| 2020-07-29 15:00:08 |
Rafael Weingartner |
bug |
|
|
added bug |
| 2020-07-29 15:17:02 |
Rafael Weingartner |
summary |
Add source-ip-prefix to Neutron metering label rules |
Add local-ip-prefix to Neutron metering label rules |
|
| 2020-07-29 15:17:04 |
Rafael Weingartner |
description |
Problem Description
=================
Neutron metering label rules have a parameter called "--remote-ip-prefix", which would allow operators to filter traffic based on the remote IP address. However, since [1], its meaning was changed to the exact opposite, which makes a bit of confusion. Instead of matching on the remote prefix (towards the external interface), it matches the local prefix (towards the OS tenant network).
Ideally, to satisfy the use case presented in [1] (which was achieved by inverting the use of "remote-ip-prefix"), operators should be able to create rules based on source-ip-prefix and remote-ip-prefix.
[1] https://opendev.org/openstack/neutron/commit/92db1d4a2c49b1f675b6a9552a8cc5a417973b64
Proposed Change
===============
Therefore, we propose to introduce a new parameter in the Neutron metering rule API. This new parameter would be called "source_ip_prefix", representing the source IP of the traffic.
This change would also introduce a change in behavior of the "remote_ip_prefix", which would start to match the remote IP, instead of the local/source IP as it is doing since [1].
The "remote_ip_prefix" and "source_ip_prefix" could be used together, or only one of them can be defined. However, a metering rule must always have at least one of them (source_ip_prefix or remote_ip_prefix) defined.
## API JSON
Current JSON for "v2.0/metering/metering-label-rules" endpoint:
{
"remote_ip_prefix": "0.0.0.0/0",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
Adding new attributes :
{
"remote_ip_prefix": "0.0.0.0/0",
"source_ip_prefix": "192.168.0.14/32",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
## Database table changes
Currently, the table "meteringlabelrules" is defined as:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
We would add a new field to it. Therefore, it would look like:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| source_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
Moreover, during the upgrade process, the "remote_ip_prefix" would be set to "source_ip_prefix", and then we would set null in the "remote_ip_prefix" column. This is done to maintain compatibility with the changes introduced via [1].
## Neutron Metering agent changes
The IPtables driver in the metering agent will need to handle the new parameters "source_ip_prefix" and "remote_ip_prefix" properly. When building the IPtable rules the parameter "remote_ip_prefix" (if defined) will be used with the option "-d" (IPtables option) for egress rules and "-s" (IPtables option) for ingress rules. On the other hand, the parameter "source_ip_prefix" (if defined) will be used with option "-s"(IPtables option) for egress rules, and "-d"(IPtables option) for ingress rules.
## API impacts
People using the API to configure local IP prefixes via the "remote_ip_prefix" parameter would need to start using the "source_ip_prefix" parameter. |
Problem Description
=================
Neutron metering label rules have a parameter called "remote-ip-prefix", which would allow operators to filter traffic based on the remote IP address. However, since [1], its meaning was changed to the exact opposite, which makes a bit of confusion. Instead of matching on the remote prefix (towards the external interface), it matches the local prefix (towards the OS tenant network).
Ideally, to satisfy the use case presented in [1] (which was achieved by inverting the use of "remote-ip-prefix"), operators should be able to create rules based on local-ip-prefix and remote-ip-prefix.
[1] https://opendev.org/openstack/neutron/commit/92db1d4a2c49b1f675b6a9552a8cc5a417973b64
Proposed Change
===============
Therefore, we propose to introduce a new parameter in the Neutron metering rule API. This new parameter would be called "local_ip_prefix", representing the local IP of the traffic.
This change would also introduce a change in behavior of the "remote_ip_prefix", which would start to match the remote IP, instead of the local IP as it is doing since [1].
The "remote_ip_prefix" and "local_ip_prefix" could be used together, or only one of them can be defined. However, a metering rule must always have at least one of them (local_ip_prefix or remote_ip_prefix) defined.
## API JSON
Current JSON for "v2.0/metering/metering-label-rules" endpoint:
{
"remote_ip_prefix": "0.0.0.0/0",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
Adding new attributes :
{
"remote_ip_prefix": "0.0.0.0/0",
"local_ip_prefix": "192.168.0.14/32",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
## Database table changes
Currently, the table "meteringlabelrules" is defined as:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
We would add a new field to it. Therefore, it would look like:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| local_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
Moreover, during the upgrade process, the "remote_ip_prefix" would be set to "local_ip_prefix", and then we would set null in the "remote_ip_prefix" column. This is done to maintain compatibility with the changes introduced via [1].
