)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"0740c6b7919c73a321a0c9d1d349dfef56d3bf49","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Add spec for elastic snat"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Closes-Bug: #1911126"},{"line_number":10,"context_line":"Change-Id: I9f1d3add93b5a7ab95264fc9fba9efccbe392e87"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":14,"id":"26780ad8_dd746c3e","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":6},"updated":"2021-11-11 14:29:03.000000000","message":"nit: Related-bug","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"626bedc8cb527295719fbf0c50cbc6fae76709ea","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Add spec for elastic snat"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Closes-Bug: #1911126"},{"line_number":10,"context_line":"Change-Id: I9f1d3add93b5a7ab95264fc9fba9efccbe392e87"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":15,"id":"9da3147d_5f2c443d","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":10},"updated":"2021-11-24 13:28:15.000000000","message":"Partial-Bug?","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"0740c6b7919c73a321a0c9d1d349dfef56d3bf49","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"d5c39b1e_f76313ff","updated":"2021-11-11 14:29:03.000000000","message":"Sounds really useful","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"626bedc8cb527295719fbf0c50cbc6fae76709ea","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":15,"id":"c564d450_bd7aa1b8","updated":"2021-11-24 13:28:15.000000000","message":"I was thinking if the whole use case could be satisfied with creating proper security group with proper rules. In two words - add security group blocking GW access to certain ports, or the other way - add sec group allowing GW access to certain ports. Can you please elaborate why it\u0027s not suitable?","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"fcfce4afc73a7a73813dfdd97c3e92aeab8e9782","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":15,"id":"a46e64e3_be9c85b9","in_reply_to":"438f14f2_386bfbe8","updated":"2021-11-25 09:27:24.000000000","message":"I meant security groups not for GW ports, but for compute ports that we want to provide or forbid access to SNAT GW. Anyway I got your point regarding different SNAT bandwidth for different VMs, I thought the scope is limited to blocking SNAT access for certain VMs","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"95f4ea6e11ab3f2814a2a0c23479f08d335e72be","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":15,"id":"438f14f2_386bfbe8","in_reply_to":"c564d450_bd7aa1b8","updated":"2021-11-25 03:26:36.000000000","message":"First, gateway ports are facing to internet, it is not possile to apply security group rules. And neutron just set gateway ports with settings of no_port_security, no_security_group_rules.\n\nWe should not mix L3 SNAT with seurity groups:\n1. SNAT is different from security group rules, they are totally different things.\n2. Destanations are not ports, it is all IPs from out side world, how many rules should we create. In the mean time, too many security group is a disaster for users.\n\nSome required functions are not achievable:\n3. No way to limit each SNAT rule\u0027s bandwidth.\n4. no way to monitor each SNAT traffic flow.\n\nMake things consistent:\n5. considering why we introduce floating IP to port forwarding.\n\nSuch mission is really impossible. 😊","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"}],"specs/wallaby/elastic_snat.rst":[{"author":{"_account_id":4694,"name":"Miguel Lavalle","email":"miguel@mlavalle.com","username":"minsel"},"change_message_id":"82b338b051a10ee9598ee971c584efff84e96b5a","unresolved":true,"context_lines":[{"line_number":107,"context_line":"          have order which will finally influence the L3 agent side iptables"},{"line_number":108,"context_line":"          rules sequence implicitly."