You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Daan Hoogland <da...@gmail.com> on 2014/05/23 11:06:21 UTC
[DISCUSS] vpc gateway networks are guestnetworks
Hi,
please considder this ugly peace of my work I am now compiling into
cloudstack master VpcManagerImpl.createVpcPrivateGateway(..) that will
fix a bug:
{ // experimental block, this is a hack
// set vpc id in network to null
// might be needed for all types of broadcast domains
// the ugly hack is that vpc gateway nets are created as
guest network
// while they are not.
// A more permanent solution would be to define a type of
'gatewaynetwork'
// so that handling code is not mixed between the two
NetworkVO gatewaynet = _ntwkDao.findById(privateNtwk.getId());
gatewaynet.setVpcId(vpcId);
_ntwkDao.persist(gatewaynet);
}
the problem I want to solve is that vpc routers, when restarting
assign the ip of the gateway to their gw-interface [1]. this is a ip
conflict and it has bitten us. My first take was to create the network
without passing the vpc id but that lead to all kinds of errors so I
reverted. It seemed cleaner then this solution I am scheming for now.
If this doesn't lead to obvious errors in my environment I will commit
and be happy to again revert when integration tests fail. It is in any
case not a permanent solution.
Question: should the network for gateways be a special type that is
handled almost the same as guest network (except for in this case) or
is more refactoring needed?
in any case I think this is something that will have to be dealt with soon.
One consideration on the side: I want to add a next-hop field to the
cidrs on the gateway so that it is possible to create a network with
more vpcs that direct traffic to each other. The use case for this is
a vpc for a customers mangement network connected to one for
production and one for acceptance and one ....
please flame, criticize or pose your questions
[1] https://issues.apache.org/jira/browse/CLOUDSTACK-6485
--
Daan
Re: [DISCUSS] vpc gateway networks are guestnetworks
Posted by Daan Hoogland <da...@gmail.com>.
valid questions. i will answer in line shortly and expand later (on the wiki)
On Tue, Jun 3, 2014 at 12:51 AM, Chiradeep Vittal
<Ch...@citrix.com> wrote:
> Hi Daan,
>
> Thanks for the visual. It helps, but the use case outlined seems possible
> with a single VPC?
The organisation at Schuberg Philis choose for heavy use of vpcs. The
request for extra inter-vpc traffic possibilities is a consequence.
> Assuming that for some reason (please educate us) it is not possible to use
> a single VPC, it appears to me that we are inventing a new network type
> (“InterVPC”).
This 'type' already exists. the private gateway functionality
automatically creates it and will also delete it when the gw is
removed.
> Who “owns” this network? Who creates it, updates it, deletes it, can read
> it?
it is created when first attached to a private gateway and will be
deleted when the last private gw is removed from it.
> Is it instantiated from a network offering?
yes, a system offering, but it should be possible to use other offerings.
> If so, what is the
> restriction on this network offering?
TBD
> Can it have an LB for instance?
No unless. we will have to look at redundant routers for vpcs. that
would invalidate one of the use cases for this network.
> Can
> multiple tenants attach to a single “intervpc” network?
related to IAM. I have not decided on this. It would be nice
functionality but also complicates security. First version? No. I will
keep an open mind to it because I don't want to design something that
blocks it.
> Can we extend the private gateway feature to this intervpc use case?
The network part is actually quite simple. there are cidrs but only a
single endpoint. We have to add an endpoint per cidr. The present cidr
can be removed or defined to be the default.
>
> From: Daan Hoogland <da...@gmail.com>
> Date: Monday, June 2, 2014 at 3:42 AM
>
> To: Chiradeep Vittal <ch...@citrix.com>
> Cc: Alena Prokharchyk <Al...@citrix.com>, Sheng Yang
> <Sh...@citrix.com>, Alex Huang <Al...@citrix.com>,
> "dev@cloudstack.apache.org" <de...@cloudstack.apache.org>, Jayapal Reddy Uradi
> <ja...@citrix.com>
> Subject: Re: [DISCUSS] vpc gateway networks are guestnetworks
>
> H,
>
> Please, have a look at the example picture in
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/inter+vpc+network
>
> It depicts a mix of the use cases I described earlier and gives an
> overview of the possibilities required.
>
> regards,
> Daan
>
> On Tue, May 27, 2014 at 10:15 PM, Daan Hoogland <da...@gmail.com>
> wrote:
>
> Absolutely, will be next week I am afraid.
>
> On Tue, May 27, 2014 at 7:04 PM, Chiradeep Vittal
> <Ch...@citrix.com> wrote:
>
> Hi Daan,
>
> Sounds interesting! Could I beg you to post some images / figures and more
> text so that I can understand better?
