible:
> 
> 
> Open Questions:
> 
> 1. Requirement 2.1: Combine VR and VPC VR:
>      * Are we going to do this one or not?
>      * If we do, would we support FW as well as Network ACLs or both? Are we
> going to deprecate one of the terminologies and stick to one?
>           * Currently, Ingress FW is applied on Public IP and Network ACLs is on
> the private network
>      * Upgrade: On upgrade, would all isolated networks go away and become
> VPCs with 1 tier each?

[KK] This is a huge item and currently unassigned. 

> 2. Requirement 2.2: Load Balancing on all Tiers:
>      * Assuming VPC VR is providing LB service for all tiers, would the LB on
> non-web tiers have a private LB VIP or would it have to be public VIP?
> Meaning can I go from web-tier to app tier LB without NAT?


[KK] Yes, LB will be supported across tiers without requiring NAT

> 3. Requirement 2.4: Physical Devices support:
>      * Would we support both in-line as well as side-by-side mode?


[KK] Only in-line mode will be supported.

>      * Would we support external LB when using LB service for tier-to-tier
> traffic?


[KK] Yes

>      * What role will VPC VR play? Only DHCP and DNS? What about tier-to-tier
> Network ACLs?

[KK]  Tier to tier traffic will still go though VR Network ACLs

>       * What about S2S VPN, Private GWs?
>      * For SRX, we lose the IP CIDR flexibility, how will this impact VPC?

 [KK] This should not be impacted  by external LB

>      * Upgrade: Would we continue to upgrade VPC Tier Network from one
> that doesn't support external devices to the one with external devices?


[KK] Upgrade won't be supported

> 4. Requirement 2.5: KVM Support:
>      * Are we going to pick this one up? Is the sub-feature complete?

[KK] Marcus has already completed this. I'll check if there are any gaps still.

> 5. Requirement 2.6: Blacklist of Routes:
>      * Assuming we will allow a list to be entered 

[KK] Admin can specify a list using global config.

6. Requirement 2.8: Static
> Routes on VPN Gateway:
>      * Is this happening?

[KK] This is not technically feasible since VPN is policy based

> 7. Requirement 2.9: Remote-access VPN on VPC
>      * Is this happening?


[KK] This is not happening. Also 2.1 should take care of this.

> 8. Requirement 2.11: Ability to give tiers any CIDR, not just from super-net
>      * Why not just remove the CIDR specification on VPC creation?

[KK]  Yes, CIDR specification can be removed.

> 9. Requirement 2.14: Allow ACL on all layer 4 protocols
>      * I believe the customers wanted more flexibility on protocols than just
> adding a "All" keyword 10. Requirement 

[KK] I'll make it more flexible to support protocol number.

2.15: Support guest networks
> outside of RFC 1918 addresses
>      * Should we have admins specifically allow this feature?
>      * Why is this restriction placed? Even if a network is re-used, wouldn't it go
> out through NAT?


[KK]  I'll get back to you on this.

> 11. Requirement 2.17: Redundant VR for VPC: Is this happening?

[KK]  This is not happening

> 
> 
> Regards,
> Manan Shah


Mime
View raw message