},{"line_number":109,"context_line":""},{"line_number":110,"context_line":"As a result, a new service plugin ``elastic_snat`` will be added to handle"},{"line_number":111,"context_line":"the DB operations for the following new APIs:"},{"line_number":112,"context_line":""},{"line_number":113,"context_line":"* Create ``Elastic Snat`` for subnets:"}],"source_content_type":"text/x-rst","patch_set":2,"id":"350d22e7_f35630a2","line":110,"range":{"start_line":110,"start_character":13,"end_line":110,"end_character":33},"updated":"2021-01-14 23:39:25.000000000","message":"Can\u0027t this be achieved in the current L3 service plugin?","commit_id":"63d9d00f58b2a5a8a67feed721f5810ad1aed399"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"042f8d1b673024510c0ccbbc35600edaf5498875","unresolved":true,"context_lines":[{"line_number":107,"context_line":"          have order which will finally influence the L3 agent side iptables"},{"line_number":108,"context_line":"          rules sequence implicitly."},{"line_number":109,"context_line":""},{"line_number":110,"context_line":"As a result, a new service plugin ``elastic_snat`` will be added to handle"},{"line_number":111,"context_line":"the DB operations for the following new APIs:"},{"line_number":112,"context_line":""},{"line_number":113,"context_line":"* Create ``Elastic Snat`` for subnets:"}],"source_content_type":"text/x-rst","patch_set":2,"id":"560258ff_0806136c","line":110,"range":{"start_line":110,"start_character":13,"end_line":110,"end_character":33},"in_reply_to":"350d22e7_f35630a2","updated":"2021-01-15 00:55:02.000000000","message":"We will introduce a top level resource, so a new service plugin should be better to handle it independently. And this should be a choice for users, not a fixed feature.","commit_id":"63d9d00f58b2a5a8a67feed721f5810ad1aed399"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"b87606be10f40a60baf0a0c453c5008ae1a1dafe","unresolved":true,"context_lines":[{"line_number":132,"context_line":"          \"name\": \u003csome-name\u003e,"},{"line_number":133,"context_line":"          \"floatingip_id\": \u003cuuid-of-a-floating-ip\u003e,"},{"line_number":134,"context_line":"          \"router_id\": \u003cuuid-of-a-router\u003e,"},{"line_number":135,"context_line":"          \"internal_cidrs\": [1.1.1.1, 2.2.2.2, 3.3.3.0/24]"},{"line_number":136,"context_line":"      }"},{"line_number":137,"context_line":"  }"},{"line_number":138,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"9edadd98_79fec4c6","line":135,"range":{"start_line":135,"start_character":29,"end_line":135,"end_character":57},"updated":"2021-01-15 09:12:27.000000000","message":"These are IPs of VMs connected to networks on the router?","commit_id":"63d9d00f58b2a5a8a67feed721f5810ad1aed399"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"f8e0f9f7feb549d567eba30592bc094ec35500f2","unresolved":true,"context_lines":[{"line_number":132,"context_line":"          \"name\": \u003csome-name\u003e,"},{"line_number":133,"context_line":"          \"floatingip_id\": \u003cuuid-of-a-floating-ip\u003e,"},{"line_number":134,"context_line":"          \"router_id\": \u003cuuid-of-a-router\u003e,"},{"line_number":135,"context_line":"          \"internal_cidrs\": [1.1.1.1, 2.2.2.2, 3.3.3.0/24]"},{"line_number":136,"context_line":"      }"},{"line_number":137,"context_line":"  }"},{"line_number":138,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"25f6fb75_134a91ac","line":135,"range":{"start_line":135,"start_character":29,"end_line":135,"end_character":57},"in_reply_to":"9edadd98_79fec4c6","updated":"2021-01-16 01:28:25.000000000","message":"Yes, in the \u0027User workflow\u0027 section there is an example which indicate this.","commit_id":"63d9d00f58b2a5a8a67feed721f5810ad1aed399"},{"author":{"_account_id":4694,"name":"Miguel Lavalle","email":"miguel@mlavalle.com","username":"minsel"},"change_message_id":"82b338b051a10ee9598ee971c584efff84e96b5a","unresolved":true,"context_lines":[{"line_number":185,"context_line":"* ``enable_snat`` of router gateway and creating ``Elastic Snat`` for a"},{"line_number":186,"context_line":"  router are mutually exclusive. This is to narrow down the complexity for"},{"line_number":187,"context_line":"  users."