>
> Thanks
> —
> Chiradeep
>
> From: Daan Hoogland <da...@gmail.com>
> Date: Monday, May 26, 2014 at 3:39 AM
> To: Chiradeep Vittal <ch...@citrix.com>
> Cc: Alena Prokharchyk <Al...@citrix.com>, Sheng Yang
> <Sh...@citrix.com>, Alex Huang <Al...@citrix.com>,
> "dev@cloudstack.apache.org" <de...@cloudstack.apache.org>, Jayapal Reddy Uradi
> <ja...@citrix.com>
> Subject: Re: [DISCUSS] vpc gateway networks are guestnetworks
>
> Chiradeep,
>
> I read the vpc-peering option again and it seems not to give us
> enough. We want a superset of this feature where more then two vpc can
> be connected to the same intervpc network. Use cases are
> - have a single monitor and other management devices for several
> applications in different vpcs
> - have a promotion mechanism across test/acceptance/prod/postprod
> environments
> - (as long as we don't have redundant vpc routers) have a management
> environment connected to two vpc's to manage fail-over/dr scenario's
>
> using all peer to peer connections for this can get rather mashy.
> What do you think?
>
> Daan
>
>
> On Fri, May 23, 2014 at 10:56 PM, Daan Hoogland <da...@gmail.com>
> wrote:
>
> As you can see it isn’t trivial.
>
> I guess you refer to the overlapping cidrs. I am afraid that some
> responsibility here will have to lay with the domain admin(s). If we
> limit inter vpc networks to one domain we can enforce the ip ranges
> not to overlap.
>
> the routing problem is tackled by a next hop field near the cidr.
>
> I am sure I am missing some other non trivial challenges.
>
> On Fri, May 23, 2014 at 7:23 PM, Chiradeep Vittal
> <Ch...@citrix.com> wrote:
>
> I guess the ‘proper’ way to have done this would be to have a
> ‘createPrivateGateway’ API that is independent of the vpc and a
> attachPrivateGateway that attaches it to the vpc.
>
> Re: next hop, I’d like to see an FS for this feature. It seems to me that it
> is very similar to VPC peering (http://goo.gl/Y7tNkM).
> As you can see it isn’t trivial.
>
> From: Daan Hoogland <da...@gmail.com>
> Date: Friday, May 23, 2014 at 2:06 AM
> To: Chiradeep Vittal <ch...@citrix.com>, Alena Prokharchyk
> <Al...@citrix.com>, Sheng Yang <Sh...@citrix.com>, Alex
> Huang <Al...@citrix.com>
> Cc: "dev@cloudstack.apache.org" <de...@cloudstack.apache.org>
> Subject: [DISCUSS] vpc gateway networks are guestnetworks
>
> Hi,
>
> please considder this ugly peace of my work I am now compiling into
> cloudstack master VpcManagerImpl.createVpcPrivateGateway(..) that will
> fix a bug:
>
> { // experimental block, this is a hack
> // set vpc id in network to null
> // might be needed for all types of broadcast domains
> // the ugly hack is that vpc gateway nets are created as
> guest network
> // while they are not.
> // A more permanent solution would be to define a type of
> 'gatewaynetwork'
> // so that handling code is not mixed between the two
> NetworkVO gatewaynet = _ntwkDao.findById(privateNtwk.getId());
> gatewaynet.setVpcId(vpcId);
> _ntwkDao.persist(gatewaynet);
> }
>
> the problem I want to solve is that vpc routers, when restarting
> assign the ip of the gateway to their gw-interface [1]. this is a ip
> conflict and it has bitten us. My first take was to create the network
> without passing the vpc id but that lead to all kinds of errors so I
> reverted. It seemed cleaner then this solution I am scheming for now.
> If this doesn't lead to obvious errors in my environment I will commit
> and be happy to again revert when integration tests fail. It is in any
> case not a permanent solution.
>
> Question: should the network for gateways be a special type that is
> handled almost the same as guest network (except for in this case) or
> is more refactoring needed?
> in any case I think this is something that will have to be dealt with soon.
>
> One consideration on the side: I want to add a next-hop field to the
> cidrs on the gateway so that it is possible to create a network with
> more vpcs that direct traffic to each other. The use case for this is
> a vpc for a customers mangement network connected to one for
> production and one for acceptance and one ....
>
> please flame, criticize or pose your questions
>
> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-6485
>
> --
> Daan
>
>
>
>
> --
> Daan
>
>
>
>
> --
> Daan
>
>
>
>
> --
> Daan
>
>
>
>
> --
> Daan
>
--
Daan
Re: [DISCUSS] vpc gateway networks are guestnetworks
Posted by Chiradeep Vittal <Ch...@citrix.com>.
Hi Daan,
Thanks for the visual. It helps, but the use case outlined seems possible with a single VPC?
Assuming that for some reason (please educate us) it is not possible to use a single VPC, it appears to me that we are inventing a new network type (“InterVPC”).
Who “owns” this network? Who creates it, updates it, deletes it, can read it? Is it instantiated from a network offering? If so, what is the restriction on this network offering? Can it have an LB for instance? Can multiple tenants attach to a single “intervpc” network?
Can we extend the private gateway feature to this intervpc use case?
