Wednesday, 2014-12-03

« Tuesday, 2014-12-02 Index Thursday, 2014-12-04 »
bloganwill the lbaas master only have lbaas tests?00:00
bloganwell either way, this wouldn't happen00:01
bloganif lbaas has all the tests, then the co-gate would fail, if it only has lbaas tests then these tests would not have run anyway00:01
bloganand why it would have all the tests, doesn't make sense, so i retract my questions00:01
xgermanrm_work once asked me to start talking with the HP security guys and now they want pictures00:02
bloganwhoa00:02
bloganinvasion of privacy there00:03
xgermanwell, diagrams to be precise having networks in them00:03
bloganah much more reasonable00:03
xgermanwell, they want to know which traffic/function runs over which network00:04
xgermandid we ever draw something like that (I hate to duplicate work) or do i need to fire up my Visio00:04
xgerman(or asciidiagrmmer)00:04
blogandon't think we've ever drawn up all the types of traffic going over which networks00:05
xgermanthat's what I thought -- just making sure :-)00:05
blogan0.5 and 1.0 have only defined one lb network00:05
bloganthat all amphorae and controllers are connected to that is used for communication between controllers and amphorae00:06
bloganhowever, there is worry that one neutron netowrk cannot scale00:06
xgermanyep, that is one of my worries + they want it as a diagram00:06
xgermanso I need to draw some boxes for them00:07
xgermansaying exactly that :-)00:07
bloganget your crayons out00:07
xgermanyep, or Visio as we call them00:07
blogani think the options are 1) one lb network for all 2) one lb network per controller (scales with controllers) 3) one lb network per load balancer amphorae group 4) one lb network per amphorae00:08
bloganpros and cons to all of course00:08
xgermanwell, I don't like this controller -> amphora assignment - I prefer more of a controller cluster where all controllers can talk to all amphora00:09
xgermanso I would just shard over networks randomly but that is me :-)00:09
xgermanand connect all controllers to all newtorks but an amphora only to one network00:10
*** mlavalle has quit IRC00:11
xgermanbut the security guys will be happy with a big box "lbaas newtork" anyway00:11
*** mlavalle has joined #openstack-lbaas00:19
*** mlavalle_ has joined #openstack-lbaas00:23
bloganxgerman: yeah all controllers being able to talk to amphora is ideal00:25
sbalukoffSo my mostly-maleable opinion on all of this so far:00:25
bloganoh no00:25
*** mlavalle has quit IRC00:25
sbalukoffI think one LB network is fine for v0.5. Though German is right in that that probably won't scale for v1.000:25
bloganhes back, quick everyoen scurry away00:25
sbalukoffSo of your options:00:26
sbalukoff1) Doesn't scale.00:26
sbalukoff2) Also doesn't scale, but in another way (ie. who says one controller can handle all amphorae on a subnet?)00:26
blogani do00:26
bloganwithout any evidence00:26
rm_workxgerman: yeah I think if Amphorae are assigned to a specific controller, we've done something horribly wrong00:26
sbalukoff3) probably the preferred solution I'm leaning toward, though again we don't have solid requirements as to what amphoae groups are00:26
sbalukoff4) Doesn't scale (wow, that would eat through networks fast!)00:27
bloganlol indeed00:27
sbalukoffThere are probably other options we aren't considering yet either.00:27
rm_workyeah I think it's really between 1 and 400:27
rm_workerr00:27
rm_work1 and 300:27
rm_work!!00:27
openstackrm_work: Error: "!" is not a valid command.00:27
bloganwell #3 was more grouping by load balancer, so each load balancer would have a network, which wouldn't scale either00:27
sbalukoffThere's the option of deploying amphorae directly on tenant networks and binding them to a FLIP so they can be configured.00:27
rm_workI've been saying "HA Set of Amphora"00:27
sbalukoff(which foregoes the whole concept of an LB network)00:28
sbalukoffThough that doesn't scale with Octavia v2.000:28
rm_workthat's one network per LB and I don't think that's unreasonable honestly <_<00:28
sbalukoffrm_work: Sure, but there might be other definitions we'd consider for "amphorae group"00:28
xgermanyeah, we can either bolt them on a management network or on the tenat network00:28
bloganwell if we're talking active passive set up, then that is bascially #4 divided by 200:28
sbalukoffUm... what?00:29
sbalukoffOh!00:29
sbalukoffYes.00:29
sbalukoffBy "amphorae group" I'm thinking something to the effect of a spares pool + all active amphorae for a given "location"00:29
sbalukoffWhatever "location" means.00:29
sbalukoffThough it will probably have something to do with physical or geographic proximity00:29
xgermanI need to see that in a diagram00:29
rm_workugh #2 binds us in a bad way architecturally00:29
rm_workcontroller failover becomes a nightmare of bookkeeping and scheduling00:30
sbalukoffrm_work: True.00:30
rm_workwe have this stuff kinda marked up on our whiteboard here...00:30
sbalukoffwell, it's already going to be a bit of a nightmare.00:30
sbalukoffWell..00:30
sbalukoffSort of.00:30
xgermanrm_work is there a link I am missing00:30
rm_workxgerman: with which?00:30
xgermanthe options explained00:31
sbalukoffrm_work: Can y'all take pictures and / or write it down in some way for the rest of us? ;)00:31
rm_workheh well00:31
xgermanyeah, I feel like a mind reader00:31
bloganxgerman: i just came up with those off the top of my head00:31
sbalukoffxgerman: I was just talking about the options blogan just mentioned above in this conversation.00:31
rm_workit might not make sense without the conversation we had at the time of writing...00:31
rm_workthis is the #1 on my list for whiteboard topics in Seattle00:31
rm_workI think it is #1 on the etherpad too :P00:32
sbalukoffrm_work: That's my fear when it comes to white-boarding sessions where nobody wrote anything down other than the diagram.00:32
bloganwe cant take pictures of our whiteboard, we started making caricatures of sbalukoff00:32
rm_workI can regurgitate most of it00:32
sbalukoffBy the way, at the hack-a-thon, I'm going to want a notes-keeper at each of the whiteboard sessions so we don't have this problem. XD00:32
xgermansure you cna take pictures -- we just can't share them with sbalukoff00:32
bloganwe have you on there too :(00:32
sbalukoffblogan: Aaw! I want to see how many warts you gave me!00:32
rm_workugh this is frustrating for another reason as well -- a lot of this has tie-ins to our specific network architecture and our FLIP implementation00:33
xgermanI guess the whole whiteboard is carricatures then00:33
rm_workwhich I think is different than yours...00:33
xgermanyep00:33
bloganyeah its going to be a minefield00:33
sbalukoffAnyway, with regard to multiple LB networks: Yes, we'll probably have to do this, but not until v1.000:33
sbalukoffBut v1.0 we want to follow relatively quickly after v0.5, so it is something we should put some thought into now.00:34
xgermanmy fear is if we do a poor job with that in 0.5 going to it will be a pain00:34
blogansbalukoff: yes, .5 only has one controller, however we can also write the code in a way that allows for both00:34