},{"line_number":188,"context_line":"* Could not remove a floating IP which has ``Elastic Snat``"},{"line_number":189,"context_line":"* Cloud not remove a router gateway if there are ``Elastic Snat``"},{"line_number":190,"context_line":"* Cloud not remove a subnet if there are IPs or CIDR used by ``Elastic Snat``"},{"line_number":191,"context_line":"* Cloud not bind a floating IP to a VM port while it has ``Elastic Snat``"}],"source_content_type":"text/x-rst","patch_set":2,"id":"818a2edb_0c94bf13","line":188,"range":{"start_line":188,"start_character":2,"end_line":188,"end_character":7},"updated":"2021-01-14 23:39:25.000000000","message":"can","commit_id":"63d9d00f58b2a5a8a67feed721f5810ad1aed399"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"f8e0f9f7feb549d567eba30592bc094ec35500f2","unresolved":false,"context_lines":[{"line_number":185,"context_line":"* ``enable_snat`` of router gateway and creating ``Elastic Snat`` for a"},{"line_number":186,"context_line":"  router are mutually exclusive. This is to narrow down the complexity for"},{"line_number":187,"context_line":"  users."},{"line_number":188,"context_line":"* Could not remove a floating IP which has ``Elastic Snat``"},{"line_number":189,"context_line":"* Cloud not remove a router gateway if there are ``Elastic Snat``"},{"line_number":190,"context_line":"* Cloud not remove a subnet if there are IPs or CIDR used by ``Elastic Snat``"},{"line_number":191,"context_line":"* Cloud not bind a floating IP to a VM port while it has ``Elastic Snat``"}],"source_content_type":"text/x-rst","patch_set":2,"id":"81006ac5_660d349f","line":188,"range":{"start_line":188,"start_character":2,"end_line":188,"end_character":7},"in_reply_to":"818a2edb_0c94bf13","updated":"2021-01-16 01:28:25.000000000","message":"Done","commit_id":"63d9d00f58b2a5a8a67feed721f5810ad1aed399"},{"author":{"_account_id":4694,"name":"Miguel Lavalle","email":"miguel@mlavalle.com","username":"minsel"},"change_message_id":"82b338b051a10ee9598ee971c584efff84e96b5a","unresolved":true,"context_lines":[{"line_number":186,"context_line":"  router are mutually exclusive. This is to narrow down the complexity for"},{"line_number":187,"context_line":"  users."},{"line_number":188,"context_line":"* Could not remove a floating IP which has ``Elastic Snat``"},{"line_number":189,"context_line":"* Cloud not remove a router gateway if there are ``Elastic Snat``"},{"line_number":190,"context_line":"* Cloud not remove a subnet if there are IPs or CIDR used by ``Elastic Snat``"},{"line_number":191,"context_line":"* Cloud not bind a floating IP to a VM port while it has ``Elastic Snat``"},{"line_number":192,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"a70e9a32_4fc3a4bf","line":189,"range":{"start_line":189,"start_character":2,"end_line":189,"end_character":8},"updated":"2021-01-14 23:39:25.000000000","message":"ditto","commit_id":"63d9d00f58b2a5a8a67feed721f5810ad1aed399"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"f8e0f9f7feb549d567eba30592bc094ec35500f2","unresolved":false,"context_lines":[{"line_number":186,"context_line":"  router are mutually exclusive. This is to narrow down the complexity for"},{"line_number":187,"context_line":"  users."},{"line_number":188,"context_line":"* Could not remove a floating IP which has ``Elastic Snat``"},{"line_number":189,"context_line":"* Cloud not remove a router gateway if there are ``Elastic Snat``"},{"line_number":190,"context_line":"* Cloud not remove a subnet if there are IPs or CIDR used by ``Elastic Snat``"},{"line_number":191,"context_line":"* Cloud not bind a floating IP to a VM port while it has ``Elastic Snat``"},{"line_number":192,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"c9bc9339_b3c3eac0","line":189,"range":{"start_line":189,"start_character":2,"end_line":189,"end_character":8},"in_reply_to":"a70e9a32_4fc3a4bf","updated":"2021-01-16 01:28:25.000000000","message":"Done","commit_id":"63d9d00f58b2a5a8a67feed721f5810ad1aed399"},{"author":{"_account_id":4694,"name":"Miguel Lavalle","email":"miguel@mlavalle.com","username":"minsel"},"change_message_id":"82b338b051a10ee9598ee971c584efff84e96b5a","unresolved":true,"context_lines":[{"line_number":187,"context_line":"  users."