From: Daan Hoogland <da...@gmail.com>>
Date: Monday, June 2, 2014 at 3:42 AM
To: Chiradeep Vittal <ch...@citrix.com>>
Cc: Alena Prokharchyk <Al...@citrix.com>>, Sheng Yang <Sh...@citrix.com>>, Alex Huang <Al...@citrix.com>>, "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>, Jayapal Reddy Uradi <ja...@citrix.com>>
Subject: Re: [DISCUSS] vpc gateway networks are guestnetworks
H,
Please, have a look at the example picture in
https://cwiki.apache.org/confluence/display/CLOUDSTACK/inter+vpc+network
It depicts a mix of the use cases I described earlier and gives an
overview of the possibilities required.
regards,
Daan
On Tue, May 27, 2014 at 10:15 PM, Daan Hoogland <da...@gmail.com>> wrote:
Absolutely, will be next week I am afraid.
On Tue, May 27, 2014 at 7:04 PM, Chiradeep Vittal
<Ch...@citrix.com>> wrote:
Hi Daan,
Sounds interesting! Could I beg you to post some images / figures and more
text so that I can understand better?
Thanks
—
Chiradeep
From: Daan Hoogland <da...@gmail.com>>
Date: Monday, May 26, 2014 at 3:39 AM
To: Chiradeep Vittal <ch...@citrix.com>>
Cc: Alena Prokharchyk <Al...@citrix.com>>, Sheng Yang
<Sh...@citrix.com>>, Alex Huang <Al...@citrix.com>>,
"dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>, Jayapal Reddy Uradi
<ja...@citrix.com>>
Subject: Re: [DISCUSS] vpc gateway networks are guestnetworks
Chiradeep,
I read the vpc-peering option again and it seems not to give us
enough. We want a superset of this feature where more then two vpc can
be connected to the same intervpc network. Use cases are
- have a single monitor and other management devices for several
applications in different vpcs
- have a promotion mechanism across test/acceptance/prod/postprod
environments
- (as long as we don't have redundant vpc routers) have a management
environment connected to two vpc's to manage fail-over/dr scenario's
using all peer to peer connections for this can get rather mashy.
What do you think?
Daan
On Fri, May 23, 2014 at 10:56 PM, Daan Hoogland <da...@gmail.com>>
wrote:
As you can see it isn’t trivial.
I guess you refer to the overlapping cidrs. I am afraid that some
responsibility here will have to lay with the domain admin(s). If we
limit inter vpc networks to one domain we can enforce the ip ranges
not to overlap.
the routing problem is tackled by a next hop field near the cidr.
I am sure I am missing some other non trivial challenges.
On Fri, May 23, 2014 at 7:23 PM, Chiradeep Vittal
<Ch...@citrix.com>> wrote:
I guess the ‘proper’ way to have done this would be to have a
‘createPrivateGateway’ API that is independent of the vpc and a
attachPrivateGateway that attaches it to the vpc.
Re: next hop, I’d like to see an FS for this feature. It seems to me that it
is very similar to VPC peering (http://goo.gl/Y7tNkM).
As you can see it isn’t trivial.
From: Daan Hoogland <da...@gmail.com>>
Date: Friday, May 23, 2014 at 2:06 AM
To: Chiradeep Vittal <ch...@citrix.com>>, Alena Prokharchyk
<Al...@citrix.com>>, Sheng Yang <Sh...@citrix.com>>, Alex
Huang <Al...@citrix.com>>
Cc: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>
Subject: [DISCUSS] vpc gateway networks are guestnetworks
Hi,
please considder this ugly peace of my work I am now compiling into
cloudstack master VpcManagerImpl.createVpcPrivateGateway(..) that will
fix a bug:
{ // experimental block, this is a hack
// set vpc id in network to null
// might be needed for all types of broadcast domains
// the ugly hack is that vpc gateway nets are created as
guest network
// while they are not.
// A more permanent solution would be to define a type of
'gatewaynetwork'
// so that handling code is not mixed between the two
NetworkVO gatewaynet = _ntwkDao.findById(privateNtwk.getId());
gatewaynet.setVpcId(vpcId);
_ntwkDao.persist(gatewaynet);
}
the problem I want to solve is that vpc routers, when restarting
assign the ip of the gateway to their gw-interface [1]. this is a ip
conflict and it has bitten us. My first take was to create the network
without passing the vpc id but that lead to all kinds of errors so I
reverted. It seemed cleaner then this solution I am scheming for now.
If this doesn't lead to obvious errors in my environment I will commit
and be happy to again revert when integration tests fail. It is in any
case not a permanent solution.
Question: should the network for gateways be a special type that is
handled almost the same as guest network (except for in this case) or
is more refactoring needed?
in any case I think this is something that will have to be dealt with soon.