xgermanmaking it scale00:34
rm_workfor us, the VMs will spin up on a rackspace servicenet type thing and will get "internal only" IPs, which the FLIP will bind to and handle the ACTIVE-ACTIVE stuff, exposing the FLIP IP externally and routing between the internal IPs for the VMs00:34
sbalukoffxgerman: Hence the reason we do talk about it now, but we remain open to just one LB network in v0.500:34
xgermanyep, I am fine with that00:34
rm_workI still kinda hate that we have a 0.5 at all00:34
sbalukoffLike we've done with limiting relationships between logical objects in v0.500:34
rm_workI'd much rather roll 0.5 into 1.0 and just do it all at once >_<00:34
rm_workrather than having to do any temp work at all00:35
xgermanwell, if we say put the amphora on the lbaas network and then decide tenant network is the way to go...00:35
rm_workand realizing later "oh shit, this won't work"00:35
blogani think its a good stepping stone00:35
bloganbut we do have to be mindful of what we want with 1.000:35
sbalukoffrm_work: I understand but don't agree: There are enough challenges to getting v0.5 out the door, and I don't see most of this as temporary work anyway.00:35
bloganand honestly we're going to have oh shit moments like that anyway bc of the nature of plugging into many services00:35
sbalukoffblogan: +100:36
bloganideally we could build out a huge test environment and test all of these scenarios at scale00:37
xgermanwe will00:37
xgermanwe are starting a new group just for that purpose00:37
sbalukoffWow!00:37
xgermanwell, they will also to DNS, DBaaS, etc.00:37
bloganso yall can test that out before octavia is even completed?00:37
xgermanwe hope so00:38
rm_workhmm00:38
sbalukoffHuh.00:38
rm_workI was going to offer to Hangouts or something to explain what we've been whiteboarding about Controller stuff, but it really won't help unless I have an actual whiteboard :(00:38
rm_workOnline Whiteboards still suck too much00:39
blogani need to go home too00:39
xgermanyou can always point your camera at the whiteboard :-)00:39
rm_workah yeah, true00:39
rm_workxgerman: heh00:39
sbalukoffHeh! Indeed.00:39
rm_workxgerman: not sure you'd be able to read anything, but maybe :P00:39
xgermandepends on the camera00:39
rm_workwould have to get some boxes and put them on my chair00:39
rm_workMBP camera00:40
rm_workiSight?00:40
rm_workdunno wtf they call it00:40
rm_workI could bring in my 1080p webcam from home00:40
rm_workwould be easier to maneuver that00:40
xgermanor just use somebody's fancy Android phone00:40
rm_worklol00:40
rm_workcould try the camera on my N500:40
xgermanyeah, use the backward facing one00:41
bloganfinally going home01:15
xgermanI a m alreday home -- you shoudl work from home :-)01:16
*** xgerman has quit IRC01:26
*** mlavalle_ has quit IRC01:52
*** fnaval has quit IRC02:34
rm_youheh02:42
rm_yousbalukoff: apparently there'll be an email going out detailing our approach to FLIPs, and it'll be directed especially in the direction of BBG/HP, so maybe we can stop handwaving whenever we talk about architecture soon :P02:43
*** fnaval has joined #openstack-lbaas02:58
sbalukoffrm_you: That's good to hear!03:19
rm_you:P03:19
sbalukoffNo, I'm serious about that.03:34
sbalukoffI've done a lot of hand waving on certain details, but we do need to get down to brass tacks at some point, eh.03:35
rm_youyeah03:35
rm_youi am not sure but I think the point of the email might actually be "let's all do FLIPs this way *together*" not just "here's some info"03:36
sbalukoffI look forward to reading and responding.03:36
*** woodster_ has quit IRC03:40
*** ptoohill_ has joined #openstack-lbaas03:50
*** ptoohill_ has quit IRC04:09
*** amotoki has joined #openstack-lbaas04:53
*** fnaval has quit IRC06:00
*** woodster_ has joined #openstack-lbaas06:13
*** kobis has joined #openstack-lbaas06:22
*** cipcosma has joined #openstack-lbaas06:32
*** ptoohill_ has joined #openstack-lbaas07:04
*** ptoohill_ has quit IRC07:04
*** ptoohill_ has joined #openstack-lbaas07:08
*** Putns has joined #openstack-lbaas07:29
*** openstackgerrit has quit IRC07:50
*** openstackgerrit has joined #openstack-lbaas07:50
*** ptoohill_ has quit IRC07:54
*** ptoohill_ has joined #openstack-lbaas08:18
*** woodster_ has quit IRC08:20
*** jschwarz has joined #openstack-lbaas08:23
*** ptoohill_ has quit IRC08:28
*** maishsk has joined #openstack-lbaas09:22
maishskenikanorov: HI are you around?09:22
enikanorovmaishsk: hi09:23
maishskmind if I ask you something?09:23
maishskcan an haproxy LB with a VIP on an external network - serve requests to an instance on a private network?09:24
maishskie my LB has an IP of 10.10.10.100 with two members that are on a private network - 1.1.1.10 and 1.1.1.2009:25
enikanorovmaishsk: no09:26
enikanorovyou can't have VIP on external network with haproxy09:26
enikanorovexternal network is floating ip pool, which you need to associate to VIP's ip09:27
maishskenikanorov: I can choose to associate a free address from the subnet (ext) to VIP ?09:27
maishskCan I not?09:27
enikanorovno, you can't. you can't create ports on external network directly, afaik09:31
maishskI am going over the use cases doc - https://docs.google.com/document/d/1Ewl95yxAMq2fO0Z6Dz6fL-w2FScERQXQR1-mXuSINis/edit#09:31
maishskI think what I am trying to accomplish is point #809:32
maishskLB VIP which is accessible from the outside - forwarding to two internal (private) instances09:32
enikanorovit's possible if you create vip on internal network and associate floating ip to it09:33
maishskis that only possible with CLI - or also in the GUI ?09:34
*** jschwarz has quit IRC09:53
maishskenikanorov: GUI as well - just had to find it....09:54
*** jschwarz has joined #openstack-lbaas10:03
*** jschwarz has quit IRC10:49
*** woodster_ has joined #openstack-lbaas13:00
*** busterswt has joined #openstack-lbaas13:11
*** busterswt has quit IRC13:11
*** mestery has quit IRC13:17
*** fnaval has joined #openstack-lbaas13:54
*** mestery has joined #openstack-lbaas14:10
*** busterswt has joined #openstack-lbaas14:32
*** busterswt has quit IRC14:32
*** mestery has quit IRC14:46
*** mestery has joined #openstack-lbaas15:10
*** woodster_ has quit IRC15:10
*** TrevorV_ has joined #openstack-lbaas15:17
*** TrevorV_ has quit IRC15:21
*** TrevorV_ has joined #openstack-lbaas15:27
*** fnaval has quit IRC15:28
*** amotoki_ has joined #openstack-lbaas15:43
*** fnaval has joined #openstack-lbaas15:51
*** mlavalle has joined #openstack-lbaas15:58
*** fnaval_ has joined #openstack-lbaas16:02
*** maishsk has quit IRC16:02
*** fnaval has quit IRC16:02
*** mlavalle has quit IRC16:06
*** mlavalle has joined #openstack-lbaas16:07
*** xgerman has joined #openstack-lbaas16:07
*** mlavalle has quit IRC16:13
*** SumitNaiksatam has quit IRC16:14
*** woodster_ has joined #openstack-lbaas16:22
TrevorV_For all who may be concerned:  http://www.collegehumor.com/post/7004936/stephen-colbert-addressed-the-star-wars-lightsaber-controversey#16:54
*** mlavalle has joined #openstack-lbaas16:56
*** mlavalle has quit IRC17:11
dougwigsplit spec, with nits cleaned, this is the one that will hopefully merge: https://review.openstack.org/#/c/136835/17:59