## Neutron Metering agent changes
The IPtables driver in the metering agent will need to handle the new parameters "local_ip_prefix" and "remote_ip_prefix" properly. When building the IPtable rules the parameter "remote_ip_prefix" (if defined) will be used with the option "-d" (IPtables option) for egress rules and "-s" (IPtables option) for ingress rules. On the other hand, the parameter "local_ip_prefix" (if defined) will be used with option "-s"(IPtables option) for egress rules, and "-d"(IPtables option) for ingress rules.
## API impacts
People using the API to configure local IP prefixes via the "remote_ip_prefix" parameter would need to start using the "local_ip_prefix" parameter. |
|
| 2020-07-29 17:39:44 |
Rafael Weingartner |
description |
Problem Description
=================
Neutron metering label rules have a parameter called "remote-ip-prefix", which would allow operators to filter traffic based on the remote IP address. However, since [1], its meaning was changed to the exact opposite, which makes a bit of confusion. Instead of matching on the remote prefix (towards the external interface), it matches the local prefix (towards the OS tenant network).
Ideally, to satisfy the use case presented in [1] (which was achieved by inverting the use of "remote-ip-prefix"), operators should be able to create rules based on local-ip-prefix and remote-ip-prefix.
[1] https://opendev.org/openstack/neutron/commit/92db1d4a2c49b1f675b6a9552a8cc5a417973b64
Proposed Change
===============
Therefore, we propose to introduce a new parameter in the Neutron metering rule API. This new parameter would be called "local_ip_prefix", representing the local IP of the traffic.
This change would also introduce a change in behavior of the "remote_ip_prefix", which would start to match the remote IP, instead of the local IP as it is doing since [1].
The "remote_ip_prefix" and "local_ip_prefix" could be used together, or only one of them can be defined. However, a metering rule must always have at least one of them (local_ip_prefix or remote_ip_prefix) defined.
## API JSON
Current JSON for "v2.0/metering/metering-label-rules" endpoint:
{
"remote_ip_prefix": "0.0.0.0/0",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
Adding new attributes :
{
"remote_ip_prefix": "0.0.0.0/0",
"local_ip_prefix": "192.168.0.14/32",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
## Database table changes
Currently, the table "meteringlabelrules" is defined as:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
We would add a new field to it. Therefore, it would look like:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| local_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
Moreover, during the upgrade process, the "remote_ip_prefix" would be set to "local_ip_prefix", and then we would set null in the "remote_ip_prefix" column. This is done to maintain compatibility with the changes introduced via [1].
## Neutron Metering agent changes
The IPtables driver in the metering agent will need to handle the new parameters "local_ip_prefix" and "remote_ip_prefix" properly. When building the IPtable rules the parameter "remote_ip_prefix" (if defined) will be used with the option "-d" (IPtables option) for egress rules and "-s" (IPtables option) for ingress rules. On the other hand, the parameter "local_ip_prefix" (if defined) will be used with option "-s"(IPtables option) for egress rules, and "-d"(IPtables option) for ingress rules.
## API impacts
People using the API to configure local IP prefixes via the "remote_ip_prefix" parameter would need to start using the "local_ip_prefix" parameter. |
Problem Description
=================
Neutron metering label rules have a parameter called "remote-ip-prefix", which would allow operators to filter traffic based on the remote IP address. However, since [1], its meaning was changed to the exact opposite, which makes a bit of confusion. Instead of matching on the remote prefix (towards the external interface), it matches the local prefix (towards the OS tenant network).
Ideally, to satisfy the use case presented in [1] (which was achieved by inverting the use of "remote-ip-prefix"), operators should be able to create rules based on local-ip-prefix and remote-ip-prefix.
[1] https://opendev.org/openstack/neutron/commit/92db1d4a2c49b1f675b6a9552a8cc5a417973b64
Proposed Change
===============
Therefore, we propose to introduce a new parameter in the Neutron metering rule API. This new parameter would be called "local_ip_prefix", representing the local IP of the traffic.
This change would also introduce a change in behavior of the "remote_ip_prefix", which would start to match the remote IP, instead of the local IP as it is doing since [1].
The "remote_ip_prefix" and "local_ip_prefix" could be used together, or only one of them can be defined. However, a metering rule must always have at least one of them (local_ip_prefix or remote_ip_prefix) defined.
## API JSON
Current JSON for "v2.0/metering/metering-label-rules" endpoint:
{
"remote_ip_prefix": "0.0.0.0/0",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
Adding new attributes :
{
"remote_ip_prefix": "0.0.0.0/0",
"local_ip_prefix": "192.168.0.14/32",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
## Database table changes
Currently, the table "meteringlabelrules" is defined as:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
We would add a new field to it. Therefore, it would look like:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| local_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
Moreover, during the upgrade process, the "remote_ip_prefix" would be set to "local_ip_prefix", and then we would set null in the "remote_ip_prefix" column. This is done to maintain compatibility with the changes introduced via [1].
