RE: [PROPOSAL] distributed routing and network ACL with OVS plug-in

[Sanjeev Neelarapu <sa...@citrix.com>]

Hi,

Following are the review comments on the FS:

How many regions level vpcs we can create?
Any limit on no.of tiers in each vpc(limit on no.of patch ports)?
What are the admin APIs we are going to add for trouble shooting?
How long the tunnels are active even though they are idle?
Any configuration parameter for keeping tunnels alive?
Any cli on hypervisor to troubleshoot ovs tunnels and flows?
APIs to list the hosts on which a network spans?
APIs to list the hosts on which vpc spans?
API to list the vpcs span on the host?
API to list the networks span on the host?
Any flush time for the flows created on the ovs bridge?
Even with distributed routing are we going to apply NetworkACLs on vpcVR for inter-tier communication?
What are the possible scenarios to disable the logical router?
What is the fall back mechanism in case of failure in creating full tunnel mesh? Are we going to clean the existing tunnels between the hosts?
Any control on enabling/disabling logical router on a host?
When a logical router can be created, and deleted?
When we delete a tier from vpc do we delete the bridges and tunnels for that tier from all the hosts on which vpc spans?
When we put one of the hosts on which vpc spans into maintenance mode what are the actions that would take place on that host?
Do we generate any events and alerts for creating and deleting tunnels and flows?
Any events and alerts for creating and deleting bridges and logical routers?
What will happen in case of migrating vpcVR to a host on which logicalVR is already enabled?
Any new tables we are adding in cloud DB for mapping the networks and vpcs spanned across the hosts?
Can we have mix of region level vpcs and zone level vpcs?

Thanks,
Sanjeev

-----Original Message-----
From: Murali Reddy [mailto:Murali.Reddy@citrix.com] 
Sent: Monday, February 24, 2014 3:51 AM
To: dev@cloudstack.apache.org
Subject: [PROPOSAL] distributed routing and network ACL with OVS plug-in

I would like to propose an enhancement to OVS plug-in to support distributed routing and network ACL's for 4.4. Tracking bug is [1] and functional specification is available at [2]. This proposal is complementary to proposed reason level VPC feature [3][4] to avoid traffic trombone [5] problem.

Please share your feedback.

[1] https://issues.apache.org/jira/browse/CLOUDSTACK-6161
[2]
https://cwiki.apache.org/confluence/display/CLOUDSTACK/OVS+distributed+rout
ing+and+network+ACL
[3] http://markmail.org/message/mzefophgoth5hr53
[4]cwiki.apache.org/confluence/display/CLOUDSTACK/Region+level+VPC+and+gues
t+network+spanning+multiple+zones
[5]http://blog.ipspace.net/2011/02/traffic-trombone-what-it-is-and-how-you.
html