*** sbalukoff has quit IRC18:08
*** mlavalle has joined #openstack-lbaas18:08
*** kobis has quit IRC18:16
*** SumitNaiksatam has joined #openstack-lbaas18:23
TrevorV_No balukoff right now?  Eeek!18:32
dougwigit's before noon somewhere, of course he's not on yet.  :)18:40
TrevorV_Ha ha ha dougwig nice18:48
*** jorgem has joined #openstack-lbaas18:52
roharawho knows about pbr's version_string? doesn't that pickup git tags?19:10
blogannot i19:26
roharathis is driving me mad :/19:27
bloganthen you're doing your job right!19:27
roharaheh19:27
*** sbalukoff has joined #openstack-lbaas19:30
rm_workrohara: it is supposed to... but I have seen times where it doesn't do it right19:35
rm_workthat's all I can say tho, so probably not helpful :/19:35
rohararm_work: ok so maybe i am not insane. it definitely does not want to pickup git tags19:35
roharai'm punting on this for now19:35
*** mlavalle has quit IRC19:36
bloganrohara: welcome to the punt side19:40
sbalukoffHeh!19:40
*** mlavalle has joined #openstack-lbaas19:41
*** mestery is now known as mestery_afk19:42
RamaKrishnaHi mlavalle19:43
RamaKrishnaI sent you an email19:43
mlavalleRamaKrishna: hi19:43
RamaKrishnaHave some hiccups in running the tempest on top of LBaaS 2.019:43
mlavalleRamaKrishna: is it ok if I look at it during the afternoon today?19:43
RamaKrishnaok19:44
mlavalleRamaKrishna: cool :-019:44
mlavalle:-)19:44
RamaKrishnaThanks for your help19:44
sballesbalukoff: ping19:44
sbalukoffpong19:44
sbalukoffWhat's up?19:44
sbalukoffEr... can anyone see what I'm typing?19:45
sballeHey :-) Just saw you latest comment on https://review.openstack.org/#/c/132130/ and I agree. the sequence diagrams might not be useful even thought they did help me understand the flow as it might work.19:45
sbalukoffOh, good, you can. :D19:46
sballesbalukoff: Yes. I was writing my IRC19:46
sbalukoffOh, it's not you: I said something earlier without anyone commenting on it. Being a diva, this is a shocking experience for me.19:46
TrevorV_sbalukoff, had some questions, maybe we can talk a bit more in General Discussion in meeting today?19:46
sbalukoffTrevorV_: Sounds good19:47
sballeWhat I am thinking is to drop it until we can create workflows for our most important items such as create LB, etc.19:47
TrevorV_If not I'll probably bother you here afterward19:47
sbalukoffsballe: Ok-- I do think having a good diagram of what talks to what is a good idea... I just think a sequence diagram probably isn't the right representation since we're not actually talking about a sequence.19:47
sbalukoffsballe: That works too, eh.19:47
rm_workblockdiag also works19:47
sbalukoffrm_work: True.19:48
rm_workI think I prefer that, in general19:48
sbalukoffIf the diagram has relatively few elements, I agree: It's then readable in the ASCII, too. :)19:48
sbalukoffI'm also a fan of traditional flow charts.19:49
sballeblockdiagram makes sense to me too BUT at htis point I am not sure we could agree on the lines going between the boxes19:49
rm_workheh19:49
sbalukoffsballe: True.19:49
sbalukoffOk, gotta run off for about 5 minutes. Will be back just before the meeting.19:50
sballeI am happy to work on this later if it make sense but for now I feel we are not far enough in the design process. it did help me to understand the various pieces.19:50
rm_workyeah, excited for much whiteboarding19:50
openstackgerritBrandon Logan proposed stackforge/octavia: Spec defining the networking driver interface  https://review.openstack.org/13549519:53
sbalukoffsballe: Sounds good. Feel free to either abandon the gerrit review or let it languish until we're ready to create those diagrams.19:55
TrevorV_aren't we supposed to be in openstack-meeting-alt?20:00
sbalukoffYes.20:00
sbalukoffThey're finishing up.20:00
rm_workyes20:00
TrevorV_right, got it, just saw that :P20:00
*** barclaac has joined #openstack-lbaas20:05
*** barclaac has quit IRC20:09
*** crc32 has joined #openstack-lbaas20:20
*** Putns has quit IRC20:50
sbalukoffOk, TrevorV_: Give me an earful!20:56
* blogan throws corn at sbalukoff20:56
sbalukoffMmmm... delicious corn20:57
sballeI am interested in the lb versus management network discussion ;-)20:58
dougwigwhile everyone is around, split and flavors need to harden this week:20:58
dougwigsplit - https://review.openstack.org/#/c/136835/20:58
dougwigflavors - https://review.openstack.org/#/c/102723/20:58
TrevorV_sbalukoff, I can't say I have an earful to give honestly20:58
rm_workoh yeah, we got some extra info on the management network stuff yesterday too20:58
sbalukoffdougwig: Good to know! Thanks!20:58
sbalukoffOk, well, let me know what your thoughts / concerns are thus far.20:59
sbalukoffAlso, rm_work: Is that that e-mail you've alluded to sending me?20:59
TrevorV_rm_work, want to elaborate some?20:59
rm_worksbalukoff: no, but kinda related21:00
rm_workdo you guys want to Hangout or something?21:00
TrevorV_We could, I'd have to switch to Windows though21:00
rm_workeh, I can type, was just feeling lazy21:00
sbalukoffHeh!21:00
rm_workdo hangouts not work on OSX?21:00
TrevorV_rm_work, I'm on my tower21:00
rm_workah21:00
* TrevorV_ working from home gives me the power to use linux, but my headsets don't like it ha ha21:00
rm_workdo hangouts not work in linux?21:00
rm_work:P21:00
rm_workah21:00
rm_workT_T21:00
sbalukoffI'm up for either, though, I don't know if I've tested hangout on my Ubuntu laptop yet...21:00
rm_workanywho21:01
rm_workwe talked about some options previously -- management network per amphora, per controller, per ha-set, whatev21:01
sbalukoffYes21:01
rm_workso at least for OUR architecture, it looks like we're limited to 255 machines per neutron network, so doing it as one neutron network for all amphorae obviously won't work21:02
TrevorV_Wait, rm_work is this going to talk about the necessity for multiple management networks, or the use of L3 layers on the same network Operators will use for amphora management (so to speak)21:02
sbalukoffThat's true.21:02
rm_workbut doing one per ha-set doesn't work either, because we can't put that many vifs on each controller :/21:02
sbalukoffThat's true.though, you can always use something larger than a /2421:02
rm_worksbalukoff: no, i mean, we literally can't do it21:02
rm_workit's a limitation of the implementation we use21:03
sbalukoffrm_work: I agree that one per HA set is not scalable either.21:03
rm_workwe are not on ML221:03
sbalukoffrm_work: Oh really?21:03
rm_workwe use... Juniper or something, i don't remember, blogan do you remember?21:03
bloganrm_work: totally hijacked TrevorV_'s discussion21:03
TrevorV_sbalukoff, rm_work This is a different conversation than I'm concerned with at this point....21:03
rm_workanyway, yeah, it isn't doable. period21:03
rm_workwell, i'll get to there21:03
rm_workit's related21:03
sbalukoffrm_work: That's a really big limitation.21:03
rm_workyes.21:03
sbalukoffOk.21:04
rm_workBUT, it sounds like we can sort of... emulate it with some magic (this is always what I end up with from talking with jkoelker)21:04