},{"line_number":188,"context_line":"* Could not remove a floating IP which has ``Elastic Snat``"},{"line_number":189,"context_line":"* Cloud not remove a router gateway if there are ``Elastic Snat``"},{"line_number":190,"context_line":"* Cloud not remove a subnet if there are IPs or CIDR used by ``Elastic Snat``"},{"line_number":191,"context_line":"* Cloud not bind a floating IP to a VM port while it has ``Elastic Snat``"},{"line_number":192,"context_line":""},{"line_number":193,"context_line":"For new resource ``Elastic Snat``, because the final iptables rules in the agent"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3a64c37e_cc93618d","line":190,"range":{"start_line":190,"start_character":2,"end_line":190,"end_character":7},"updated":"2021-01-14 23:39:25.000000000","message":"ditto","commit_id":"63d9d00f58b2a5a8a67feed721f5810ad1aed399"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"f8e0f9f7feb549d567eba30592bc094ec35500f2","unresolved":false,"context_lines":[{"line_number":187,"context_line":"  users."},{"line_number":188,"context_line":"* Could not remove a floating IP which has ``Elastic Snat``"},{"line_number":189,"context_line":"* Cloud not remove a router gateway if there are ``Elastic Snat``"},{"line_number":190,"context_line":"* Cloud not remove a subnet if there are IPs or CIDR used by ``Elastic Snat``"},{"line_number":191,"context_line":"* Cloud not bind a floating IP to a VM port while it has ``Elastic Snat``"},{"line_number":192,"context_line":""},{"line_number":193,"context_line":"For new resource ``Elastic Snat``, because the final iptables rules in the agent"}],"source_content_type":"text/x-rst","patch_set":2,"id":"8d626b8e_55fa871b","line":190,"range":{"start_line":190,"start_character":2,"end_line":190,"end_character":7},"in_reply_to":"3a64c37e_cc93618d","updated":"2021-01-16 01:28:25.000000000","message":"Done","commit_id":"63d9d00f58b2a5a8a67feed721f5810ad1aed399"},{"author":{"_account_id":4694,"name":"Miguel Lavalle","email":"miguel@mlavalle.com","username":"minsel"},"change_message_id":"82b338b051a10ee9598ee971c584efff84e96b5a","unresolved":true,"context_lines":[{"line_number":188,"context_line":"* Could not remove a floating IP which has ``Elastic Snat``"},{"line_number":189,"context_line":"* Cloud not remove a router gateway if there are ``Elastic Snat``"},{"line_number":190,"context_line":"* Cloud not remove a subnet if there are IPs or CIDR used by ``Elastic Snat``"},{"line_number":191,"context_line":"* Cloud not bind a floating IP to a VM port while it has ``Elastic Snat``"},{"line_number":192,"context_line":""},{"line_number":193,"context_line":"For new resource ``Elastic Snat``, because the final iptables rules in the agent"},{"line_number":194,"context_line":"side need to be in very strict order, in order to reduce complexity for the"}],"source_content_type":"text/x-rst","patch_set":2,"id":"66e30c11_e1c29232","line":191,"range":{"start_line":191,"start_character":2,"end_line":191,"end_character":7},"updated":"2021-01-14 23:39:25.000000000","message":"ditto","commit_id":"63d9d00f58b2a5a8a67feed721f5810ad1aed399"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"f8e0f9f7feb549d567eba30592bc094ec35500f2","unresolved":false,"context_lines":[{"line_number":188,"context_line":"* Could not remove a floating IP which has ``Elastic Snat``"},{"line_number":189,"context_line":"* Cloud not remove a router gateway if there are ``Elastic Snat``"},{"line_number":190,"context_line":"* Cloud not remove a subnet if there are IPs or CIDR used by ``Elastic Snat``"},{"line_number":191,"context_line":"* Cloud not bind a floating IP to a VM port while it has ``Elastic Snat``"},{"line_number":192,"context_line":""},{"line_number":193,"context_line":"For new resource ``Elastic Snat``, because the final iptables rules in the agent"},{"line_number":194,"context_line":"side need to be in very strict order, in order to reduce complexity for the"}],"source_content_type":"text/x-rst","patch_set":2,"id":"90748af4_768b11bc","line":191,"range":{"start_line":191,"start_character":2,"end_line":191,"end_character":7},"in_reply_to":"66e30c11_e1c29232","updated":"2021-01-16 