settingsLogin | Registersettings

[Openstack] transfer of IP address between ports

0 votes

Hi colleagues,

imagine, somebody (e.g. me :-) ) needs to transfer IP address between
two ports. The straight way is: release IP address and then assign it to
another port.

The possible problem with this way is time between release and
assignment - during this time, this IP address is in DHCP pool and can
be automatically assigned to some another port upon request.

Any ideas how to prevent leasing this IP address during this time?

Thank you.

--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
asked Aug 28, 2017 in openstack by Volodymyr_Litovka (1,100 points)   1 6 8

10 Responses

0 votes

Hi

You can use fixed ip port for this.
create neutron port and attach it to the one vm.
or
you can use floating ip for this purpose as well

Regards,
Andrew



      1. 오후 10:58, Volodymyr Litovka doka.ua@gmx.com 작성:

Hi colleagues,

imagine, somebody (e.g. me :-) ) needs to transfer IP address between two ports. The straight way is: release IP address and then assign it to another port.

The possible problem with this way is time between release and assignment - during this time, this IP address is in DHCP pool and can be automatically assigned to some another port upon request.

Any ideas how to prevent leasing this IP address during this time?

Thank you.
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
responded Aug 23, 2017 by 공용준 (300 points)  
0 votes

If re-using the port isn't feasible. You can update the allocation pools on
the subnet to exclude the IP address in question. It's hacky, but doing
that before removing it from the original port will ensure it's not
automatically allocated to another port.

On Wed, Aug 23, 2017 at 8:17 AM, 공용준 sstrato.kong@gmail.com wrote:

Hi

You can use fixed ip port for this.
create neutron port and attach it to the one vm.
or
you can use floating ip for this purpose as well

Regards,
Andrew



      1. 오후 10:58, Volodymyr Litovka doka.ua@gmx.com 작성:

Hi colleagues,

imagine, somebody (e.g. me :-) ) needs to transfer IP address between two
ports. The straight way is: release IP address and then assign it to
another port.

The possible problem with this way is time between release and assignment
- during this time, this IP address is in DHCP pool and can be
automatically assigned to some another port upon request.

Any ideas how to prevent leasing this IP address during this time?

Thank you.

--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/
openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/
openstack


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/
openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/
openstack


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
responded Aug 23, 2017 by kevin_at_benton.pub (15,600 points)   2 3 4
0 votes

Hi Andrew,

thanks for the prompt reply.

I'm using fixed ip addresses, not floating IPs. In terms of Heat it
looks like there:

n1-wan:
  type: OS::Neutron::Port
  properties:
    name: n1-wan
    network: e-net
    fixedips: [ { subnet: e-subnet, ipaddress: X.X.X.X } ]

n1:
  type: OS::Nova::Server
  properties:
    name: n1
    networks:
      - port: { get_resource: n1-wan }

and there are some constraints in my installation:

  1. I can't move ports between VMs (in order to support predictable
    naming according to port roles, their MAC addresses are stored in
    udev rules inside VM and if I will change port, rules/roles will fail)
  2. I don't want to use floating ip due to possible performance
    degradation when using massive NAT

Another idea I have is to move ports between VMs, changing their MACs
accordingly and will try it if no other ways will be found :)

Thanks again.

On 8/23/17 5:17 PM, 공용준 wrote:
Hi

You can use fixed ip port for this.
create neutron port and attach it to the one vm.
or
you can use floating ip for this purpose as well

Regards,
Andrew



      1. 오후 10:58, Volodymyr Litovka <doka.ua@gmx.com
        doka.ua@gmx.com> 작성:

Hi colleagues,

imagine, somebody (e.g. me :-) ) needs to transfer IP address between
two ports. The straight way is: release IP address and then assign it
to another port.

The possible problem with this way is time between release and
assignment - during this time, this IP address is in DHCP pool and
can be automatically assigned to some another port upon request.

Any ideas how to prevent leasing this IP address during this time?

Thank you.

--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison


Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
openstack@lists.openstack.org
Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
responded Aug 23, 2017 by Volodymyr_Litovka (1,100 points)   1 6 8
0 votes

Hi Volodymyr

From my understanding, Do you need to maintain same IP address between port(and Mac will be changed)?
If that, it will be hard because there’s some cool down time(something like reuse ip timeout) in the neutron IPAM db. If my memory is right, it was ten or five sec.

