Group Based Policy

[APIC mapping] Create per-tenant NA -EPG as a part of NAT machinery

Bug #1595689 reported by Amit Bose
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Group Based Policy
Fix Released
High
Amit Bose
Group Based Policy next

Bug Description

Following changes are desired to the way NAT machinery is setup for APIC -
1. Create one EPG for SNAT addresses
2. Create one EPG for every tenant to hold floating-IP endpoints of that tenant

This allows collecting floating-IP stats per tenant.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to group-based-policy (master)

Fix proposed to branch: master
Review: https://review.openstack.org/333558

Changed in group-based-policy:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to group-based-policy (master)

Reviewed: https://review.openstack.org/333558
Committed: https://git.openstack.org/cgit/openstack/group-based-policy/commit/?id=88545a08f702077d376d6e25e1899dc635d6f374
Submitter: Jenkins
Branch: master

commit 88545a08f702077d376d6e25e1899dc635d6f374
Author: Amit Bose <email address hidden>
Date: Wed Jun 22 16:51:39 2016 -0700

    [APIC mapping] Support per-tenant NAT EPGs

    Adds support for option ('per_tenant_nat_epg') to
    enable creating a NAT EPG per tenant. The default
    (i.e. current) behavior is to lump together
    floating-IPs mappend to endpoints from all tenants
    into a single, common "NAT EPG" in APIC. When the new
    option is enabled, instead each tenant gets its own
    NAT EPG and floating-IPs associated with endpoints of
    that tenant are placed in that tenant-specific NAT
    EPG. SNAT endpoints are still put in the common
    NAT EPG.

    Changing this option does not affect existing NAT
    EPG usage. That is, if a tenant was using the common
    NAT EPG before this option was enabled, then it will
    continue to use the common NAT EPG until the tenant
    stops using the external-segment completely. This
    ensures backwards compatibility during upgrade.

    Closes-bug: 1595689

    Change-Id: I31179f8b3b4a554fdfe85be9adbedb4d92220aca
    Signed-off-by: Amit Bose <email address hidden>

Changed in group-based-policy:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to group-based-policy (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/334696

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to group-based-policy (stable/liberty)

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/334697

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to group-based-policy (stable/kilo)

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/334705

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to group-based-policy (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/334716

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to group-based-policy (stable/mitaka)

Reviewed: https://review.openstack.org/334696
Committed: https://git.openstack.org/cgit/openstack/group-based-policy/commit/?id=3b78fcbf87d3ae104547b31d739fdeeb354a4992
Submitter: Jenkins
Branch: stable/mitaka

commit 3b78fcbf87d3ae104547b31d739fdeeb354a4992
Author: Amit Bose <email address hidden>
Date: Wed Jun 22 16:51:39 2016 -0700

    [APIC mapping] Support per-tenant NAT EPGs

    Adds support for option ('per_tenant_nat_epg') to
    enable creating a NAT EPG per tenant. The default
    (i.e. current) behavior is to lump together
    floating-IPs mappend to endpoints from all tenants
    into a single, common "NAT EPG" in APIC. When the new
    option is enabled, instead each tenant gets its own
    NAT EPG and floating-IPs associated with endpoints of
    that tenant are placed in that tenant-specific NAT
    EPG. SNAT endpoints are still put in the common
    NAT EPG.

    Changing this option does not affect existing NAT
    EPG usage. That is, if a tenant was using the common
    NAT EPG before this option was enabled, then it will
    continue to use the common NAT EPG until the tenant
    stops using the external-segment completely. This
    ensures backwards compatibility during upgrade.

    Closes-bug: 1595689

    Change-Id: I31179f8b3b4a554fdfe85be9adbedb4d92220aca
    Signed-off-by: Amit Bose <email address hidden>
    (cherry picked from commit 88545a08f702077d376d6e25e1899dc635d6f374)

tags: added: in-stable-mitaka
tags: added: in-stable-liberty
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to group-based-policy (stable/liberty)

Reviewed: https://review.openstack.org/334697
Committed: https://git.openstack.org/cgit/openstack/group-based-policy/commit/?id=71f2c064811fa2f82ac6220b11a45e824da21e06
Submitter: Jenkins
Branch: stable/liberty

commit 71f2c064811fa2f82ac6220b11a45e824da21e06
Author: Amit Bose <email address hidden>
Date: Wed Jun 22 16:51:39 2016 -0700

    [APIC mapping] Support per-tenant NAT EPGs

    Adds support for option ('per_tenant_nat_epg') to
    enable creating a NAT EPG per tenant. The default
    (i.e. current) behavior is to lump together
    floating-IPs mappend to endpoints from all tenants
    into a single, common "NAT EPG" in APIC. When the new
    option is enabled, instead each tenant gets its own
    NAT EPG and floating-IPs associated with endpoints of
    that tenant are placed in that tenant-specific NAT
    EPG. SNAT endpoints are still put in the common
    NAT EPG.