sbalukoffOh boy.21:04
rm_workanywho, we get to the "management_network_id"21:04
sbalukoffI tend to cringe at "magic" solutions.21:04
bloganwell we'd just essentially be hooking into a tenant network21:04
sbalukoffOk.21:04
sbalukoffWell, the Octavia service account is essentially "just another tenant"21:05
bloganso from neutron standpoint thats how it is, hwo that tenant network is setup behind the scenes here is the "magic"21:05
sbalukoffSo, it makes sense that it's loadbalancer network(s) would be the same.21:05
sbalukoffAah21:05
sbalukoffAlso s/it's/its/21:05
bloganone lb network would work for us in this case21:05
rm_workSo the debate around "management_network_id" is in regard to whether that will actually be a single network_id stored in config, or if we'll have to move that to the DB -- as well as what to call it, and what kind of traffic actually passes over it, right?21:06
sbalukoff(Sorry, the pedantic grammatician in me is annoyed.)21:06
sbalukoff(and annoying)21:06
TrevorV_rm_work, that's what I'm concerned with, yes21:06
johnsomI lean towards one management network per controller21:06
sbalukoffrm_work: I suspect in the long run we're going to have to move it to the DB.21:06
sbalukoffWe don't have to do this for v0.5 though.21:06
rm_workjohnsom: so, that is another interesting problem, if we are trying to architect such that ANY controller can talk to ANY amphora21:07
rm_workif we assign one per controller, then we have to make sure each amphora has a VIF on each controller's network21:07
sbalukoffI see v0.5 being a sort of advance proof-of-concept where we work out other nastiness like hot-plugging interfaces to amphorae across tenants and whatnot.21:07
johnsomYeah, exactly.21:07
rm_workwhich will be fun to bookkeep if controllers go up/down21:07
rm_worksince I am hoping the controllers will scale21:07
rm_workIE, auto-scale21:07
rm_workwell21:08
johnsomWe still had a limitation around amphora and the managing controller due to the health monitoring scheme (checking for missing heartbeats)21:08
sbalukoffThe controllers will scale, will hopefully auto-scale at some later date (Octavia v3.0 perhaps?)21:08
rm_workthis is one thing where i REALLY don't want to see us punt it to 1.021:08
rm_workauto-scaling, yeah, 3.0 or whatever21:08
bloganoctavia 5.0 will be come skynet21:08
TrevorV_None of these concerns is mine yet, ha ha21:08
rm_workbut, the way the networks are assigned... i want to get it right in 0.521:08
sbalukoffSo, I don't quite understand the issue of an amphora being assigned to a specific controller.21:08
rm_worksorry TrevorV_ got distracted again21:08
rm_workanyway21:08
rm_workgah21:08
rm_worksbalukoff: well21:08
bloganrm_work: we're nto going to get it right in 0.5, we can mak a best guess though21:08
TrevorV_They're all valid concerns, just not concerning my point is all :D21:09
sbalukoffI originally threw that idea forward because it seems to scale... and we're already going to have to deal with certain bookkeeping problems anyway. This actually reduces some of them.21:09
sballesbalukoff: +121:09
TrevorV_Much of this can be fleshed out in whiteboarding sessions during the hackathon too, which would be awesome21:09
sbalukoffblogan: +121:09
rm_worksbalukoff: THIS is the stuff we were whiteboarding :P21:09
rm_workblogan: right, and a best guess doesn't involve us saying "well, this probably won't work for 1.0, but this is 0.5 so whatever"21:10
rm_workit means we should at least think it MIGHT work for 1.021:10
rm_workanyway21:10
sbalukoffrm_work: I feel like some of this is re-hashing ideas already considered. But you're right, I don't think we properly documented the ideas we considered and rejected... meaning that these kinds of discussions will happen until we do. ;)21:10
bloganim just saying we shouldn't spend eternity trying to solve for things we do not know21:10
sbalukoffblogan: +121:11
rm_workthere were two parts i mentioned earlier and i am not sure which one TrevorV_ was more concerned with -- the naming of the thing (being related to the question of what traffic actually goes over that network and what its primary purpose is), and whether it's one ID in config versus possibly even per-amphora in the DB21:11
sbalukoffrm_work: Part of the concern is that we can't expect perfection on day 1.21:11
sbalukoffOr with the initial release21:11
sbalukoffWe have to make some compromises to make progress at all.21:11
rm_workeither way it does tie in to what I'm talking about above21:12
TrevorV_rm_work, I have zero qualms with making many networks in DB or in config or whatever.  My biggest concern is utilizing a network that has customer data/traffic for use as an Operator21:12
bloganbut we can decide on the goal of 1.0, and design 0.5 in that direction21:12
rm_workok21:12
rm_workso to that point21:12
rm_workThere will be at least three distinct networks attached to each amphora21:12
rm_work1) Public(ish) -- this is what the FLIP is pointed to21:13
sbalukoffrm_work: If I had a crystal ball, I would suspect that the "lb network" becomes a database object, and that an LB network contains controllers and their amphorae in a sort of heirarchy.21:13
sbalukoffBut... there are a lot of leaps of faith to get there for me right now.21:13
rm_work2) Management -- the controller sending config updates and communicating with the amphora for stats/heartbeat21:13
rm_work3) Customer network for backend nodes (members)21:13
bloganevery amphora will be on the Public net?21:13
johnsomCould be two, if it is a one-armed reflex LB (lb servers inside a tenant network)21:13
rm_workthat's why i said public(ish)21:13
rm_worknot actually public net21:13
sbalukoffIn my proposal I had 1 and  2 combined.21:13
rm_workbut available to the FLIPs21:14
sbalukoffblogan: The LB network becomes a target for FLIPs.21:14
rm_worksbalukoff: ok, that is not something we want21:14
johnsomInteresting, I missed that there was a propose for public and management net to be one network21:14
sbalukoffThat is to say, the "back end" for the FLIP.21:14
rm_workpublic traffic should be on a completely different network from control/management traffic21:14
sballejohnsom: I didn't read that eitehr21:15
johnsomrm_work: +121:15
TrevorV_sbalukoff, I'm vehemently against using the same network for customer traffic along with access as an Operator.21:15
sballerm_work: +121:15
rm_workok, looks like we're all in agreement except sbalukoff. :P21:15
sbalukoffSo... there's a lot of hand-waving going on.21:15
rm_worksbalukoff: not so much with this part...21:15
sballeTrevorV_: I agree since it could mean that we cannot kill the amphora if it is under attack21:15
sbalukoffAnd I suspect a proper discussion of topologies is going to shed some light on this.21:15
*** crc32 has quit IRC21:15
TrevorV_sballe, that's a great summation to my concern ha ha sbalukoff ^^21:16
sbalukoffsballe: Not necessarily.21:16
johnsomOr customer load can isolate and fail over an LB21:16
sbalukoffAgain, I think you're assuming I'm saying something I'm not actually saying.21:16
TrevorV_sbalukoff, That's possible, since I'm fairly naive to many things :(21:16