One consideration on the side: I want to add a next-hop field to the
cidrs on the gateway so that it is possible to create a network with
more vpcs that direct traffic to each other. The use case for this is
a vpc for a customers mangement network connected to one for
production and one for acceptance and one ....
please flame, criticize or pose your questions
[1] https://issues.apache.org/jira/browse/CLOUDSTACK-6485
--
Daan
--
Daan
--
Daan
--
Daan
--
Daan
Re: [DISCUSS] vpc gateway networks are guestnetworks
Posted by Daan Hoogland <da...@gmail.com>.
H,
Please, have a look at the example picture in
https://cwiki.apache.org/confluence/display/CLOUDSTACK/inter+vpc+network
It depicts a mix of the use cases I described earlier and gives an
overview of the possibilities required.
regards,
Daan
On Tue, May 27, 2014 at 10:15 PM, Daan Hoogland <da...@gmail.com> wrote:
> Absolutely, will be next week I am afraid.
>
> On Tue, May 27, 2014 at 7:04 PM, Chiradeep Vittal
> <Ch...@citrix.com> wrote:
>> Hi Daan,
>>
>> Sounds interesting! Could I beg you to post some images / figures and more
>> text so that I can understand better?
>>
>> Thanks
>> —
>> Chiradeep
>>
>> From: Daan Hoogland <da...@gmail.com>
>> Date: Monday, May 26, 2014 at 3:39 AM
>> To: Chiradeep Vittal <ch...@citrix.com>
>> Cc: Alena Prokharchyk <Al...@citrix.com>, Sheng Yang
>> <Sh...@citrix.com>, Alex Huang <Al...@citrix.com>,
>> "dev@cloudstack.apache.org" <de...@cloudstack.apache.org>, Jayapal Reddy Uradi
>> <ja...@citrix.com>
>> Subject: Re: [DISCUSS] vpc gateway networks are guestnetworks
>>
>> Chiradeep,
>>
>> I read the vpc-peering option again and it seems not to give us
>> enough. We want a superset of this feature where more then two vpc can
>> be connected to the same intervpc network. Use cases are
>> - have a single monitor and other management devices for several
>> applications in different vpcs
>> - have a promotion mechanism across test/acceptance/prod/postprod
>> environments
>> - (as long as we don't have redundant vpc routers) have a management
>> environment connected to two vpc's to manage fail-over/dr scenario's
>>
>> using all peer to peer connections for this can get rather mashy.
>> What do you think?
>>
>> Daan
>>
>>
>> On Fri, May 23, 2014 at 10:56 PM, Daan Hoogland <da...@gmail.com>
>> wrote:
>>
>> As you can see it isn’t trivial.
>>
>> I guess you refer to the overlapping cidrs. I am afraid that some
>> responsibility here will have to lay with the domain admin(s). If we
>> limit inter vpc networks to one domain we can enforce the ip ranges
>> not to overlap.
>>
>> the routing problem is tackled by a next hop field near the cidr.
>>
>> I am sure I am missing some other non trivial challenges.
>>
>> On Fri, May 23, 2014 at 7:23 PM, Chiradeep Vittal
>> <Ch...@citrix.com> wrote:
>>
>> I guess the ‘proper’ way to have done this would be to have a
>> ‘createPrivateGateway’ API that is independent of the vpc and a
>> attachPrivateGateway that attaches it to the vpc.
>>
>> Re: next hop, I’d like to see an FS for this feature. It seems to me that it
>> is very similar to VPC peering (http://goo.gl/Y7tNkM).
>> As you can see it isn’t trivial.
>>
>> From: Daan Hoogland <da...@gmail.com>
>> Date: Friday, May 23, 2014 at 2:06 AM
>> To: Chiradeep Vittal <ch...@citrix.com>, Alena Prokharchyk
>> <Al...@citrix.com>, Sheng Yang <Sh...@citrix.com>, Alex
>> Huang <Al...@citrix.com>
>> Cc: "dev@cloudstack.apache.org" <de...@cloudstack.apache.org>
>> Subject: [DISCUSS] vpc gateway networks are guestnetworks
>>
>> Hi,
>>
>> please considder this ugly peace of my work I am now compiling into
>> cloudstack master VpcManagerImpl.createVpcPrivateGateway(..) that will
>> fix a bug:
>>
>> { // experimental block, this is a hack
>> // set vpc id in network to null
>> // might be needed for all types of broadcast domains
>> // the ugly hack is that vpc gateway nets are created as
>> guest network
>> // while they are not.
>> // A more permanent solution would be to define a type of
>> 'gatewaynetwork'
>> // so that handling code is not mixed between the two
>> NetworkVO gatewaynet = _ntwkDao.findById(privateNtwk.getId());
>> gatewaynet.setVpcId(vpcId);
>> _ntwkDao.persist(gatewaynet);
>> }
>>
>> the problem I want to solve is that vpc routers, when restarting
>> assign the ip of the gateway to their gw-interface [1]. this is a ip
>> conflict and it has bitten us. My first take was to create the network
>> without passing the vpc id but that lead to all kinds of errors so I
>> reverted. It seemed cleaner then this solution I am scheming for now.
