VPG only in VPC VRs?

[Chip Childers <ch...@sungard.com>]

Can someone explain the history / reasoning around why VPG's are only
available for VPC VRs?

And while we're at it...  how about the same question around
Site-to-site VPN's (and client VPN's in reverse)?

Thanks!

-chip

RE: VPG only in VPC VRs?

[Anthony Xu <Xu...@citrix.com>]

VPC VR doesn't have remote access VPN and public IP based firewall.


Anthony

-----Original Message-----
From: Marcus Sorensen [mailto:shadowsor@gmail.com] 
Sent: Friday, August 23, 2013 12:31 PM
To: dev@cloudstack.apache.org
Cc: jeffrey.mcgovern@sungard.com
Subject: Re: VPG only in VPC VRs?

I agree with Chiradeep, but it brings up a point that in some future release we probably need to convert/migrate existing VR/isolated network combos into VPCs so we can deprecate them entirely, as well as migrate the applicable api calls into creating the functionally equivalent VPCs... or something like that.

I think VPC is probably also lacking in a few features yet, so they're not quite a replacement at the moment. Remote access VPN for example.

On Fri, Aug 23, 2013 at 1:22 PM, Chiradeep Vittal <Ch...@citrix.com> wrote:
> Are you asking why VR for isolated networks does not have this feature?
> I feel that isolated networks are legacy and whatever you want to do 
> with isolated networks you should be able to do with a VPC in a single tier.
>
>
> On 8/23/13 11:19 AM, "Chip Childers" <ch...@sungard.com> wrote:
>
>>Can someone explain the history / reasoning around why VPG's are only 
>>available for VPC VRs?
>>
>>And while we're at it...  how about the same question around 
>>Site-to-site VPN's (and client VPN's in reverse)?
>>
>>Thanks!
>>
>>-chip
>

Re: VPG only in VPC VRs?

[Chiradeep Vittal <Ch...@citrix.com>]

Slight correction: the templates are exactly the same. No difference.
Scripts may be different due to hot plug

On 8/23/13 1:32 PM, "Alena Prokharchyk" <Al...@citrix.com>
wrote:

>Also note that VPC VR uses different template and diff script sets from
>regular Isolated network's VR. Before the migration, we have to:
>
>1) Merge code base for VR and VPC VR. Use the same template for both.
>2)  As a part of the Java code merge:
>
>  *   The current VPC VR uses hot plug nic mechanism ­ originally it
>starts up with just 1 Control Nic, and (n) Public Nics + (n) Guest nics
>are being plugged/unplugged on demand ­ when Public IP address is
>acquired from the new Vlan, or when new Guest network is implemented in
>the VPC. This logic is handled by Java code.
>  *   Regular VR in Isolated network always starts up with pre-defined
>set of nics ­ Control, Public and Guest. There can be only one situation
>when new Nic is added to the VR ­ when new public IP address is acquired
>from the Vlan diff from the Source nat IP vlan. In this case we do plug
>the nic on the VR, but this logic is handled by the VR scripts. WE don't
>even create a nic entry in the DB for this new Nic.
>  *   After the merge, VR in regular Isolated network should also
>implement plug/unplug logic.
>
>3) Add the DB upgrade for existing customers (including template upgrade
>for existing Vrs)
>
>There more to do as a part of this fix, listed the above off the top of
>my head.
>
>-alena.
>
>From: Marcus Sorensen <sh...@gmail.com>>
>Reply-To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>"
><de...@cloudstack.apache.org>>
>Date: Friday, August 23, 2013 12:30 PM
>To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>"
><de...@cloudstack.apache.org>>
>Cc: "jeffrey.mcgovern@sungard.com<ma...@sungard.com>"
><je...@sungard.com>>
>Subject: Re: VPG only in VPC VRs?
>
>I agree with Chiradeep, but it brings up a point that in some future
>release we probably need to convert/migrate existing VR/isolated
>network combos into VPCs so we can deprecate them entirely, as well as
>migrate the applicable api calls into creating the functionally
>equivalent VPCs... or something like that.
>
>I think VPC is probably also lacking in a few features yet, so they're
>not quite a replacement at the moment. Remote access VPN for example.
>
>On Fri, Aug 23, 2013 at 1:22 PM, Chiradeep Vittal
><Ch...@citrix.com>> wrote:
>Are you asking why VR for isolated networks does not have this feature?
>I feel that isolated networks are legacy and whatever you want to do with
>isolated networks you should be able to do with a VPC in a single tier.
>
>
>On 8/23/13 11:19 AM, "Chip Childers"
><ch...@sungard.com>> wrote:
>
>Can someone explain the history / reasoning around why VPG's are only
>available for VPC VRs?
>
>And while we're at it...  how about the same question around
>Site-to-site VPN's (and client VPN's in reverse)?
>
>Thanks!
>
>-chip
>
>

Re: VPG only in VPC VRs?