Actually, I’m using the same kind of scenario here( same ip address to different neutron port)
I changed neutron db schema so it can assign same ip address to different port ( I also changed the neutron policy. only admin can use this function)
In this scenario,
If i need to have a new port with the previous IP,
I just create new port with the same IP. and I use this function to achieve the ECMP in our cloud.

Regards,
Andrew



      1. 오후 11:30, Volodymyr Litovka doka.ua@gmx.com 작성:

Hi Andrew,

thanks for the prompt reply.

I'm using fixed ip addresses, not floating IPs. In terms of Heat it looks like there:

n1-wan:
type: OS::Neutron::Port
properties:
name: n1-wan
network: e-net
fixedips: [ { subnet: e-subnet, ipaddress: X.X.X.X } ]

n1:
type: OS::Nova::Server
properties:
name: n1
networks:
- port: { get_resource: n1-wan }

and there are some constraints in my installation:

I can't move ports between VMs (in order to support predictable naming according to port roles, their MAC addresses are stored in udev rules inside VM and if I will change port, rules/roles will fail)
I don't want to use floating ip due to possible performance degradation when using massive NAT
Another idea I have is to move ports between VMs, changing their MACs accordingly and will try it if no other ways will be found :)

Thanks again.

On 8/23/17 5:17 PM, 공용준 wrote:

Hi

You can use fixed ip port for this.
create neutron port and attach it to the one vm.
or
you can use floating ip for this purpose as well

Regards,
Andrew



      1. 오후 10:58, Volodymyr Litovka <doka.ua@gmx.com doka.ua@gmx.com> 작성:

Hi colleagues,

imagine, somebody (e.g. me :-) ) needs to transfer IP address between two ports. The straight way is: release IP address and then assign it to another port.

The possible problem with this way is time between release and assignment - during this time, this IP address is in DHCP pool and can be automatically assigned to some another port upon request.

Any ideas how to prevent leasing this IP address during this time?

Thank you.
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
responded Aug 23, 2017 by 공용준 (300 points)  
0 votes

This is precisely the reason floating IPs that NAT to other IPs exists
(not, as we think, to provide public IP access... we can do that with
fixed IPs).

Moving ports, moving the IP, they all involve a few layers of cache
invalidation and complex manipulation at the lower networking layers. But
changing a NAT destination is relatively instant.

I'd recommend you using a floating IP for this. If you can't, please
explain.

Excerpts from Volodymyr Litovka's message of 2017-08-23 16:58:32 +0300:

Hi colleagues,

imagine, somebody (e.g. me :-) ) needs to transfer IP address between
two ports. The straight way is: release IP address and then assign it to
another port.

The possible problem with this way is time between release and
assignment - during this time, this IP address is in DHCP pool and can
be automatically assigned to some another port upon request.

Any ideas how to prevent leasing this IP address during this time?

Thank you.


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
responded Aug 23, 2017 by Clint_Byrum (40,940 points)   4 5 9
0 votes

Hi Clint,

see inline, please.

On 8/24/17 2:21 AM, Clint Byrum wrote:
This is precisely the reason floating IPs that NAT to other IPs exists
(not, as we think, to provide public IP access... we can do that with
fixed IPs).

Moving ports, moving the IP, they all involve a few layers of cache
invalidation and complex manipulation at the lower networking layers. But
changing a NAT destination is relatively instant.

I'd recommend you using a floating IP for this. If you can't, please
explain.
It's going to be public cloud and there can be few reasons to allow
customer to move pubic IP address between his VMs, e.g. he built another
VM using another OS for same role and need to move this role from old VM
to new VM, do not changing other infrastructure's configurations.

Thanks.

Excerpts from Volodymyr Litovka's message of 2017-08-23 16:58:32 +0300:

Hi colleagues,

imagine, somebody (e.g. me :-) ) needs to transfer IP address between
two ports. The straight way is: release IP address and then assign it to
another port.

The possible problem with this way is time between release and
assignment - during this time, this IP address is in DHCP pool and can
be automatically assigned to some another port upon request.

Any ideas how to prevent leasing this IP address during this time?

Thank you.