## Neutron Metering agent changes
The IPtables driver in the metering agent will need to handle the new parameters "local_ip_prefix" and "remote_ip_prefix" properly. When building the IPtable rules the parameter "remote_ip_prefix" (if defined) will be used with the option "-d" (IPtables option) for egress rules and "-s" (IPtables option) for ingress rules. On the other hand, the parameter "local_ip_prefix" (if defined) will be used with option "-s"(IPtables option) for egress rules, and "-d"(IPtables option) for ingress rules.
## API impacts
People using the API to configure local IP prefixes via the "remote_ip_prefix" parameter would need to start using the "local_ip_prefix" parameter.
## Foreseen tasks
- neutron_lib
-- add new attribute in api/definitions/metering.py
-- fix JSON of examples and documentation
-- YAML of documentation
- neutron
-- Add the new DB field in objects.metering.MeteringLabelRule
-- DB script in neutron/db/migration/alembic_migrations/versions/victoria
--- add new field nullable
--- migration to fix the legacy data
-- Change execution flow in Neutron and Neutron meteting agent to use the new field.
- OpenStack SDK
-- add the new field
- OpenStack python client
-- add the new field |
|
| 2020-07-29 17:47:41 |
Rafael Weingartner |
summary |
Add local-ip-prefix to Neutron metering label rules |
[RFE] Add local-ip-prefix to Neutron metering label rules |
|
| 2020-07-29 18:32:28 |
Rafael Weingartner |
description |
Problem Description
=================
Neutron metering label rules have a parameter called "remote-ip-prefix", which would allow operators to filter traffic based on the remote IP address. However, since [1], its meaning was changed to the exact opposite, which makes a bit of confusion. Instead of matching on the remote prefix (towards the external interface), it matches the local prefix (towards the OS tenant network).
Ideally, to satisfy the use case presented in [1] (which was achieved by inverting the use of "remote-ip-prefix"), operators should be able to create rules based on local-ip-prefix and remote-ip-prefix.
[1] https://opendev.org/openstack/neutron/commit/92db1d4a2c49b1f675b6a9552a8cc5a417973b64
Proposed Change
===============
Therefore, we propose to introduce a new parameter in the Neutron metering rule API. This new parameter would be called "local_ip_prefix", representing the local IP of the traffic.
This change would also introduce a change in behavior of the "remote_ip_prefix", which would start to match the remote IP, instead of the local IP as it is doing since [1].
The "remote_ip_prefix" and "local_ip_prefix" could be used together, or only one of them can be defined. However, a metering rule must always have at least one of them (local_ip_prefix or remote_ip_prefix) defined.
## API JSON
Current JSON for "v2.0/metering/metering-label-rules" endpoint:
{
"remote_ip_prefix": "0.0.0.0/0",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
Adding new attributes :
{
"remote_ip_prefix": "0.0.0.0/0",
"local_ip_prefix": "192.168.0.14/32",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
## Database table changes
Currently, the table "meteringlabelrules" is defined as:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
We would add a new field to it. Therefore, it would look like:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| local_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
Moreover, during the upgrade process, the "remote_ip_prefix" would be set to "local_ip_prefix", and then we would set null in the "remote_ip_prefix" column. This is done to maintain compatibility with the changes introduced via [1].
## Neutron Metering agent changes
The IPtables driver in the metering agent will need to handle the new parameters "local_ip_prefix" and "remote_ip_prefix" properly. When building the IPtable rules the parameter "remote_ip_prefix" (if defined) will be used with the option "-d" (IPtables option) for egress rules and "-s" (IPtables option) for ingress rules. On the other hand, the parameter "local_ip_prefix" (if defined) will be used with option "-s"(IPtables option) for egress rules, and "-d"(IPtables option) for ingress rules.
## API impacts
People using the API to configure local IP prefixes via the "remote_ip_prefix" parameter would need to start using the "local_ip_prefix" parameter.
## Foreseen tasks
- neutron_lib
-- add new attribute in api/definitions/metering.py
-- fix JSON of examples and documentation
-- YAML of documentation
- neutron
-- Add the new DB field in objects.metering.MeteringLabelRule
-- DB script in neutron/db/migration/alembic_migrations/versions/victoria
--- add new field nullable
--- migration to fix the legacy data
-- Change execution flow in Neutron and Neutron meteting agent to use the new field.
- OpenStack SDK
-- add the new field
- OpenStack python client
-- add the new field |
Problem Description
=================
Neutron metering label rules have a parameter called "remote-ip-prefix", which would allow operators to filter traffic based on the remote IP address. However, since [1], its meaning was changed to the exact opposite, which makes a bit of confusion. Instead of matching on the remote prefix (towards the external interface), it matches the local prefix (towards the OS tenant network).