[Alena Prokharchyk <Al...@citrix.com>]

Also note that VPC VR uses different template and diff script sets from regular Isolated network's VR. Before the migration, we have to:

1) Merge code base for VR and VPC VR. Use the same template for both.
2)  As a part of the Java code merge:

  *   The current VPC VR uses hot plug nic mechanism – originally it starts up with just 1 Control Nic, and (n) Public Nics + (n) Guest nics are being plugged/unplugged on demand – when Public IP address is acquired from the new Vlan, or when new Guest network is implemented in the VPC. This logic is handled by Java code.
  *   Regular VR in Isolated network always starts up with pre-defined set of nics – Control, Public and Guest. There can be only one situation when new Nic is added to the VR – when new public IP address is acquired from the Vlan diff from the Source nat IP vlan. In this case we do plug the nic on the VR, but this logic is handled by the VR scripts. WE don't even create a nic entry in the DB for this new Nic.
  *   After the merge, VR in regular Isolated network should also implement plug/unplug logic.

3) Add the DB upgrade for existing customers (including template upgrade for existing Vrs)

There more to do as a part of this fix, listed the above off the top of my head.

-alena.

From: Marcus Sorensen <sh...@gmail.com>>
Reply-To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>
Date: Friday, August 23, 2013 12:30 PM
To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>
Cc: "jeffrey.mcgovern@sungard.com<ma...@sungard.com>" <je...@sungard.com>>
Subject: Re: VPG only in VPC VRs?

I agree with Chiradeep, but it brings up a point that in some future
release we probably need to convert/migrate existing VR/isolated
network combos into VPCs so we can deprecate them entirely, as well as
migrate the applicable api calls into creating the functionally
equivalent VPCs... or something like that.

I think VPC is probably also lacking in a few features yet, so they're
not quite a replacement at the moment. Remote access VPN for example.

On Fri, Aug 23, 2013 at 1:22 PM, Chiradeep Vittal
<Ch...@citrix.com>> wrote:
Are you asking why VR for isolated networks does not have this feature?
I feel that isolated networks are legacy and whatever you want to do with
isolated networks you should be able to do with a VPC in a single tier.


On 8/23/13 11:19 AM, "Chip Childers" <ch...@sungard.com>> wrote:

Can someone explain the history / reasoning around why VPG's are only
available for VPC VRs?

And while we're at it...  how about the same question around
Site-to-site VPN's (and client VPN's in reverse)?

Thanks!

-chip

Re: VPG only in VPC VRs?

[Marcus Sorensen <sh...@gmail.com>]

I agree with Chiradeep, but it brings up a point that in some future
release we probably need to convert/migrate existing VR/isolated
network combos into VPCs so we can deprecate them entirely, as well as
migrate the applicable api calls into creating the functionally
equivalent VPCs... or something like that.

I think VPC is probably also lacking in a few features yet, so they're
not quite a replacement at the moment. Remote access VPN for example.

On Fri, Aug 23, 2013 at 1:22 PM, Chiradeep Vittal
<Ch...@citrix.com> wrote:
> Are you asking why VR for isolated networks does not have this feature?
> I feel that isolated networks are legacy and whatever you want to do with
> isolated networks you should be able to do with a VPC in a single tier.
>
>
> On 8/23/13 11:19 AM, "Chip Childers" <ch...@sungard.com> wrote:
>
>>Can someone explain the history / reasoning around why VPG's are only
>>available for VPC VRs?
>>
>>And while we're at it...  how about the same question around
>>Site-to-site VPN's (and client VPN's in reverse)?
>>
>>Thanks!
>>
>>-chip
>

Re: VPG only in VPC VRs?

[Chiradeep Vittal <Ch...@citrix.com>]

Are you asking why VR for isolated networks does not have this feature?
I feel that isolated networks are legacy and whatever you want to do with
isolated networks you should be able to do with a VPC in a single tier.


On 8/23/13 11:19 AM, "Chip Childers" <ch...@sungard.com> wrote:

>Can someone explain the history / reasoning around why VPG's are only
>available for VPC VRs?
>
>And while we're at it...  how about the same question around
>Site-to-site VPN's (and client VPN's in reverse)?
>
>Thanks!
>
>-chip