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
responded Aug 24, 2017 by Volodymyr_Litovka (1,100 points)   1 6 8
0 votes

Excerpts from Volodymyr Litovka's message of 2017-08-24 07:24:37 +0300:

Hi Clint,

see inline, please.

On 8/24/17 2:21 AM, Clint Byrum wrote:

This is precisely the reason floating IPs that NAT to other IPs exists
(not, as we think, to provide public IP access... we can do that with
fixed IPs).

Moving ports, moving the IP, they all involve a few layers of cache
invalidation and complex manipulation at the lower networking layers. But
changing a NAT destination is relatively instant.

I'd recommend you using a floating IP for this. If you can't, please
explain.
It's going to be public cloud and there can be few reasons to allow
customer to move pubic IP address between his VMs, e.g. he built another
VM using another OS for same role and need to move this role from old VM
to new VM, do not changing other infrastructure's configurations.

That is precisely the use case for floating IPs, and doesn't preclude
doing exactly as I suggest.

That said, just taking the IP out of the pool, removing the old port,
and creating a new one with the IP as fixed_ip, will do it, albeit with
an unknown amount of downtime to due to ARP cache and perhaps other
caches.

responded Aug 24, 2017 by Clint_Byrum (40,940 points)   4 5 9
0 votes

Volodymyr.
Check the inline answer.



      1. 오후 1:42, Volodymyr Litovka doka.ua@gmx.com 작성:

Hi Andrew,

please, see inline.

On 8/23/17 5:47 PM, 공용준 wrote:

Hi Volodymyr

From my understanding, Do you need to maintain same IP address between port(and Mac will be changed)?
If that, it will be hard because there’s some cool down time(something like reuse ip timeout) in the neutron IPAM db. If my memory is right, it was ten or five sec.
There is another scenario. It's going to be public cloud and there can be few reasons to allow customer to move pubic IP address between his VMs, e.g. he built another VM using another OS for same role and need to move this role from old VM to new VM, do not changing other infrastructure's configurations. Five or ten seconds of cool down time isn't a problem itself, since it's not for high availability
Did you consider the lbaas for this purpose? I think floating IP’s concept is good, but the implementation I think we need to rethink about this.
and I thinks opentack’s octavia also do the job.

Actually, I’m using the same kind of scenario here( same ip address to different neutron port)
I changed neutron db schema so it can assign same ip address to different port ( I also changed the neutron policy. only admin can use this function)
In this scenario,
If i need to have a new port with the previous IP,
I just create new port with the same IP. and I use this function to achieve the ECMP in our cloud.
It seems it's a feasible solution to the problem. Could you, please, share your knowledge in more details? If this is kind of NDA and you can't - I will understand this :)

It's not too hot topic for me, so, if you will be so kind as to respond to my answer, choose the convenient time for you.
Well, about the DB, it's quite easy. just delete the unique key constraint. https://gist.github.com/sstrato/8b2c9402b6408b4b8e8992df4da16276 https://gist.github.com/sstrato/8b2c9402b6408b4b8e8992df4da16276. then you can create port with duplicate IP. but if you open this api to the public user it’s gonna secret threat so i changed the policy. and the last part ECMP, I develop new network model using /32bit subnet based on neutron network component. Inside of our networking model, when vm gets its ip from dhcp, it advertise the ip via dynamic networking protocol. so when you create multiple neutron port with the same ip, it means ECMP in our networking model. If you need more this will helps. https://www.openstack.org/videos/vancouver-2015/sdn-without-sdn-at-daumkakao https://www.openstack.org/videos/vancouver-2015/sdn-without-sdn-at-daumkakao

Thanks!

Regards,
Andrew



      1. 오후 11:30, Volodymyr Litovka <doka.ua@gmx.com doka.ua@gmx.com> 작성:

Hi Andrew,

thanks for the prompt reply.

I'm using fixed ip addresses, not floating IPs. In terms of Heat it looks like there:

n1-wan:
type: OS::Neutron::Port
properties:
name: n1-wan
network: e-net
fixedips: [ { subnet: e-subnet, ipaddress: X.X.X.X } ]

n1:
type: OS::Nova::Server
properties:
name: n1
networks:
- port: { get_resource: n1-wan }

and there are some constraints in my installation:

I can't move ports between VMs (in order to support predictable naming according to port roles, their MAC addresses are stored in udev rules inside VM and if I will change port, rules/roles will fail)
I don't want to use floating ip due to possible performance degradation when using massive NAT
Another idea I have is to move ports between VMs, changing their MACs accordingly and will try it if no other ways will be found :)

Thanks again.