Ideally, to satisfy the use case presented in [1] (which was achieved by inverting the use of "remote-ip-prefix"), operators should be able to create rules based on local-ip-prefix and remote-ip-prefix.
[1] https://opendev.org/openstack/neutron/commit/92db1d4a2c49b1f675b6a9552a8cc5a417973b64
Proposed Change
===============
Therefore, we propose to introduce a new parameter in the Neutron metering rule API. This new parameter would be called "local_ip_prefix", representing the local IP of the traffic.
This change would also introduce a change in behavior of the "remote_ip_prefix", which would start to match the remote IP, instead of the local IP as it is doing since [1].
The "remote_ip_prefix" and "local_ip_prefix" could be used together, or only one of them can be defined. However, a metering rule must always have at least one of them (local_ip_prefix or remote_ip_prefix) defined.
## API JSON
Current JSON for "v2.0/metering/metering-label-rules" endpoint:
{
"remote_ip_prefix": "0.0.0.0/0",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
Adding new attributes :
{
"remote_ip_prefix": "0.0.0.0/0",
"local_ip_prefix": "192.168.0.14/32",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
## Database table changes
Currently, the table "meteringlabelrules" is defined as:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
We would add a new field to it. Therefore, it would look like:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| local_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
Moreover, during the upgrade process, the "remote_ip_prefix" would be set to "local_ip_prefix", and then we would set null in the "remote_ip_prefix" column. This is done to maintain compatibility with the changes introduced via [1].
## Neutron Metering agent changes
The IPtables driver in the metering agent will need to handle the new parameters "local_ip_prefix" and "remote_ip_prefix" properly. When building the IPtable rules the parameter "remote_ip_prefix" (if defined) will be used with the option "-d" (IPtables option) for egress rules and "-s" (IPtables option) for ingress rules. On the other hand, the parameter "local_ip_prefix" (if defined) will be used with option "-s"(IPtables option) for egress rules, and "-d"(IPtables option) for ingress rules.
## API impacts
People using the API to configure local IP prefixes via the "remote_ip_prefix" parameter would need to start using the "local_ip_prefix" parameter.
## Validations
Metering label rules cannot overlap the combination of remote and local ip prefixes, remote (without local ip prefix), and local (without remote IP prefix).
## Foreseen tasks
- neutron_lib
-- add new attribute in api/definitions/metering.py
-- fix JSON of examples and documentation
-- YAML of documentation
- neutron
-- Add the new DB field in objects.metering.MeteringLabelRule
-- DB script in neutron/db/migration/alembic_migrations/versions/victoria
--- add new field nullable
--- migration to fix the legacy data
-- Change execution flow in Neutron and Neutron meteting agent to use the new field.
- OpenStack SDK
-- add the new field
- OpenStack python client
-- add the new field |
|
| 2020-07-29 19:21:30 |
OpenStack Infra |
neutron: status |
New |
In Progress |
|
| 2020-07-29 19:21:30 |
OpenStack Infra |
neutron: assignee |
|
Rafael Weingartner (rafaelweingartner) |
|
| 2020-07-30 07:31:13 |
Slawek Kaplonski |
neutron: importance |
Undecided |
Wishlist |
|
| 2020-07-30 07:31:36 |
Slawek Kaplonski |
tags |
|
api-ref metering rfe-triaged |
|
| 2020-07-30 13:24:17 |
Rafael Weingartner |
description |
Problem Description
=================
Neutron metering label rules have a parameter called "remote-ip-prefix", which would allow operators to filter traffic based on the remote IP address. However, since [1], its meaning was changed to the exact opposite, which makes a bit of confusion. Instead of matching on the remote prefix (towards the external interface), it matches the local prefix (towards the OS tenant network).
Ideally, to satisfy the use case presented in [1] (which was achieved by inverting the use of "remote-ip-prefix"), operators should be able to create rules based on local-ip-prefix and remote-ip-prefix.
[1] https://opendev.org/openstack/neutron/commit/92db1d4a2c49b1f675b6a9552a8cc5a417973b64
Proposed Change
===============
Therefore, we propose to introduce a new parameter in the Neutron metering rule API. This new parameter would be called "local_ip_prefix", representing the local IP of the traffic.
This change would also introduce a change in behavior of the "remote_ip_prefix", which would start to match the remote IP, instead of the local IP as it is doing since [1].
The "remote_ip_prefix" and "local_ip_prefix" could be used together, or only one of them can be defined. However, a metering rule must always have at least one of them (local_ip_prefix or remote_ip_prefix) defined.