>> If this doesn't lead to obvious errors in my environment I will commit
>> and be happy to again revert when integration tests fail. It is in any
>> case not a permanent solution.
>>
>> Question: should the network for gateways be a special type that is
>> handled almost the same as guest network (except for in this case) or
>> is more refactoring needed?
>> in any case I think this is something that will have to be dealt with soon.
>>
>> One consideration on the side: I want to add a next-hop field to the
>> cidrs on the gateway so that it is possible to create a network with
>> more vpcs that direct traffic to each other. The use case for this is
>> a vpc for a customers mangement network connected to one for
>> production and one for acceptance and one ....
>>
>> please flame, criticize or pose your questions
>>
>> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-6485
>>
>> --
>> Daan
>>
>>
>>
>>
>> --
>> Daan
>>
>>
>>
>>
>> --
>> Daan
>>
>
>
>
> --
> Daan
--
Daan
Re: [DISCUSS] vpc gateway networks are guestnetworks
Posted by Daan Hoogland <da...@gmail.com>.
Absolutely, will be next week I am afraid.
On Tue, May 27, 2014 at 7:04 PM, Chiradeep Vittal
<Ch...@citrix.com> wrote:
> Hi Daan,
>
> Sounds interesting! Could I beg you to post some images / figures and more
> text so that I can understand better?
>
> Thanks
> —
> Chiradeep
>
> From: Daan Hoogland <da...@gmail.com>
> Date: Monday, May 26, 2014 at 3:39 AM
> To: Chiradeep Vittal <ch...@citrix.com>
> Cc: Alena Prokharchyk <Al...@citrix.com>, Sheng Yang
> <Sh...@citrix.com>, Alex Huang <Al...@citrix.com>,
> "dev@cloudstack.apache.org" <de...@cloudstack.apache.org>, Jayapal Reddy Uradi
> <ja...@citrix.com>
> Subject: Re: [DISCUSS] vpc gateway networks are guestnetworks
>
> Chiradeep,
>
> I read the vpc-peering option again and it seems not to give us
> enough. We want a superset of this feature where more then two vpc can
> be connected to the same intervpc network. Use cases are
> - have a single monitor and other management devices for several
> applications in different vpcs
> - have a promotion mechanism across test/acceptance/prod/postprod
> environments
> - (as long as we don't have redundant vpc routers) have a management
> environment connected to two vpc's to manage fail-over/dr scenario's
>
> using all peer to peer connections for this can get rather mashy.
> What do you think?
>
> Daan
>
>
> On Fri, May 23, 2014 at 10:56 PM, Daan Hoogland <da...@gmail.com>
> wrote:
>
> As you can see it isn’t trivial.
>
> I guess you refer to the overlapping cidrs. I am afraid that some
> responsibility here will have to lay with the domain admin(s). If we
> limit inter vpc networks to one domain we can enforce the ip ranges
> not to overlap.
>
> the routing problem is tackled by a next hop field near the cidr.
>
> I am sure I am missing some other non trivial challenges.
>
> On Fri, May 23, 2014 at 7:23 PM, Chiradeep Vittal
> <Ch...@citrix.com> wrote:
>
> I guess the ‘proper’ way to have done this would be to have a
> ‘createPrivateGateway’ API that is independent of the vpc and a
> attachPrivateGateway that attaches it to the vpc.
>
> Re: next hop, I’d like to see an FS for this feature. It seems to me that it
> is very similar to VPC peering (http://goo.gl/Y7tNkM).
> As you can see it isn’t trivial.
>
> From: Daan Hoogland <da...@gmail.com>
> Date: Friday, May 23, 2014 at 2:06 AM
> To: Chiradeep Vittal <ch...@citrix.com>, Alena Prokharchyk
> <Al...@citrix.com>, Sheng Yang <Sh...@citrix.com>, Alex
> Huang <Al...@citrix.com>
> Cc: "dev@cloudstack.apache.org" <de...@cloudstack.apache.org>
> Subject: [DISCUSS] vpc gateway networks are guestnetworks
>
> Hi,
>
> please considder this ugly peace of my work I am now compiling into
> cloudstack master VpcManagerImpl.createVpcPrivateGateway(..) that will
> fix a bug:
>
> { // experimental block, this is a hack
> // set vpc id in network to null
> // might be needed for all types of broadcast domains
> // the ugly hack is that vpc gateway nets are created as
> guest network
> // while they are not.
> // A more permanent solution would be to define a type of
> 'gatewaynetwork'
> // so that handling code is not mixed between the two
> NetworkVO gatewaynet = _ntwkDao.findById(privateNtwk.getId());
> gatewaynet.setVpcId(vpcId);
> _ntwkDao.persist(gatewaynet);
> }
>
> the problem I want to solve is that vpc routers, when restarting
> assign the ip of the gateway to their gw-interface [1]. this is a ip
> conflict and it has bitten us. My first take was to create the network
> without passing the vpc id but that lead to all kinds of errors so I
> reverted. It seemed cleaner then this solution I am scheming for now.