01:28:25.000000000","message":"Done","commit_id":"63d9d00f58b2a5a8a67feed721f5810ad1aed399"},{"author":{"_account_id":4694,"name":"Miguel Lavalle","email":"miguel@mlavalle.com","username":"minsel"},"change_message_id":"82b338b051a10ee9598ee971c584efff84e96b5a","unresolved":true,"context_lines":[{"line_number":224,"context_line":"Neutron basic workflow"},{"line_number":225,"context_line":"++++++++++++++++++++++"},{"line_number":226,"context_line":""},{"line_number":227,"context_line":"1. User create elastic-snat and floating IP with QoS policy"},{"line_number":228,"context_line":"2. Elastic-snat notify the L3 agent"},{"line_number":229,"context_line":"3. L3 agent creates related SNAT rules under a router namespace depends on the elastic-snat attributes"},{"line_number":230,"context_line":"4. L3 agent set bandwidth rate limit by the elastic-snat floating IP\u0027s QoS policy"}],"source_content_type":"text/x-rst","patch_set":2,"id":"123c4018_b2d53e1d","line":227,"range":{"start_line":227,"start_character":32,"end_line":227,"end_character":43},"updated":"2021-01-14 23:39:25.000000000","message":"I\u0027m a bit confused. Why do we need floating IPs? Isn\u0027t the point not to have FIPs and use snat?","commit_id":"63d9d00f58b2a5a8a67feed721f5810ad1aed399"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"042f8d1b673024510c0ccbbc35600edaf5498875","unresolved":true,"context_lines":[{"line_number":224,"context_line":"Neutron basic workflow"},{"line_number":225,"context_line":"++++++++++++++++++++++"},{"line_number":226,"context_line":""},{"line_number":227,"context_line":"1. User create elastic-snat and floating IP with QoS policy"},{"line_number":228,"context_line":"2. Elastic-snat notify the L3 agent"},{"line_number":229,"context_line":"3. L3 agent creates related SNAT rules under a router namespace depends on the elastic-snat attributes"},{"line_number":230,"context_line":"4. L3 agent set bandwidth rate limit by the elastic-snat floating IP\u0027s QoS policy"}],"source_content_type":"text/x-rst","patch_set":2,"id":"4ddcc873_1e4c5b9f","line":227,"range":{"start_line":227,"start_character":32,"end_line":227,"end_character":43},"in_reply_to":"123c4018_b2d53e1d","updated":"2021-01-15 00:55:02.000000000","message":"Allowing me to change the words, we need a public IP (floating IP) and it should have rate limit (QoS policy) to create the iptables SNAT (Elastic Snat) rules for the IP, CIDR or subnet to access the public world. Line 50 also mentioned these statements.","commit_id":"63d9d00f58b2a5a8a67feed721f5810ad1aed399"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"83c93a2ccf853de8b40aba5765e37c1e214858e7","unresolved":true,"context_lines":[{"line_number":265,"context_line":"floating IP. If it is user defined value, such ``network:snat_ip``, the SNAT IP"},{"line_number":266,"context_line":"will be created from these subnets."},{"line_number":267,"context_line":""},{"line_number":268,"context_line":"Config option ``delete_ip_after_elastic_snat_deleted`` will be used to determin"},{"line_number":269,"context_line":"whether delete the floating SNAT IP after ``Elastic Snat`` was removed."},{"line_number":270,"context_line":""},{"line_number":271,"context_line":"User workflow"}],"source_content_type":"text/x-rst","patch_set":5,"id":"780643a3_1fda6fcc","line":268,"range":{"start_line":268,"start_character":71,"end_line":268,"end_character":79},"updated":"2021-01-22 14:15:52.000000000","message":"s/determine","commit_id":"9127b3a498c3543b580d162c6b1d2e6d7c8cf6ee"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"3a50bd8bd73537ca25fb5335d640856b5bfc4214","unresolved":false,"context_lines":[{"line_number":265,"context_line":"floating IP. If it is user defined value, such ``network:snat_ip``, the SNAT IP"},{"line_number":266,"context_line":"will be created from these subnets."},{"line_number":267,"context_line":""},{"line_number":268,"context_line":"Config option ``delete_ip_after_elastic_snat_deleted`` will be used to determin"},{"line_number":269,"context_line":"whether delete the floating SNAT IP after ``Elastic Snat`` was removed."