## API JSON
Current JSON for "v2.0/metering/metering-label-rules" endpoint:
{
"remote_ip_prefix": "0.0.0.0/0",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
Adding new attributes :
{
"remote_ip_prefix": "0.0.0.0/0",
"local_ip_prefix": "192.168.0.14/32",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
## Database table changes
Currently, the table "meteringlabelrules" is defined as:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
We would add a new field to it. Therefore, it would look like:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| local_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
Moreover, during the upgrade process, the "remote_ip_prefix" would be set to "local_ip_prefix", and then we would set null in the "remote_ip_prefix" column. This is done to maintain compatibility with the changes introduced via [1].
## Neutron Metering agent changes
The IPtables driver in the metering agent will need to handle the new parameters "local_ip_prefix" and "remote_ip_prefix" properly. When building the IPtable rules the parameter "remote_ip_prefix" (if defined) will be used with the option "-d" (IPtables option) for egress rules and "-s" (IPtables option) for ingress rules. On the other hand, the parameter "local_ip_prefix" (if defined) will be used with option "-s"(IPtables option) for egress rules, and "-d"(IPtables option) for ingress rules.
## API impacts
People using the API to configure local IP prefixes via the "remote_ip_prefix" parameter would need to start using the "local_ip_prefix" parameter.
## Validations
Metering label rules cannot overlap the combination of remote and local ip prefixes, remote (without local ip prefix), and local (without remote IP prefix).
## Foreseen tasks
- neutron_lib
-- add new attribute in api/definitions/metering.py
-- fix JSON of examples and documentation
-- YAML of documentation
- neutron
-- Add the new DB field in objects.metering.MeteringLabelRule
-- DB script in neutron/db/migration/alembic_migrations/versions/victoria
--- add new field nullable
--- migration to fix the legacy data
-- Change execution flow in Neutron and Neutron meteting agent to use the new field.
- OpenStack SDK
-- add the new field
- OpenStack python client
-- add the new field |
Problem Description
=================
Neutron metering label rules have a parameter called "remote-ip-prefix", which would allow operators to filter traffic based on the remote IP address. However, since [1], its meaning was changed to the exact opposite, which makes a bit of confusion. Instead of matching on the remote prefix (towards the external interface), it matches the local prefix (towards the OS tenant network).
Ideally, to satisfy the use case presented in [1] (which was achieved by inverting the use of "remote-ip-prefix"), operators should be able to create rules based on local-ip-prefix and remote-ip-prefix.
[1] https://opendev.org/openstack/neutron/commit/92db1d4a2c49b1f675b6a9552a8cc5a417973b64
Proposed Change
===============
Therefore, we propose to introduce a new parameter in the Neutron metering rule API. This new parameter would be called "local_ip_prefix", representing the local IP of the traffic.
This change would also introduce a change in behavior of the "remote_ip_prefix", which would start to match the remote IP, instead of the local IP as it is doing since [1].
The "remote_ip_prefix" and "local_ip_prefix" could be used together, or only one of them can be defined. However, a metering rule must always have at least one of them (local_ip_prefix or remote_ip_prefix) defined.
## API JSON
Current JSON for "v2.0/metering/metering-label-rules" endpoint:
{
"remote_ip_prefix": "0.0.0.0/0",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
Adding new attributes :
{
"remote_ip_prefix": "0.0.0.0/0",
"local_ip_prefix": "192.168.0.14/32",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
## Database table changes
Currently, the table "meteringlabelrules" is defined as:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
We would add a new field to it. Therefore, it would look like:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| local_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
Moreover, during the upgrade process, the "remote_ip_prefix" would be set to "local_ip_prefix", and then we would set null in the "remote_ip_prefix" column. This is done to maintain compatibility with the changes introduced via [1].
## Neutron Metering agent changes
The IPtables driver in the metering agent will need to handle the new parameters "local_ip_prefix" and "remote_ip_prefix" properly. When building the IPtable rules the parameter "remote_ip_prefix" (if defined) will be used with the option "-d" (IPtables option) for egress rules and "-s" (IPtables option) for ingress rules. On the other hand, the parameter "local_ip_prefix" (if defined) will be used with option "-s"(IPtables option) for egress rules, and "-d"(IPtables option) for ingress rules.
## API impacts
People using the API to configure local IP prefixes via the "remote_ip_prefix" parameter would need to start using the "local_ip_prefix" parameter.
## Validations
Metering label rules cannot overlap the combination of remote and local ip prefixes, remote (without local ip prefix), and local (without remote IP prefix).
## Foreseen tasks
- neutron_lib
-- add new attribute in api/definitions/metering.py
-- fix JSON of examples and documentation
-- YAML of documentation
- neutron
-- Add the new DB field in objects.metering.MeteringLabelRule and neutron/db/models/metering.MeteringLabelRule
-- DB script in neutron/db/migration/alembic_migrations/versions/victoria
--- add new field nullable
--- migration to fix the legacy data
-- Change execution flow in Neutron and Neutron meteting agent to use the new field.