> If this doesn't lead to obvious errors in my environment I will commit
> and be happy to again revert when integration tests fail. It is in any
> case not a permanent solution.
>
> Question: should the network for gateways be a special type that is
> handled almost the same as guest network (except for in this case) or
> is more refactoring needed?
> in any case I think this is something that will have to be dealt with soon.
>
> One consideration on the side: I want to add a next-hop field to the
> cidrs on the gateway so that it is possible to create a network with
> more vpcs that direct traffic to each other. The use case for this is
> a vpc for a customers mangement network connected to one for
> production and one for acceptance and one ....
>
> please flame, criticize or pose your questions
>
> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-6485
>
> --
> Daan
>
>
>
>
> --
> Daan
>
>
>
>
> --
> Daan
>
--
Daan
Re: [DISCUSS] vpc gateway networks are guestnetworks
Posted by Chiradeep Vittal <Ch...@citrix.com>.
Hi Daan,
Sounds interesting! Could I beg you to post some images / figures and more text so that I can understand better?
Thanks
—
Chiradeep
From: Daan Hoogland <da...@gmail.com>>
Date: Monday, May 26, 2014 at 3:39 AM
To: Chiradeep Vittal <ch...@citrix.com>>
Cc: Alena Prokharchyk <Al...@citrix.com>>, Sheng Yang <Sh...@citrix.com>>, Alex Huang <Al...@citrix.com>>, "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>, Jayapal Reddy Uradi <ja...@citrix.com>>
Subject: Re: [DISCUSS] vpc gateway networks are guestnetworks
Chiradeep,
I read the vpc-peering option again and it seems not to give us
enough. We want a superset of this feature where more then two vpc can
be connected to the same intervpc network. Use cases are
- have a single monitor and other management devices for several
applications in different vpcs
- have a promotion mechanism across test/acceptance/prod/postprod environments
- (as long as we don't have redundant vpc routers) have a management
environment connected to two vpc's to manage fail-over/dr scenario's
using all peer to peer connections for this can get rather mashy.
What do you think?
Daan
On Fri, May 23, 2014 at 10:56 PM, Daan Hoogland <da...@gmail.com>> wrote:
As you can see it isn’t trivial.
I guess you refer to the overlapping cidrs. I am afraid that some
responsibility here will have to lay with the domain admin(s). If we
limit inter vpc networks to one domain we can enforce the ip ranges
not to overlap.
the routing problem is tackled by a next hop field near the cidr.
I am sure I am missing some other non trivial challenges.
On Fri, May 23, 2014 at 7:23 PM, Chiradeep Vittal
<Ch...@citrix.com>> wrote:
I guess the ‘proper’ way to have done this would be to have a
‘createPrivateGateway’ API that is independent of the vpc and a
attachPrivateGateway that attaches it to the vpc.
Re: next hop, I’d like to see an FS for this feature. It seems to me that it
is very similar to VPC peering (http://goo.gl/Y7tNkM).
As you can see it isn’t trivial.
From: Daan Hoogland <da...@gmail.com>>
Date: Friday, May 23, 2014 at 2:06 AM
To: Chiradeep Vittal <ch...@citrix.com>>, Alena Prokharchyk
<Al...@citrix.com>>, Sheng Yang <Sh...@citrix.com>>, Alex
Huang <Al...@citrix.com>>
Cc: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>
Subject: [DISCUSS] vpc gateway networks are guestnetworks
Hi,
please considder this ugly peace of my work I am now compiling into
cloudstack master VpcManagerImpl.createVpcPrivateGateway(..) that will
fix a bug:
{ // experimental block, this is a hack
// set vpc id in network to null
// might be needed for all types of broadcast domains
// the ugly hack is that vpc gateway nets are created as
guest network
// while they are not.
// A more permanent solution would be to define a type of
'gatewaynetwork'
// so that handling code is not mixed between the two
NetworkVO gatewaynet = _ntwkDao.findById(privateNtwk.getId());
gatewaynet.setVpcId(vpcId);
_ntwkDao.persist(gatewaynet);
}
the problem I want to solve is that vpc routers, when restarting
assign the ip of the gateway to their gw-interface [1]. this is a ip
conflict and it has bitten us. My first take was to create the network
without passing the vpc id but that lead to all kinds of errors so I
reverted. It seemed cleaner then this solution I am scheming for now.
If this doesn't lead to obvious errors in my environment I will commit
and be happy to again revert when integration tests fail. It is in any
case not a permanent solution.
Question: should the network for gateways be a special type that is
handled almost the same as guest network (except for in this case) or
is more refactoring needed?
in any case I think this is something that will have to be dealt with soon.