},{"line_number":270,"context_line":""},{"line_number":271,"context_line":"User workflow"}],"source_content_type":"text/x-rst","patch_set":5,"id":"9ea2280d_e6050708","line":268,"range":{"start_line":268,"start_character":71,"end_line":268,"end_character":79},"in_reply_to":"780643a3_1fda6fcc","updated":"2021-02-03 04:33:15.000000000","message":"Done","commit_id":"9127b3a498c3543b580d162c6b1d2e6d7c8cf6ee"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"83c93a2ccf853de8b40aba5765e37c1e214858e7","unresolved":true,"context_lines":[{"line_number":266,"context_line":"will be created from these subnets."},{"line_number":267,"context_line":""},{"line_number":268,"context_line":"Config option ``delete_ip_after_elastic_snat_deleted`` will be used to determin"},{"line_number":269,"context_line":"whether delete the floating SNAT IP after ``Elastic Snat`` was removed."},{"line_number":270,"context_line":""},{"line_number":271,"context_line":"User workflow"},{"line_number":272,"context_line":"-------------"}],"source_content_type":"text/x-rst","patch_set":5,"id":"e4c962df_5ddf7107","line":269,"range":{"start_line":269,"start_character":8,"end_line":269,"end_character":14},"updated":"2021-01-22 14:15:52.000000000","message":"s/to delete","commit_id":"9127b3a498c3543b580d162c6b1d2e6d7c8cf6ee"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"3a50bd8bd73537ca25fb5335d640856b5bfc4214","unresolved":false,"context_lines":[{"line_number":266,"context_line":"will be created from these subnets."},{"line_number":267,"context_line":""},{"line_number":268,"context_line":"Config option ``delete_ip_after_elastic_snat_deleted`` will be used to determin"},{"line_number":269,"context_line":"whether delete the floating SNAT IP after ``Elastic Snat`` was removed."},{"line_number":270,"context_line":""},{"line_number":271,"context_line":"User workflow"},{"line_number":272,"context_line":"-------------"}],"source_content_type":"text/x-rst","patch_set":5,"id":"5f8a7838_29f74b26","line":269,"range":{"start_line":269,"start_character":8,"end_line":269,"end_character":14},"in_reply_to":"e4c962df_5ddf7107","updated":"2021-02-03 04:33:15.000000000","message":"Done","commit_id":"9127b3a498c3543b580d162c6b1d2e6d7c8cf6ee"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"83c93a2ccf853de8b40aba5765e37c1e214858e7","unresolved":true,"context_lines":[{"line_number":272,"context_line":"-------------"},{"line_number":273,"context_line":""},{"line_number":274,"context_line":"1. User create router-1 and set external gateway with ``enable_snat\u003dFalse``"},{"line_number":275,"context_line":"2. Create subnet-1 1.1.1.0/24, subnet-2 2.2.2.0/24, 3.3.3.0/24"},{"line_number":276,"context_line":"3. Attach subnet-1, subnet-2 and subnet-3 to router-1"},{"line_number":277,"context_line":"4. Create VM-1 with fixed-ip 1.1.1.2"},{"line_number":278,"context_line":"5. Create VM-2 with fixed-ip 2.2.2.2"}],"source_content_type":"text/x-rst","patch_set":5,"id":"a53e2f42_6007e62c","line":275,"range":{"start_line":275,"start_character":52,"end_line":275,"end_character":62},"updated":"2021-01-22 14:15:52.000000000","message":"missing \u0027subnet-3\u0027 before the range here","commit_id":"9127b3a498c3543b580d162c6b1d2e6d7c8cf6ee"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"3a50bd8bd73537ca25fb5335d640856b5bfc4214","unresolved":false,"context_lines":[{"line_number":272,"context_line":"-------------"},{"line_number":273,"context_line":""},{"line_number":274,"context_line":"1. User create router-1 and set external gateway with ``enable_snat\u003dFalse``"},{"line_number":275,"context_line":"2. Create subnet-1 1.1.1.0/24, subnet-2 2.2.2.0/24, 3.3.3.0/24"},{"line_number":276,"context_line":"3. Attach subnet-1, subnet-2 and subnet-3 to router-1"},{"line_number":277,"context_line":"4. Create VM-1 with fixed-ip 1.1.1.2"},{"line_number":278,"context_line":"5. Create VM-2 with fixed-ip 2.2.2.2"}],"source_content_type":"text/x-rst","patch_set":5,"id":"dce5c7b8_dddfed1d","line":275,"range":{"start_line":275,"start_character":52,"end_line":275,"end_character":62},"in_reply_to":"a53e2f42_6007e62c","updated":"2021-02-03 04:33:15.000000000","message":"Done","commit_id":"9127b3a498c3543b580d162c6b1d2e6d7c8cf6ee"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"527dc092c44aa4ceaa8a2907be8a932f1e3828b7","unresolved":true,"context_lines":[{"line_number":21,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"Enable or disable SNAT once for all sometimes looks a bit rigid. For"},{"line_number":24,"context_line":"cloud providers, the DataCenter bandwidths are not free generally."