- OpenStack SDK
-- add the new field
- OpenStack python client
-- add the new field |
|
| 2020-07-30 16:00:47 |
Rafael Weingartner |
description |
Problem Description
=================
Neutron metering label rules have a parameter called "remote-ip-prefix", which would allow operators to filter traffic based on the remote IP address. However, since [1], its meaning was changed to the exact opposite, which makes a bit of confusion. Instead of matching on the remote prefix (towards the external interface), it matches the local prefix (towards the OS tenant network).
Ideally, to satisfy the use case presented in [1] (which was achieved by inverting the use of "remote-ip-prefix"), operators should be able to create rules based on local-ip-prefix and remote-ip-prefix.
[1] https://opendev.org/openstack/neutron/commit/92db1d4a2c49b1f675b6a9552a8cc5a417973b64
Proposed Change
===============
Therefore, we propose to introduce a new parameter in the Neutron metering rule API. This new parameter would be called "local_ip_prefix", representing the local IP of the traffic.
This change would also introduce a change in behavior of the "remote_ip_prefix", which would start to match the remote IP, instead of the local IP as it is doing since [1].
The "remote_ip_prefix" and "local_ip_prefix" could be used together, or only one of them can be defined. However, a metering rule must always have at least one of them (local_ip_prefix or remote_ip_prefix) defined.
## API JSON
Current JSON for "v2.0/metering/metering-label-rules" endpoint:
{
"remote_ip_prefix": "0.0.0.0/0",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
Adding new attributes :
{
"remote_ip_prefix": "0.0.0.0/0",
"local_ip_prefix": "192.168.0.14/32",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
## Database table changes
Currently, the table "meteringlabelrules" is defined as:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
We would add a new field to it. Therefore, it would look like:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| local_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
Moreover, during the upgrade process, the "remote_ip_prefix" would be set to "local_ip_prefix", and then we would set null in the "remote_ip_prefix" column. This is done to maintain compatibility with the changes introduced via [1].
## Neutron Metering agent changes
The IPtables driver in the metering agent will need to handle the new parameters "local_ip_prefix" and "remote_ip_prefix" properly. When building the IPtable rules the parameter "remote_ip_prefix" (if defined) will be used with the option "-d" (IPtables option) for egress rules and "-s" (IPtables option) for ingress rules. On the other hand, the parameter "local_ip_prefix" (if defined) will be used with option "-s"(IPtables option) for egress rules, and "-d"(IPtables option) for ingress rules.
## API impacts
People using the API to configure local IP prefixes via the "remote_ip_prefix" parameter would need to start using the "local_ip_prefix" parameter.
## Validations
Metering label rules cannot overlap the combination of remote and local ip prefixes, remote (without local ip prefix), and local (without remote IP prefix).
## Foreseen tasks
- neutron_lib
-- add new attribute in api/definitions/metering.py
-- fix JSON of examples and documentation
-- YAML of documentation
- neutron
-- Add the new DB field in objects.metering.MeteringLabelRule and neutron/db/models/metering.MeteringLabelRule
-- DB script in neutron/db/migration/alembic_migrations/versions/victoria
--- add new field nullable
--- migration to fix the legacy data
-- Change execution flow in Neutron and Neutron meteting agent to use the new field.
- OpenStack SDK
-- add the new field
- OpenStack python client
-- add the new field |
Problem Description
=================
Neutron metering label rules have a parameter called "remote-ip-prefix", which would allow operators to filter traffic based on the remote IP address. However, since [1], its meaning was changed to the exact opposite, which makes a bit of confusion. Instead of matching on the remote prefix (towards the external interface), it matches the local prefix (towards the OS tenant network).
Ideally, to satisfy the use case presented in [1] (which was achieved by inverting the use of "remote-ip-prefix"), operators should be able to create rules based on local-ip-prefix and remote-ip-prefix.
[1] https://opendev.org/openstack/neutron/commit/92db1d4a2c49b1f675b6a9552a8cc5a417973b64
Proposed Change
===============
Therefore, we propose to introduce a new parameter in the Neutron metering rule API. This new parameter would be called "local_ip_prefix", representing the local IP of the traffic.
This change would also introduce a change in behavior of the "remote_ip_prefix", which would start to match the remote IP, instead of the local IP as it is doing since [1].
The "remote_ip_prefix" and "local_ip_prefix" could be used together, or only one of them can be defined. However, a metering rule must always have at least one of them (local_ip_prefix or remote_ip_prefix) defined.