sbalukoffMy point is that if you're using layer-2 connectivity for the front end, then yes, management and "public service network" are separate networks.21:17
sballeI agree that some topology doscussion and going over various use cases will make this more clear21:17
rm_worksbalukoff: i think what I'm saying is fairly unambiguous, and this is definitely the least hand-wavey magic thing we've talked about today21:17
sbalukoffMuch the same way that layer-2 networking on the back end (to members) is a separate network.21:17
rm_workhmm21:17
rm_workso you're not talking about L2? or... ?21:18
sbalukoffBut if you're using layer-3 routing, then it doesn't make a whole lot of sense to keep the "public service network" separate.21:18
xgermanwell, per se sbalukoff is just talking about where to put the Public FLIPs21:18
sbalukoffSince you can kill the amphora, reroute traffic, etc.21:18
sbalukoffYeah, public FLIPs (the public side of these anyway) is not on the LB network.21:18
sbalukoffAt all.21:18
sballesbalukoff: +121:18
*** mestery_afk is now known as mestery21:18
rm_worksure21:18
sbalukoffrm_work: I'm not talking about L2.21:19
sbalukoffAlso, to be honest:  In Octavia v2.0 in order to get horizontal scalability of a loadbalancer object (as defined in Neutron LBaaS v2) across amphorae, you *can't* do layer-2 front-ends.21:19
johnsomsbalukoff: with your layer 3 proposal (route injection) the traffic would still share the interface on the amphora instance right?21:19
sbalukoffYou have to go with layer-3 routing for that functionality.21:19
sbalukoffThis is why I'm thinking mostly about the layer-3 front-end case.21:20
xgermanyeah, I don;t think we want layer-2 connetcivity to the outside world -- should all be done with FLIPs21:20
sbalukoffjohnsom: If I understand what you're asking, yes. :)21:20
TrevorV_So sbalukoff you're saying the same network I would use to kill a rogue amphora would NOT see customer traffic at all or would?21:20
sbalukoffSo... by the way, I hate the term FLIPs...21:20
sbalukoffIt's really just a static NAT.21:21
xgermanme, too21:21
xgermanbut rm_work gets confused if I say VIP21:21
sbalukoffWhy did they have to re-define what "floating IP" means?21:21
sbalukoffVery annoying.21:21
johnsomYeah, and we are confusing FLIPs, sbalukoff's layer 2 proposal, and layer 3 proposal21:21
sbalukoffTrevorV_: You kill a rogue amphora through the controller and interaction with Nova, right?21:22
sbalukoffYou don't actually have to talk to the amphora to do this.21:22
sbalukoffjohnsom: This is why I think we need a larger discussion where we define terms and propose layouts.21:22
sbalukoffAnd whatnot.21:22
rm_worksec, i have been furiously drawing on paper21:22
TrevorV_Actually that's fair sbalukoff, even though it still leaves a bad taste in my mouth for some reason21:23
sbalukoffBut I was hoping to see Rackspace's info on FLIPs that's been alluded to before getting into that.21:23
xgermansbalukoff you might want to hive off data before so you cna troubleshoot21:23
* TrevorV_ thinks he wasn't furious about it at all21:23
rm_worki mean, with great gusto21:23
rm_worknot angrily :P21:23
TrevorV_:D21:23
xgermanlet me tell you just killing the Amphora under attack doesn't give you enough info to not get the same attrack the next minute21:23
xgerman(real life expereince)21:24
rm_workimgur is being slow T_T21:24
rm_workor else my phone us21:24
rm_work*is21:24
sbalukoffTrevorV_: The trade off is an extra network per "group" (whatever that means) and an extra interface per amphora, versus keeping "management" traffic on a "management network" that is pretty close to the traditional definition for the same.21:24
sballeand I know our security team wants to be able to do forensics21:24
sbalukoffI could definitely be swayed on this, but my perception was that extra complication to the networking of amphorae was not a good idea.21:24
rm_workit's kind of an analog of our Servicenet concept21:24
rm_workon RS you spin new VMs with Publicnet and Servicenet21:25
rm_workthis would like... Publicnet, Servicenet, and LBnet21:25
rm_work*be like21:25
sbalukoffxgerman: True, but you can also re-route the attack traffic to the bitbucket since he attack traffic is coming in for a loadbalancer VIP, which is not the same IP as the "primary" or (ugh) "managment" interface on the amphora21:26
xgermanyep21:26
xgermanwas just responding to your nova delete21:26
sbalukoffxgerman: Agreed.21:26
sbalukoffMy point was that control does not compete with attack traffic in a DDOS situation.21:27
xgermanok, for me we spin up the a,phora with the tenant network and our control network21:27
sbalukoffIt's also a really good idea to be doing healthchecks and whatnot over the same interface that actual client traffic traverses.21:27
johnsomWhat about port conflicts?  If we are managing amp on same network as public side (inside) couldn't we hit a port conflict?21:27
xgermancustomer assigns public FLIP to the port in the tenant network if he needs to rpoute public IP21:27
rm_workhttp://i.imgur.com/9lJXmzy.jpg21:27
xgermanrationale is that the customer should own the public IP so if he looses it he has only himself to blame21:28
sbalukoffjohnsom: I'm not sure I follow you. Could you elaborate?21:28
johnsomrm_work: that is what I had been thinking21:28
rm_worktook longer to get it uploaded to imgur than to draw it T_T21:28
xgermanand I am thinking we should be good without the public part21:29
sbalukoffHaha21:29
xgermansince DVR will route it straight to the LB from the VIP21:29
sbalukoffxgerman: That's sort of my point as well.21:29
rm_workwell, that part is up to the network21:29
rm_workin RS, we need something for the FLIP to point to21:30
sbalukoffIf we're doing layer-3 routing, we're assuming we can control the network.21:30
rm_workand we don't want it to point to the management network21:30
sbalukoffrm_work: Define "something"21:30
johnsomIf public and management are the same network, and NAT'd IP points to the listener IP on the NAT'd private network, you could have a port conflict.  I guess you are assuming AMP is on a seperate internal IP?21:30
rm_worksbalukoff: an IP21:30
sbalukoffrm_work: Right. It will.21:30
rm_worksbalukoff: hopefully not the same IP as the management network O_o21:30
sbalukoffWhy don't you want that going to the loadbalancer network?  (Again, I don't like the name "management network")21:30
sbalukoffrm_work: Why not?21:31
sbalukoffAlso...21:31
sbalukoffOk... so...21:31
rm_workI'd like to only expose the Amphora API on a network that can't be reached by anything external21:31
rm_workfor one21:31
sbalukoffThe way FLIPs work is akin to the "layer-2" front-end which won't work with horizontal scaling in Octavia v2.021:31
TrevorV_sbalukoff, with your distinction calling it management network doesn't make sense.  With my concern (and rm_work may also be arguing this) management network is appropriate21:31
xgermanwell, I like the user to assign the FLIP so he needs to have admin access21:31
xgermanand he can't have that on the managment network21:32
xgermanhence, the FLIP should be on the tanant network21:32