},{"line_number":25,"context_line":"Although the router gateway IP has the QoS rules to limit the bandwidth [1]_"},{"line_number":26,"context_line":"and the bandwidth of gateway IP can be charged, the cloud users may raise"},{"line_number":27,"context_line":"new requirements for the SNAT bandwidth. They will want to buy a higher"}],"source_content_type":"text/x-rst","patch_set":8,"id":"47d22ab2_cea184a8","line":24,"range":{"start_line":24,"start_character":21,"end_line":24,"end_character":31},"updated":"2021-03-01 08:33:06.000000000","message":"nitty nit: datacenter IMHO","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"0f82ef2af32949ce7e3bbaf89764a8ca72d35691","unresolved":false,"context_lines":[{"line_number":21,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"Enable or disable SNAT once for all sometimes looks a bit rigid. For"},{"line_number":24,"context_line":"cloud providers, the DataCenter bandwidths are not free generally."},{"line_number":25,"context_line":"Although the router gateway IP has the QoS rules to limit the bandwidth [1]_"},{"line_number":26,"context_line":"and the bandwidth of gateway IP can be charged, the cloud users may raise"},{"line_number":27,"context_line":"new requirements for the SNAT bandwidth. They will want to buy a higher"}],"source_content_type":"text/x-rst","patch_set":8,"id":"e8545cbc_f2c36fd9","line":24,"range":{"start_line":24,"start_character":21,"end_line":24,"end_character":31},"in_reply_to":"47d22ab2_cea184a8","updated":"2021-03-09 01:53:01.000000000","message":"Done","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"527dc092c44aa4ceaa8a2907be8a932f1e3828b7","unresolved":true,"context_lines":[{"line_number":35,"context_line":"For Neutron we are going to support these scenarios:"},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"* enable/disable SNAT once for all (supported, controlled by ``enable_snat``)"},{"line_number":38,"context_line":"* enable/disable SNAT for one internal IP (of VM)"},{"line_number":39,"context_line":"* enable/disable SNAT for a range CIDR of IPs"},{"line_number":40,"context_line":"* enable/disable SNAT for a subnet"},{"line_number":41,"context_line":"* bandwidth limitation for SNAT rules"}],"source_content_type":"text/x-rst","patch_set":8,"id":"7ab48593_aba5a7ae","line":38,"updated":"2021-03-01 08:33:06.000000000","message":"will this be for IP address or port_id?","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"5e55c5d812076aedfc9529f70435143515002e44","unresolved":true,"context_lines":[{"line_number":35,"context_line":"For Neutron we are going to support these scenarios:"},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"* enable/disable SNAT once for all (supported, controlled by ``enable_snat``)"},{"line_number":38,"context_line":"* enable/disable SNAT for one internal IP (of VM)"},{"line_number":39,"context_line":"* enable/disable SNAT for a range CIDR of IPs"},{"line_number":40,"context_line":"* enable/disable SNAT for a subnet"},{"line_number":41,"context_line":"* bandwidth limitation for SNAT rules"}],"source_content_type":"text/x-rst","patch_set":8,"id":"f8227d69_fcc77276","line":38,"in_reply_to":"7ab48593_aba5a7ae","updated":"2021-03-01 11:01:29.000000000","message":"Intentionally one IP address of a port to make the control granularity small. If user want to let all IPs of a port to have SNAT access, just add the IPs to the list of internal_cidrs with /32 prefix.","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"527dc092c44aa4ceaa8a2907be8a932f1e3828b7","unresolved":true,"context_lines":[{"line_number":36,"context_line":""},{"line_number":37,"context_line":"* enable/disable SNAT once for all (supported, controlled by ``enable_snat``)"},{"line_number":38,"context_line":"* enable/disable SNAT for