## API JSON
Current JSON for "v2.0/metering/metering-label-rules" endpoint:
{
"remote_ip_prefix": "0.0.0.0/0",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
Adding new attributes :
{
"remote_ip_prefix": "0.0.0.0/0",
"local_ip_prefix": "192.168.0.14/32",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
## Database table changes
Currently, the table "meteringlabelrules" is defined as:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
We would add a new field to it. Therefore, it would look like:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| local_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
Moreover, during the upgrade process, the "remote_ip_prefix" would be set to "local_ip_prefix", and then we would set null in the "remote_ip_prefix" column. This is done to maintain compatibility with the changes introduced via [1].
## Neutron Metering agent changes
The IPtables driver in the metering agent will need to handle the new parameters "local_ip_prefix" and "remote_ip_prefix" properly. When building the IPtable rules the parameter "remote_ip_prefix" (if defined) will be used with the option "-d" (IPtables option) for egress rules and "-s" (IPtables option) for ingress rules. On the other hand, the parameter "local_ip_prefix" (if defined) will be used with option "-s"(IPtables option) for egress rules, and "-d"(IPtables option) for ingress rules.
## API impacts
People using the API to configure local IP prefixes via the "remote_ip_prefix" parameter would need to start using the "local_ip_prefix" parameter.
## Validations
To simplify validations, we propose to remove the overlapping IP_prefixes validations. The rationally behind this removal is that if the operator wants to somehow create rules that overlap, we should not be the ones blocking it.
## Foreseen tasks
- neutron_lib
-- add new attribute in api/definitions/metering.py
-- fix JSON of examples and documentation
-- YAML of documentation
- neutron
-- Add the new DB field in objects.metering.MeteringLabelRule and neutron/db/models/metering.MeteringLabelRule
-- DB script in neutron/db/migration/alembic_migrations/versions/victoria
--- add new field nullable
--- migration to fix the legacy data
-- Change execution flow in Neutron and Neutron meteting agent to use the new field.
- OpenStack SDK
-- add the new field
- OpenStack python client
-- add the new field |
|
| 2020-07-30 16:44:36 |
Rafael Weingartner |
description |
Problem Description
=================
Neutron metering label rules have a parameter called "remote-ip-prefix", which would allow operators to filter traffic based on the remote IP address. However, since [1], its meaning was changed to the exact opposite, which makes a bit of confusion. Instead of matching on the remote prefix (towards the external interface), it matches the local prefix (towards the OS tenant network).
Ideally, to satisfy the use case presented in [1] (which was achieved by inverting the use of "remote-ip-prefix"), operators should be able to create rules based on local-ip-prefix and remote-ip-prefix.
[1] https://opendev.org/openstack/neutron/commit/92db1d4a2c49b1f675b6a9552a8cc5a417973b64
Proposed Change
===============
Therefore, we propose to introduce a new parameter in the Neutron metering rule API. This new parameter would be called "local_ip_prefix", representing the local IP of the traffic.
This change would also introduce a change in behavior of the "remote_ip_prefix", which would start to match the remote IP, instead of the local IP as it is doing since [1].
The "remote_ip_prefix" and "local_ip_prefix" could be used together, or only one of them can be defined. However, a metering rule must always have at least one of them (local_ip_prefix or remote_ip_prefix) defined.
## API JSON
Current JSON for "v2.0/metering/metering-label-rules" endpoint:
{
"remote_ip_prefix": "0.0.0.0/0",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
Adding new attributes :
{
"remote_ip_prefix": "0.0.0.0/0",
"local_ip_prefix": "192.168.0.14/32",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
## Database table changes
Currently, the table "meteringlabelrules" is defined as:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
We would add a new field to it. Therefore, it would look like:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| local_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
Moreover, during the upgrade process, the "remote_ip_prefix" would be set to "local_ip_prefix", and then we would set null in the "remote_ip_prefix" column. This is done to maintain compatibility with the changes introduced via [1].
## Neutron Metering agent changes
The IPtables driver in the metering agent will need to handle the new parameters "local_ip_prefix" and "remote_ip_prefix" properly. When building the IPtable rules the parameter "remote_ip_prefix" (if defined) will be used with the option "-d" (IPtables option) for egress rules and "-s" (IPtables option) for ingress rules. On the other hand, the parameter "local_ip_prefix" (if defined) will be used with option "-s"(IPtables option) for egress rules, and "-d"(IPtables option) for ingress rules.
## API impacts
People using the API to configure local IP prefixes via the "remote_ip_prefix" parameter would need to start using the "local_ip_prefix" parameter.
## Validations
To simplify validations, we propose to remove the overlapping IP_prefixes validations. The rationally behind this removal is that if the operator wants to somehow create rules that overlap, we should not be the ones blocking it.
## Foreseen tasks
- neutron_lib
-- add new attribute in api/definitions/metering.py
-- fix JSON of examples and documentation
-- YAML of documentation
- neutron
-- Add the new DB field in objects.metering.MeteringLabelRule and neutron/db/models/metering.MeteringLabelRule
-- DB script in neutron/db/migration/alembic_migrations/versions/victoria
--- add new field nullable
--- migration to fix the legacy data
-- Change execution flow in Neutron and Neutron meteting agent to use the new field.