rm_worksbalukoff: maybe the way YOUR FLIPs work? >_>21:32
sbalukoffrm_work: That's entirely possible.21:32
sballexgerman +121:33
xgermansame here21:33
TrevorV_xgerman, correct me if I'm wrong, but I thought the user would provide that via a request to the API?  We can utilize a "management network" to do the assignment without the user being involved21:33
rm_worksbalukoff: thus, the larger explanation of exactly how our FLIP setup works, which I had hoped would be emailed out soon21:33
johnsomsbalukoff Couldn't the flip point to the vip (ugh) used for horizontal scaling?21:33
* TrevorV_ thinks about what he said, may have not had the right idea there21:33
sbalukoffIt's possible that Neutron doesn't have the same kind of concept I'm going for. It isn't exactly a floating IP in the way they've defined it. It's more like a layer-3 route for a specific IP.21:33
rm_workTrevorV_: since HP lets customers control FLIPs, they want the customer to bring up a LB and then do the FLIP creation/assignment themselves21:33
xgermanjohnsom that is what I am thinking, too - and so making the scaling case a specialization of the nomral one21:33
rm_worksince we don't allow customers to control their own FLIPs, we'd need to do it inside Octavia for them21:34
xgermanrm_work +121:34
rm_workjkoelker: how goes that email drafting? :)21:34
sbalukoffjohnsom: Yes, that is possible.21:34
xgermanand that's a clean way to do it as well21:35
sbalukoffIt would be a hack-ish work around for what I'd really like to see, but it ought to work.21:35
sbalukoffAgain, assuming I'm understanding what you're saying correctly.21:35
rm_workin our setup, the FLIP *is* what provides the scaling21:35
rm_workT_T21:35
xgermanyeah, the RAX FLIP will point at multiple amphora21:35
rm_workthe FLIP is the horizontal scaling IP. the Amphorae themselves all have individual private IPs21:35
xgermanwhat's called a VIP in johnsom21:35
rm_workwe'll say "FLIP, point to these 3 amphorae IPs"21:35
sbalukoffOk, cool!21:35
sbalukoffThat's not what a Neutron FLIP is, just be clear21:36
johnsomI was just trying to come up with some kind of distinction21:36
sbalukoffSo, yes, we've been using the same term to mean different things.21:36
sbalukoffHence... confusion.21:36
rm_workI think an HP FLIP can only have one IP in the backend?21:36
xgermanagreed21:36
rm_workwell21:36
rm_workmaybe not soon :P21:36
sbalukoffMostly....21:36
rm_workI think the idea is we patch neutron to allow FLIPs to point to multiple machines21:36
xgermanwell, we anted to hid the fanning out behind some 10.x FLIP21:36
rm_workvia the thing our network guys are working on... something with OVS21:36
sbalukoffI'd rather see an actual IPAM of some kind where the user can get a public IP and then do what they want with it...21:37
xgermanyep, we want to use the same but haven't got very far21:37
rm_workxgerman: ok so you'll have TWO FLIPs, one to expost to the user as the "LB IP" and then the user makes their own FLIP to point to the LB FLIP?21:37
xgermanyep, that is my plan which might be fkawed21:37
sbalukoffBe that deploy it as a 1:1 static NAT (ie. Neutron FLIP), or use that as a layer-3 load balancer destination.21:37
rm_workxgerman: i think the idea is jkoelker is hoping you guys will collaborate via the method they've worked out21:37
xgermanso they can "upgrade" to a scalable LB21:37
johnsomrm_work: how does session persistence work? (out of curiosity)21:37
sbalukoffWhich, AFAIK doesn't exist yet.21:37
rm_workjohnsom: OVS handles it via21:38
rm_workerr21:38
rm_worki could explain it21:38
rm_worki think we have a whiteboard picture somewhere21:38
rm_workthere's a hash based a bunch of data21:38
rm_workso it uses a hashtable to ensure each connection from the same source goes to the same dest21:38
xgermanyep, but that's not very helpful if you scale up or down :-)21:38
rm_workno, it works21:39
*** ptoohill_ has joined #openstack-lbaas21:39
rm_workor, it should21:39
xgermanok, so you keep track of all open connections...21:39
rm_workkinda21:39
rm_workI always suck at explaining this21:39
*** ptoohill_ has quit IRC21:39
xgermanwell, gotcha -- we spend an hour thinking about that, too21:39
rm_workjkoelker is writing an email. NOW. which will explain this hopefully better than I ever could21:39
TrevorV_rm_work, is this the thing we whiteboarded a long time ago that I made the diagram for in jira?21:39
rm_workTrevorV_: yes I think so21:39
sbalukoffYou all are talking about the layer-4 router / load balancing service that is part of the Octavia v2 desing...21:40
rm_worknot sure if it is still up to date21:40
sbalukoffdesign21:40
*** ptoohill_ has joined #openstack-lbaas21:40
rm_workIE, they may have messed with the design since then21:40
TrevorV_rm_work, I don't think it is honestly.21:40
rm_workbut yeah if you had that jira diagram...21:40
TrevorV_I'll try to find it21:40
TrevorV_Requires laptop and VPN, brb21:40
rm_workTrevorV_: this is the Unicorn (which is what you did the diagram for -- with OVS and Ryu)21:40
xgermanyeah, my hope was to hide ll of that behind some 10.x adress the suer assigns his 15.x FLIP to21:40
rm_worki am looking in our jira too21:41
rm_workT_T21:41
rm_workthis diagram would be very helpful21:41
TrevorV_rm_work, Check issues for me21:42
TrevorV_kk?21:42
rm_worktrying21:43
rm_workTrevorV_: I think its OPENCLB-82 but there is nothing attached21:45
rm_workah21:45
rm_workit's on OPENCLB-8021:45
rm_workhttp://i.imgur.com/IIqloLM.png21:46
sbalukoffOk, I gotta hit the head. BBIAB.21:46
rm_worksbalukoff: ^^^^ hit your head with that diagram21:46
johnsomThese lunch time meetings are a challenge....21:47
sbalukoffjohnsom: Agreed!21:47
dougwigballs, i walk away for an hour.  i'm gonna need cliff's notes.21:47
rm_workah yeah it is noon for you guys T_T21:47
sbalukoffrm_work: The HAproxy VM is an amphora, correct?21:47
sbalukoffWhat is DHT?21:47
TrevorV_rm_work, you found it?21:47
rm_workdougwig: tl;dr: no one agrees about what FLIPs are21:47
rm_workTrevorV_: yes21:47
rm_worksbalukoff: yes21:47
dougwigthey're nat ips.21:48
sbalukoffrm_work: +1 on the tl;dr21:48
rm_workhttp://en.wikipedia.org/wiki/Distributed_hash_table21:48
rm_worksbalukoff: ever use torrents? :P21:48
sbalukoffI think we need a define some terms for this discussion (and be very detailed, with examples)21:48
sbalukoffrm_work: You mean, like bittorrent?21:49
sbalukoffOr something else?21:49
rm_worksbalukoff: as I have said maybe 8 times now, jkoelker is currently drafting an email :P21:49
rm_worksbalukoff: yes21:49
sbalukoffHaha! Awesome.21:49
rm_workhopefully I don't over-hype his email :P21:49
sbalukoffOk, well... let's table this discussion until then, perhaps?21:49
rm_workTrevorV_++ for the awesome diagram tho :P21:49
sbalukoffJust having a comprehensive commen set of terms will help us not to miss each others' meanings.21:50
TrevorV_sbalukoff, so my review will have changes pending this discussion yeah?21:50
sbalukoffTrevorV_: More than likely, yes.21:50
rm_workI would assume so21:50
sbalukoffSo, let's hope we can get that discussion underway soon.21:50