    Changing this option does not affect existing NAT
    EPG usage. That is, if a tenant was using the common
    NAT EPG before this option was enabled, then it will
    continue to use the common NAT EPG until the tenant
    stops using the external-segment completely. This
    ensures backwards compatibility during upgrade.

    Closes-bug: 1595689

    Change-Id: I31179f8b3b4a554fdfe85be9adbedb4d92220aca
    Signed-off-by: Amit Bose <email address hidden>
    (cherry picked from commit 88545a08f702077d376d6e25e1899dc635d6f374)
    (cherry picked from commit 3b78fcbf87d3ae104547b31d739fdeeb354a4992)

tags: added: in-stable-juno
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to group-based-policy (stable/juno)

Reviewed: https://review.openstack.org/334716
Committed: https://git.openstack.org/cgit/openstack/group-based-policy/commit/?id=2a51c213ba9b537e7bd0268fd6628d295f739a82
Submitter: Jenkins
Branch: stable/juno

commit 2a51c213ba9b537e7bd0268fd6628d295f739a82
Author: Amit Bose <email address hidden>
Date: Wed Jun 22 16:51:39 2016 -0700

    [APIC mapping] Support per-tenant NAT EPGs

    Adds support for option ('per_tenant_nat_epg') to
    enable creating a NAT EPG per tenant. The default
    (i.e. current) behavior is to lump together
    floating-IPs mappend to endpoints from all tenants
    into a single, common "NAT EPG" in APIC. When the new
    option is enabled, instead each tenant gets its own
    NAT EPG and floating-IPs associated with endpoints of
    that tenant are placed in that tenant-specific NAT
    EPG. SNAT endpoints are still put in the common
    NAT EPG.

    Changing this option does not affect existing NAT
    EPG usage. That is, if a tenant was using the common
    NAT EPG before this option was enabled, then it will
    continue to use the common NAT EPG until the tenant
    stops using the external-segment completely. This
    ensures backwards compatibility during upgrade.

    Closes-bug: 1595689

    Change-Id: I31179f8b3b4a554fdfe85be9adbedb4d92220aca
    Signed-off-by: Amit Bose <email address hidden>
    (cherry picked from commit 88545a08f702077d376d6e25e1899dc635d6f374)
    (cherry picked from commit 3b78fcbf87d3ae104547b31d739fdeeb354a4992)
    (cherry picked from commit 71f2c064811fa2f82ac6220b11a45e824da21e06)
    (cherry picked from commit 9a50a19648b2b2b73a11da3bd56646628f5481fb)

tags: added: in-stable-kilo
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to group-based-policy (stable/kilo)

Reviewed: https://review.openstack.org/334705
Committed: https://git.openstack.org/cgit/openstack/group-based-policy/commit/?id=9a50a19648b2b2b73a11da3bd56646628f5481fb
Submitter: Jenkins
Branch: stable/kilo

commit 9a50a19648b2b2b73a11da3bd56646628f5481fb
Author: Amit Bose <email address hidden>
Date: Wed Jun 22 16:51:39 2016 -0700

    [APIC mapping] Support per-tenant NAT EPGs

    Adds support for option ('per_tenant_nat_epg') to
    enable creating a NAT EPG per tenant. The default
    (i.e. current) behavior is to lump together
    floating-IPs mappend to endpoints from all tenants
    into a single, common "NAT EPG" in APIC. When the new
    option is enabled, instead each tenant gets its own
    NAT EPG and floating-IPs associated with endpoints of
    that tenant are placed in that tenant-specific NAT
    EPG. SNAT endpoints are still put in the common
    NAT EPG.

    Changing this option does not affect existing NAT
    EPG usage. That is, if a tenant was using the common
    NAT EPG before this option was enabled, then it will
    continue to use the common NAT EPG until the tenant
    stops using the external-segment completely. This
    ensures backwards compatibility during upgrade.

    Closes-bug: 1595689

    Change-Id: I31179f8b3b4a554fdfe85be9adbedb4d92220aca
    Signed-off-by: Amit Bose <email address hidden>
    (cherry picked from commit 88545a08f702077d376d6e25e1899dc635d6f374)
    (cherry picked from commit 3b78fcbf87d3ae104547b31d739fdeeb354a4992)
    (cherry picked from commit 71f2c064811fa2f82ac6220b11a45e824da21e06)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.