- OpenStack SDK
-- add the new field
- OpenStack python client
-- add the new field |
Problem Description
=================
Neutron metering label rules have a parameter called "remote-ip-prefix", which would allow operators to filter traffic based on the remote IP address. However, since [1], its meaning was changed to the exact opposite, which makes a bit of confusion. Instead of matching on the remote prefix (towards the external interface), it matches the local prefix (towards the OS tenant network).
Ideally, to satisfy the use case presented in [1] (which was achieved by inverting the use of "remote-ip-prefix"), operators should be able to create rules based on local-ip-prefix and remote-ip-prefix.
[1] https://opendev.org/openstack/neutron/commit/92db1d4a2c49b1f675b6a9552a8cc5a417973b64
Proposed Change
===============
Therefore, we propose to introduce a new parameter in the Neutron metering rule API. This new parameter would be called "local_ip_prefix", representing the local IP of the traffic.
This change would also introduce a change in behavior of the "remote_ip_prefix", which would start to match the remote IP, instead of the local IP as it is doing since [1].
The "remote_ip_prefix" and "local_ip_prefix" could be used together, or only one of them can be defined. However, a metering rule must always have at least one of them (local_ip_prefix or remote_ip_prefix) defined.
## API JSON
Current JSON for "v2.0/metering/metering-label-rules" endpoint:
{
"remote_ip_prefix": "0.0.0.0/0",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
Adding new attributes :
{
"remote_ip_prefix": "0.0.0.0/0",
"local_ip_prefix": "192.168.0.14/32",
"direction": "egress",
"metering_label_id": "9ffd6512-9d2a-4dd2-9657-6a605126264d",
"id": "f1694467-d866-4d8e-a8dc-18da516caedc",
"excluded": false
}
## Database table changes
Currently, the table "meteringlabelrules" is defined as:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
We would add a new field to it. Therefore, it would look like:
+-------------------+--------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------+--------------------------+------+-----+---------+-------+
| id | varchar(36) | NO | PRI | NULL | |
| direction | enum('ingress','egress') | YES | | NULL | |
| remote_ip_prefix | varchar(64) | YES | | NULL | |
| local_ip_prefix | varchar(64) | YES | | NULL | |
| metering_label_id | varchar(36) | NO | MUL | NULL | |
| excluded | tinyint(1) | YES | | 0 | |
+-------------------+--------------------------+------+-----+---------+-------+
Moreover, during the upgrade process, the "remote_ip_prefix" would be set to "local_ip_prefix", and then we would set null in the "remote_ip_prefix" column. This is done to maintain compatibility with the changes introduced via [1].
## Neutron Metering agent changes
The IPtables driver in the metering agent will need to handle the new parameters "local_ip_prefix" and "remote_ip_prefix" properly. When building the IPtable rules the parameter "remote_ip_prefix" (if defined) will be used with the option "-d" (IPtables option) for egress rules and "-s" (IPtables option) for ingress rules. On the other hand, the parameter "local_ip_prefix" (if defined) will be used with option "-s"(IPtables option) for egress rules, and "-d"(IPtables option) for ingress rules.
## API impacts
People using the API to configure local IP prefixes via the "remote_ip_prefix" parameter would need to start using the "local_ip_prefix" parameter.
## Validations
To simplify validations, we propose to remove the overlapping IP_prefixes validations. The rationally behind this removal is that if the operator wants to somehow create rules that overlap, we should not be the ones blocking it.
We will implement the following validation:
* The remote IP prefix must be a valid IPv4 CIDR
* The local IP prefix must be a valid IPv4 CIDR
* Each metering label rule requires at least remote or local IP prefix to be informed. One can also use both.
## Foreseen tasks
- neutron_lib
-- add new attribute in api/definitions/metering.py
-- fix JSON of examples and documentation
-- YAML of documentation
- neutron
-- Add the new DB field in objects.metering.MeteringLabelRule and neutron/db/models/metering.MeteringLabelRule
-- DB script in neutron/db/migration/alembic_migrations/versions/victoria
--- add new field nullable
--- migration to fix the legacy data
-- Change execution flow in Neutron and Neutron meteting agent to use the new field.
- OpenStack SDK
-- add the new field
- OpenStack python client
-- add the new field |
|
| 2020-07-31 15:05:32 |
Slawek Kaplonski |
tags |
api-ref metering rfe-triaged |
api-ref metering rfe-approved |
|
| 2020-12-11 12:23:14 |
Rafael Weingartner |
neutron: status |
In Progress |
Fix Released |
|