TrevorV_Yeah, sounds good to me, just making sure I understood the results :D21:51
rm_workI will check in with jkoelker (who I am surprised hasn't chimed in yet) about the status of his email :P21:51
rm_workoh21:51
TrevorV_rm_work, He probably got caught up talking to someone again, like he does :D21:51
rm_workthat's because i can see him sitting around a whiteboard 10 feet away T_T21:51
sbalukoffOr didn't want to enter the fray here. ;)21:51
sbalukoffCan't imagine why not. XD21:51
rm_workyeah he is thoroughly distracted. k21:51
rm_workoh wat21:52
rm_workjorge and brandon are int hat discussion... uhhh21:52
rm_workbrb21:52
sbalukoffWhat is Ryu in this diagram?21:52
sbalukoffHaha!21:52
johnsomWould like to see the Octavia to VM path in this diagram21:52
xgermanI love that they use Redis!!21:52
johnsomOr I guess, Octavia to AMP API21:53
sbalukoffjohnsom: Agreed!21:53
TrevorV_sbalukoff, we have some concerns with Bison21:54
sbalukoffController to amp API21:54
TrevorV_Lulz jp21:54
sbalukoffTrevorV_: I recommend eating them. They're delicious.21:54
* TrevorV_ comes up with street fighter reference, sbalukoff counters with animal definition... joke averted21:54
sbalukoffHaha21:55
sbalukoffOH!21:55
sbalukoffRyu,21:55
sbalukoffYes, that totally sailed over my head.21:55
TrevorV_Ha ha ha I figured, but sometimes people just like to ruin the joke :D21:55
sbalukoffYes, had I gotten the joke, I am asshole-ish enough to derail it like that.21:55
sbalukoffThough everyone knows that Chun-Li would kick Ryu's ass.21:56
sbalukoff(Like, many many times in rapid succession)21:56
johnsomsbalukoff: +121:56
johnsomStrange that I still remember that....21:57
*** cipcosma has quit IRC21:57
sbalukoffDude, it was one of the cheapest moves that newbs used constantly.21:57
sbalukoffThat and Guile's unnaturally long reach with his leg sweep.21:58
sbalukoffI use the past tense as if people aren't still playing that game. XD21:58
TrevorV_Well, to be honest I never really played the games, but I always hated the fat sumo dude flying through the air21:58
TrevorV_Spinning like a top mid-air wasn't fair21:59
sbalukoffJust... too unrealistic for you?21:59
TrevorV_The imagery was devastating... and I couldn't figure out how to do it in the game21:59
TrevorV_lulz21:59
sballesbalukoff: Is that a reference to the Trekken game?21:59
rm_workok so turns out they were literally discussing THIS21:59
rm_workand i missed it T_T21:59
rm_worksoooo21:59
sbalukoffNot that Indian dude's extendable arms weren't either, eh.21:59
rm_workwhatev, maybe blogan can chime in now21:59
sbalukoffHeh!22:00
TrevorV_Context people, CONTEXT22:00
rm_workRyu is http://osrg.github.io/ryu/22:00
sbalukoffOk, I really do need to hit the head now. BBIAB22:00
TrevorV_ha ha just kidding22:00
rm_worksbalukoff: ^^22:00
rm_workSDN thing22:00
rm_work"Ryu is a component-based software defined networking framework. Ryu provides software components with well defined API that make it easy for developers to create new network management and control applications. Ryu supports various protocols for managing network devices, such as OpenFlow, Netconf, OF-config, etc. About OpenFlow, Ryu supports fully 1.0, 1.2, 1.3, 1.4 and Nicira Extensions. All of the code is freely available under22:00
rm_work the Apache 2.0 license."22:00
TrevorV_I'm actually going to step away from IRC and do some reviews that were mentioned in the meeting today, and then I'm going to boot into windows to kiss my work day goodbye :D22:01
TrevorV_I'll talk to you guys tomorrow!  Have a good night!22:01
dougwigyou have to boot windows to kiss your computer?22:01
*** TrevorV_ has quit IRC22:01
sballelol22:02
rm_worksbalukoff: let me know when you're back22:02
johnsomIt's an SDN controller...22:02
rm_workalright I've been told we're now moving away from what that diagram shows, and to something a bit different T_T22:03
rm_workso22:03
* rm_work throws up his hands22:03
rm_workwill await the prophesied jkoelker email22:03
ptoohillRyu and Openflow is pretty cool stuffs22:03
rm_workptoohill: you're alive!?!22:03
rm_workptoohill: sup22:03
ptoohillsorta22:03
ptoohillJust wanted to share my love of those technologies :P22:04
rm_workbrb22:07
sbalukoffrm_work: I'm back.22:07
xgermanwe were looking at OpenDaylight22:07
ptoohilljava impl?22:07
sbalukoffOk, so RYU is an SDN platform.22:07
ptoohillSDN controller22:07
sbalukoffOk.22:08
*** jorgem has quit IRC22:08
ptoohillhttp://osrg.github.io/ryu/22:09
dougwigin case any of y'all missed this happening: https://review.openstack.org/#/c/138870/22:10
ptoohill+1'd it22:11
ptoohill:P22:11
sbalukoffTest review, do not merge?22:11
sbalukoffOh!22:12
sbalukoffJenkins failures.22:12
sbalukoffJoy.22:12
mlavalleRamaKrishna: ping22:12
sbalukoffWell, it's good to see this discussion happening. Looking forward to jkeolker's e-mail. ;)22:14
dougwignote the repo that it's filed against.  :)22:14
johnsomYeah, nice dougwig22:14
sbalukoffYes, neutron-lbaas22:14
sbalukoffOH!22:15
sbalukoffNICE!22:15
sbalukoffSo that's happening. Awesome!22:16
*** vivek-ebay has joined #openstack-lbaas22:28
jkoelkersorry guys been in a bunch of meetings22:29
dougwigthat's ok, they left you a short novel to read.22:29
jkoelkerhttps://i.imgur.com/bivSdcC.png22:29
jkoelkerthat's the current image of the architechture22:29
jkoelkerthat i'm playing with22:29
jkoelkerthe DHT thing, i'm leaning twoards using BGP for now22:30
jkoelkerL2VPN EVPN (https://tools.ietf.org/html/draft-ietf-l2vpn-evpn-11) and L2VPN EVPN Overlay (https://tools.ietf.org/html/draft-sd-l2vpn-evpn-overlay-03)22:30
sbalukoffIf it's site-internal, I'd probably say OSPF.22:30
sbalukoffBut... eh... whatever. ;)22:31
jkoelkerwell this is for advirtising the tunnel endpoints up to the NAT boxes22:31
jkoelkers/NAT/FLIP/22:31
jkoelker;)22:31
sbalukoffYou'll need to define what you mean by tunnel in these diagrams (as in, is it a "usual" tunnel, or something else?)22:31
jkoelkervxlan or stt, or gre22:31
sbalukoffOk.22:32
dougwigthose don't look like flip's so much as IP's on an external network.22:32
dougwigahh, you mean those as nat gateways, ok22:32
jkoelkeryea22:32
sbalukoffdougwig: Agreed. But we need to have a better definition of what people mean when they say "FLIP", as it's been redefined several times throughout the conversation.22:32
sbalukoffWe do need a glossary here, eh!22:32
jkoelkersorry, there are only 2 hard problems in computer science, cache invalidation, naming things, and off by 1 errors22:32
sbalukoff:D22:32
sbalukoff+122:32
*** vivek-ebay has quit IRC22:33
dougwigso where is the LB vip in that picture?  (internal and/or external nat) ?22:33
dougwigor is that current topology for VMs?22:33
*** vivek-ebay has joined #openstack-lbaas22:33
jkoelkerthe vip is physically is at the FLIP boxes22:33
jkoelkeron all of them22:33
jkoelkerthe idea is that we get traffic shunted via ecmp to any of the availible boxes22:34
sbalukoffjkoelker: It would be great to see how Octavia components fit into this too. (where are the amphorae? To which networks do the amphorae connect? To which networks do the controllers connect? etc.)22:34