On 8/23/17 5:17 PM, 공용준 wrote:

Hi

You can use fixed ip port for this.
create neutron port and attach it to the one vm.
or
you can use floating ip for this purpose as well

Regards,
Andrew



      1. 오후 10:58, Volodymyr Litovka <doka.ua@gmx.com doka.ua@gmx.com> 작성:

Hi colleagues,

imagine, somebody (e.g. me :-) ) needs to transfer IP address between two ports. The straight way is: release IP address and then assign it to another port.

The possible problem with this way is time between release and assignment - during this time, this IP address is in DHCP pool and can be automatically assigned to some another port upon request.

Any ideas how to prevent leasing this IP address during this time?

Thank you.

--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison

--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
responded Aug 24, 2017 by 공용준 (300 points)  
0 votes

Hi Andrew,

sorry for delay in responding, there were Ukrainian Independence Day and
we were on holidays, spending time with family and friends :)

On 8/24/17 6:36 PM, 공용준 wrote:

There is another scenario. It's going to be public cloud and there
can be few reasons to allow customer to move pubic IP address between
his VMs, e.g. he built another VM using another OS for same role and
need to move this role from old VM to new VM, do not changing other
infrastructure's configurations. Five or ten seconds of cool down
time isn't a problem itself, since it's not for high availability
Did you consider the lbaas for this purpose? I think floating IP’s
concept is good, but the implementation I think we need to rethink
about this.
and I thinks opentack’s octavia also do the job.
Yes, I'm considering LBaaS, but as another service in my public cloud :)
So, don't want to provide it as part of base set of services.

I will check what you did in order to solve this issue, but preliminary
I think that you're right and floating IP is the best solution for this
(since don't require Openstack modification). The only concern I have
regarding floating IP is performance since NAT is involved and this can
lead to performance degradation. I think I will provide two kinds of IP
addresses - fixed and transferable. And if somebody needs to preserve IP
address between two different instance, he will choose transferable IP
for additional cost - this will prevent massive NAT, on the one hand and
will compensate additional resources exhaustion, on the other.

Thank you!

--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
responded Aug 28, 2017 by Volodymyr_Litovka (1,100 points)   1 6 8
0 votes

Good morning,

Maybe external network without dhcp will do a work? It requires additional
interface, like rackspace did initially in their cloud, but customer can
maintain vrrp then in l2 network.

--
Misha

пн, 28 серп. 2017 о 11:24 Volodymyr Litovka doka.ua@gmx.com пише:

Hi Andrew,

sorry for delay in responding, there were Ukrainian Independence Day and
we were on holidays, spending time with family and friends :)

On 8/24/17 6:36 PM, 공용준 wrote:

There is another scenario. It's going to be public cloud and there can be
few reasons to allow customer to move pubic IP address between his VMs,
e.g. he built another VM using another OS for same role and need to move
this role from old VM to new VM, do not changing other infrastructure's
configurations. Five or ten seconds of cool down time isn't a problem
itself, since it's not for high availability

Did you consider the lbaas for this purpose? I think floating IP’s concept
is good, but the implementation I think we need to rethink about this.
and I thinks opentack’s octavia also do the job.

Yes, I'm considering LBaaS, but as another service in my public cloud :)
So, don't want to provide it as part of base set of services.

I will check what you did in order to solve this issue, but preliminary I
think that you're right and floating IP is the best solution for this
(since don't require Openstack modification). The only concern I have
regarding floating IP is performance since NAT is involved and this can
lead to performance degradation. I think I will provide two kinds of IP
addresses - fixed and transferable. And if somebody needs to preserve IP
address between two different instance, he will choose transferable IP for
additional cost - this will prevent massive NAT, on the one hand and will
compensate additional resources exhaustion, on the other.

Thank you!

--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison


Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
responded Aug 28, 2017 by Misha_Dobrovolskyy (140 points)  
...