l3-agent and service

discussion memo

Nachi Ueno

[Problem] lack of injecting functions for l3-agent

L3-agent

Iptables based

FW service

StrongSwan based

VPN Service

LBaaS ??

Multiple service is going to inject new function for Logical Router,

However we are lacking framework for injecting functions for l3-agent

How to implement it?

Option1 Implement function directory in the l3-agent

L3-agent

FW service code

VPN service code

LBaaS service code

Pros

Easy to implement

Simple

​

Cons

Hard coded so less maintainability

Hard to extend

No good seperation between parts of code dealing with seperate functionality. Service config code, RPC related code etc.

How to implement it?

Option2-1 Inject function using hook

L3-agent

FW Agent code

VPN Agent code

LBaaS Agent code

Register hooks

Register hooks

Register hooks

Pros

Simple

Extensible

​

Cons

Need to implement hooks framework for l3-agent

How to implement it?

Option2-2 Create service-agent and Inject function using hook

service-agent (new)

FW Agent Driver

VPN Agent Driver

LBaaS Agent Driver

Register hooks

Register hooks

Register hooks

L3 Agent Driver

Register hooks

Router name space

Pros

Simple

Extensible

Clean

​

Cons

Need to implement hooks framework for service-agent

L3-agent code should be driver

Service defs

How to implement it?

Option3 agent per service

L3-agent

FW-agent

VPN-agent

LBaaS-agent

Router name space

Pros

Simple

Extensible

Cons

Possible conflict of configuration in agent

Burden for operaters ( should manage many agents..)

Current LBaaS and VPN approach

Related topics

For scalability, we need scheduling.

How to manage it?

1. Extend quantum scheduler

2. Advanded scheduler

https://wiki.openstack.org/wiki/Quantum/LBaaS/Architecture/Scheduler

​