dougwigso the amphoras and member VMs live in the same internal networks, and the VIP is a nat'ed IP to an amphora's internal VM ip?22:34
jkoelkerus an ovs flow table set that flips the DST ip to the one that the LB uses (see it punny!)22:34
jkoelkerthey all live on the hypervisors, as guests/containers22:35
jkoelkeror could possibly be bare metal with ironic22:35
sbalukoffAgain, seeing that diagrammed out will help with understanding this.22:36
jkoelkerone of my goals with this was to make it so its just another peice of lego that we use to build up the systems22:36
dougwigright.  two uses case problems: how do amps talk to members, and how does the outside world talk to the amp (LB)?  from your diagram, amp -> member is internal routing, and internet -> amp is via a nat'ed ip to an internal VM ip, correct?22:36
sbalukoffRight. I'm looking for context and trying to get my bearings using terms and concepts I'm already familiar with.22:36
jkoelkerwheither that is octavia vips or neutron floating ips for customers, we would liek to use the same arch22:36
jkoelkeryea i need to clean up a bunch more diagrams and remove all the crud22:37
sbalukoffOk.22:37
jkoelkerthis was the one i had already ready and handy-ish22:37
sbalukoffI also need to take care of some non-Octavia related stuff for a bit, so I'mma go effectively AFK for a while unless someone pings me by name here.22:38
jkoelkerdougwig: correct22:38
jkoelkerif i'mo understanding what amphorae means ;)22:39
jkoelkerthat's the lb processes right?22:39
dougwigamphorae == vm/container/bare-metal that's running the actual load balancing goo (harpy)22:39
dougwighaproxy22:39
jkoelkerkk22:39
dougwigit's roman for container, since we couldn't just pick vm or container.22:39
jkoelkerso amps would then talk to members via existing overlay neutron networks22:40
jkoelkerand the outside talks to the amp via the NAT/FLIP boxen22:40
dougwigvia implicit l3 routing, or do you need ports into member subnets plugged?22:40
dougwigfor amp -> member22:40
jkoelkerimplicit l3 routing22:40
dougwigsweet, that's a common and straight-forward use case.22:41
jkoelkerso via those 2 draft rfcs, BGP can advirtise out a tuple of network-id, ip address, mac address, and tunnel endpoint22:41
jkoelkerso the idea is the host that is running the amps would advirtise up to the NAT boxes the current location of that tuple (which is pretty much just the neutron port)22:42
dougwigand can i assume that your neutron and/or sdn fabric is handling that part of the plumbing?22:42
jkoelkerthe NAT boxes then listen to the update messages and modify the ovs flows such that traffic from a particular vip/flip will tunnel (via stt, gre, or vxlan (also able to be advirtised up via BGP)) will terminate on the tunnel endpoint22:43
jkoelkercorrect22:43
dougwigthat's even simpler than the current namespace haproxy driver, to be honest.  (very similar to many of the current hardware drivers.)22:44
jkoelkeron the amp hosts then, the "public" size of the LB would then plug into an intermediary ovs bridge that will determine if the outbound traffic should go to the NAT/FLIP boxes or not, and take the inbound traffic and deliver it to the vif22:44
jkoelkerthe cool thing i like, is that on the NAT/FLIP boxes we can use the ovs bundle action to spread the traffic out then to one of many potential amps22:46
jkoelkerso a FLIP could be associated with more than 1 neutron port to scale out, without having to have a ton of different flavor sizes for the lb's22:46
jkoelkerthe downside of course is draining will be interesting22:46
dougwigi think the mountain of debate up above might be because folks were assuming that octavia had to do this wiring, which unless i'm misunderstanding, it's all stock (heck, the topology would almost work with nova-network, even.)22:47
jkoelker;)22:47
jkoelkeryea i'm all about legos22:48
jkoelkerso just to give ya'll a heads up, the email is gonna be pretty light on implementation ideas, mostly because we're trying to start a discusstion about it22:49
jkoelkerand i'm under the gun to get that discustion rolling22:49
dougwigi think the email can say, "shut up and do less work" and be close to adding clarity.22:50
jkoelkerlulz22:50
*** mugu has joined #openstack-lbaas22:53
*** BeardyMcBeards has joined #openstack-lbaas22:53
*** mlavalle has quit IRC22:53
*** Clev_ has joined #openstack-lbaas22:54
*** jorgem has joined #openstack-lbaas22:55
johnsomWould be interested to understand the session persistence22:58
jkoelkertcp session?22:59
jkoelkerthe bundle command take the tcp tuple as the input to its hash22:59
johnsomHTTP session persistence for customer traffic.  example is incoming HTTP session needs to hit the same amp listener and backend22:59
jkoelkerso as long as its the same tcp session, it will get to the same host22:59
rm_worksee, jkoelker does about 1000000x better at explaining this low-level networking stuff than me trying to regurgitate everything badly23:00
jkoelkerah, ok, that's a function of the lb then23:00
rm_workjohnsom: session persistence is guaranteed to the amphora, so the amphora is in charge of session persistence at that point, as would be expected23:00
jkoelkersince we get all tcp sessions to the same lb, then haproxy can then take into account the http session to deliver it to the right member23:00
johnsomThat is what I was trying to make sure we had covered, the path upstream of the amp23:00
rm_workjohnsom: yeah, that is handled via the hashing of TCP source/dest/etc combo23:01
johnsombundle command is a function of the flip/nat boxen?23:01
jkoelkeryea its an openflow action23:01
jkoelkermight be an NXM extension, but its in ovs ;)23:01
jkoelkerwhich is good enough for me ;)23:02
johnsomCool.  I am very rusty on the state of openflow match/actions23:02
roharablogan: you still kickin' around?23:02
mugurm_work: huehuhehuehueheuhue23:04
rm_workmugu: >_<23:05
mugurm_work: ^_^23:05
rm_workmugu: T_T23:05
mugui dont even know what that one is23:06
bloganrohara: here but trying to catch up on the thesis above23:06
*** vivek-ebay has quit IRC23:06
*** vivek-ebay has joined #openstack-lbaas23:07
roharablogan: np, i annoyed sbalukoff with my musings23:14
*** Clev_ has quit IRC23:20
jkoelkerso clev sent the email out with the header "[openstack-dev] [Neutron] [RFC] Floating IP idea solicitation and collaboration"23:26
jkoelkeri'm still working on cleaning up digrams and will reply adding context and the like as I get them finished23:26
rm_workjkoelker: so you weren't deemed worthy enough to actually SEND the email? or clev just wanted all the credit? :P23:28
clevjust stealing all the credit for jkoelker's ideas23:28
clev;-)23:28
rm_workwoo I will read it now, avoided reading the draft because *spoilers* :P23:29
clevWe all know who the real brains of this operation are23:29
sbalukoffThanks guys! I shall read and comment.23:29
clevThanks in advance for any thoughts or contributions23:31
*** vivek-eb_ has joined #openstack-lbaas23:44
*** vivek-ebay has quit IRC23:44
« Tuesday, 2014-12-02 Index Thursday, 2014-12-04 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!