One consideration on the side: I want to add a next-hop field to the
cidrs on the gateway so that it is possible to create a network with
more vpcs that direct traffic to each other. The use case for this is
a vpc for a customers mangement network connected to one for
production and one for acceptance and one ....
please flame, criticize or pose your questions
[1] https://issues.apache.org/jira/browse/CLOUDSTACK-6485
--
Daan
--
Daan
--
Daan
Re: [DISCUSS] vpc gateway networks are guestnetworks
Posted by Daan Hoogland <da...@gmail.com>.
Chiradeep,
I read the vpc-peering option again and it seems not to give us
enough. We want a superset of this feature where more then two vpc can
be connected to the same intervpc network. Use cases are
- have a single monitor and other management devices for several
applications in different vpcs
- have a promotion mechanism across test/acceptance/prod/postprod environments
- (as long as we don't have redundant vpc routers) have a management
environment connected to two vpc's to manage fail-over/dr scenario's
using all peer to peer connections for this can get rather mashy.
What do you think?
Daan
On Fri, May 23, 2014 at 10:56 PM, Daan Hoogland <da...@gmail.com> wrote:
>> As you can see it isn’t trivial.
> I guess you refer to the overlapping cidrs. I am afraid that some
> responsibility here will have to lay with the domain admin(s). If we
> limit inter vpc networks to one domain we can enforce the ip ranges
> not to overlap.
>
> the routing problem is tackled by a next hop field near the cidr.
>
> I am sure I am missing some other non trivial challenges.
>
> On Fri, May 23, 2014 at 7:23 PM, Chiradeep Vittal
> <Ch...@citrix.com> wrote:
>> I guess the ‘proper’ way to have done this would be to have a
>> ‘createPrivateGateway’ API that is independent of the vpc and a
>> attachPrivateGateway that attaches it to the vpc.
>>
>> Re: next hop, I’d like to see an FS for this feature. It seems to me that it
>> is very similar to VPC peering (http://goo.gl/Y7tNkM).
>> As you can see it isn’t trivial.
>>
>> From: Daan Hoogland <da...@gmail.com>
>> Date: Friday, May 23, 2014 at 2:06 AM
>> To: Chiradeep Vittal <ch...@citrix.com>, Alena Prokharchyk
>> <Al...@citrix.com>, Sheng Yang <Sh...@citrix.com>, Alex
>> Huang <Al...@citrix.com>
>> Cc: "dev@cloudstack.apache.org" <de...@cloudstack.apache.org>
>> Subject: [DISCUSS] vpc gateway networks are guestnetworks
>>
>> Hi,
>>
>> please considder this ugly peace of my work I am now compiling into
>> cloudstack master VpcManagerImpl.createVpcPrivateGateway(..) that will
>> fix a bug:
>>
>> { // experimental block, this is a hack
>> // set vpc id in network to null
>> // might be needed for all types of broadcast domains
>> // the ugly hack is that vpc gateway nets are created as
>> guest network
>> // while they are not.
>> // A more permanent solution would be to define a type of
>> 'gatewaynetwork'
>> // so that handling code is not mixed between the two
>> NetworkVO gatewaynet = _ntwkDao.findById(privateNtwk.getId());
>> gatewaynet.setVpcId(vpcId);
>> _ntwkDao.persist(gatewaynet);
>> }
>>
>> the problem I want to solve is that vpc routers, when restarting
>> assign the ip of the gateway to their gw-interface [1]. this is a ip
>> conflict and it has bitten us. My first take was to create the network
>> without passing the vpc id but that lead to all kinds of errors so I
>> reverted. It seemed cleaner then this solution I am scheming for now.
>> If this doesn't lead to obvious errors in my environment I will commit
>> and be happy to again revert when integration tests fail. It is in any
>> case not a permanent solution.
>>
>> Question: should the network for gateways be a special type that is
>> handled almost the same as guest network (except for in this case) or
>> is more refactoring needed?
>> in any case I think this is something that will have to be dealt with soon.
>>
>> One consideration on the side: I want to add a next-hop field to the
>> cidrs on the gateway so that it is possible to create a network with
>> more vpcs that direct traffic to each other. The use case for this is
>> a vpc for a customers mangement network connected to one for
>> production and one for acceptance and one ....
>>
>> please flame, criticize or pose your questions
>>
>> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-6485
>>
>> --
>> Daan
>>
>
>
>
> --
> Daan
--
Daan
Re: [DISCUSS] vpc gateway networks are guestnetworks
Posted by Daan Hoogland <da...@gmail.com>.
> As you can see it isn’t trivial.
I guess you refer to the overlapping cidrs. I am afraid that some
responsibility here will have to lay with the domain admin(s). If we
limit inter vpc networks to one domain we can enforce the ip ranges
not to overlap.
the routing problem is tackled by a next hop field near the cidr.
I am sure I am missing some other non trivial challenges.
On Fri, May 23, 2014 at 7:23 PM, Chiradeep Vittal
<Ch...@citrix.com> wrote:
> I guess the ‘proper’ way to have done this would be to have a
> ‘createPrivateGateway’ API that is independent of the vpc and a
> attachPrivateGateway that attaches it to the vpc.
>
> Re: next hop, I’d like to see an FS for this feature. It seems to me that it
> is very similar to VPC peering (http://goo.gl/Y7tNkM).
> As you can see it isn’t trivial.
>
> From: Daan Hoogland <da...@gmail.com>
> Date: Friday, May 23, 2014 at 2:06 AM
> To: Chiradeep Vittal <ch...@citrix.com>, Alena Prokharchyk
> <Al...@citrix.com>, Sheng Yang <Sh...@citrix.com>, Alex
> Huang <Al...@citrix.com>
> Cc: "dev@cloudstack.apache.org" <de...@cloudstack.apache.org>
> Subject: [DISCUSS] vpc gateway networks are guestnetworks
>
> Hi,
>
> please considder this ugly peace of my work I am now compiling into
> cloudstack master VpcManagerImpl.createVpcPrivateGateway(..) that will
> fix a bug:
>
> { // experimental block, this is a hack
> // set vpc id in network to null
> // might be needed for all types of broadcast domains
> // the ugly hack is that vpc gateway nets are created as
> guest network
> // while they are not.
> // A more permanent solution would be to define a type of
> 'gatewaynetwork'
> // so that handling code is not mixed between the two
> NetworkVO gatewaynet = _ntwkDao.findById(privateNtwk.getId());
> gatewaynet.setVpcId(vpcId);
> _ntwkDao.persist(gatewaynet);
> }
>
> the problem I want to solve is that vpc routers, when restarting
> assign the ip of the gateway to their gw-interface [1]. this is a ip
> conflict and it has bitten us. My first take was to create the network
> without passing the vpc id but that lead to all kinds of errors so I
> reverted. It seemed cleaner then this solution I am scheming for now.
> If this doesn't lead to obvious errors in my environment I will commit
> and be happy to again revert when integration tests fail. It is in any
> case not a permanent solution.
>
> Question: should the network for gateways be a special type that is
> handled almost the same as guest network (except for in this case) or
> is more refactoring needed?
> in any case I think this is something that will have to be dealt with soon.
>
> One consideration on the side: I want to add a next-hop field to the
> cidrs on the gateway so that it is possible to create a network with
> more vpcs that direct traffic to each other. The use case for this is
> a vpc for a customers mangement network connected to one for
> production and one for acceptance and one ....
>
> please flame, criticize or pose your questions
>
> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-6485
>
> --
> Daan
>
--
Daan
Re: [DISCUSS] vpc gateway networks are guestnetworks
Posted by Chiradeep Vittal <Ch...@citrix.com>.
I guess the ‘proper’ way to have done this would be to have a ‘createPrivateGateway’ API that is independent of the vpc and a attachPrivateGateway that attaches it to the vpc.
Re: next hop, I’d like to see an FS for this feature. It seems to me that it is very similar to VPC peering (http://goo.gl/Y7tNkM).
As you can see it isn’t trivial.
From: Daan Hoogland <da...@gmail.com>>
Date: Friday, May 23, 2014 at 2:06 AM
To: Chiradeep Vittal <ch...@citrix.com>>, Alena Prokharchyk <Al...@citrix.com>>, Sheng Yang <Sh...@citrix.com>>, Alex Huang <Al...@citrix.com>>
Cc: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>
Subject: [DISCUSS] vpc gateway networks are guestnetworks
Hi,
please considder this ugly peace of my work I am now compiling into
cloudstack master VpcManagerImpl.createVpcPrivateGateway(..) that will
fix a bug:
{ // experimental block, this is a hack
// set vpc id in network to null
// might be needed for all types of broadcast domains
// the ugly hack is that vpc gateway nets are created as
guest network
// while they are not.
// A more permanent solution would be to define a type of
'gatewaynetwork'
// so that handling code is not mixed between the two
NetworkVO gatewaynet = _ntwkDao.findById(privateNtwk.getId());
gatewaynet.setVpcId(vpcId);
_ntwkDao.persist(gatewaynet);
}
the problem I want to solve is that vpc routers, when restarting
assign the ip of the gateway to their gw-interface [1]. this is a ip
conflict and it has bitten us. My first take was to create the network
without passing the vpc id but that lead to all kinds of errors so I
reverted. It seemed cleaner then this solution I am scheming for now.
If this doesn't lead to obvious errors in my environment I will commit
and be happy to again revert when integration tests fail. It is in any
case not a permanent solution.
Question: should the network for gateways be a special type that is
handled almost the same as guest network (except for in this case) or
is more refactoring needed?
in any case I think this is something that will have to be dealt with soon.
One consideration on the side: I want to add a next-hop field to the
cidrs on the gateway so that it is possible to create a network with
more vpcs that direct traffic to each other. The use case for this is
a vpc for a customers mangement network connected to one for
production and one for acceptance and one ....
please flame, criticize or pose your questions
[1] https://issues.apache.org/jira/browse/CLOUDSTACK-6485
--
Daan