one internal IP (of VM)"},{"line_number":39,"context_line":"* enable/disable SNAT for a range CIDR of IPs"},{"line_number":40,"context_line":"* enable/disable SNAT for a subnet"},{"line_number":41,"context_line":"* bandwidth limitation for SNAT rules"},{"line_number":42,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"fb6b3a97_d1571dba","line":39,"range":{"start_line":39,"start_character":0,"end_line":39,"end_character":1},"updated":"2021-03-01 08:33:06.000000000","message":"both those cases can be done by reusing address groups and IMHO it would be good to reuse that new feature which we added recently to neutron. Also if L38 is \"per IP address\" then it also can be covered by address group.","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"9af500ab7e76bea4707048c3edc2490eb240b606","unresolved":true,"context_lines":[{"line_number":36,"context_line":""},{"line_number":37,"context_line":"* enable/disable SNAT once for all (supported, controlled by ``enable_snat``)"},{"line_number":38,"context_line":"* enable/disable SNAT for one internal IP (of VM)"},{"line_number":39,"context_line":"* enable/disable SNAT for a range CIDR of IPs"},{"line_number":40,"context_line":"* enable/disable SNAT for a subnet"},{"line_number":41,"context_line":"* bandwidth limitation for SNAT rules"},{"line_number":42,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"b768914d_6150e72d","line":39,"range":{"start_line":39,"start_character":0,"end_line":39,"end_character":1},"in_reply_to":"72c2290b_56727f3c","updated":"2021-03-08 11:38:04.000000000","message":"I still don\u0027t see any real reason why not to use it here. IMO problems which You mentioned with e.g. validation or dependencies between modules can be solve by notifications mechanism which we are using a lot in Neutron and which works pretty fine for us.\nThe SG were not done that way since the beginning but I don\u0027t think this is argument to not do it here, if we already have address groups in place. I think we should reuse resources as much as possible and IMHO that is perfect case for it.","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"0f82ef2af32949ce7e3bbaf89764a8ca72d35691","unresolved":true,"context_lines":[{"line_number":36,"context_line":""},{"line_number":37,"context_line":"* enable/disable SNAT once for all (supported, controlled by ``enable_snat``)"},{"line_number":38,"context_line":"* enable/disable SNAT for one internal IP (of VM)"},{"line_number":39,"context_line":"* enable/disable SNAT for a range CIDR of IPs"},{"line_number":40,"context_line":"* enable/disable SNAT for a subnet"},{"line_number":41,"context_line":"* bandwidth limitation for SNAT rules"},{"line_number":42,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"fb78fd20_b9790fc5","line":39,"range":{"start_line":39,"start_character":0,"end_line":39,"end_character":1},"in_reply_to":"b768914d_6150e72d","updated":"2021-03-09 01:53:01.000000000","message":"I do not want to make this plugin to interact with others beyond L3 router plugin. Everything I want is to make things simple in this plugin. I can image if we mixed the address scope here, users will complain:\n1. I want to set a SNAT rule for a router, but I need to create one address group. (problem of API complexity)\n2. I want to create a SNAT rule, but why I can not reuse a address group. （problem of resource relevance）\n3. I want to update a SNAT rule, but I need to show the `Elastic Snat` first to find the address group ID, and the update the address group. (problem of API complexity)\n4. I have tons of `Elastic Snat`, but I also have tons of address group. (problem of API performance)\n5. I list the tons of `Elastic Snat`, and I need to join query with tons of address group. (problem of API performance)\n\nEverytime a user wants to try this, we need to teach them other things about `what is address group` and `how to use address group`. But finally, the user says: OK, it\u0027s just a list of IPs/CIDRs, why I can not directly set it.","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"a21c91bac618866c9938041117f305f610bfcfaa","unresolved":true,"context_lines":[{"line_number":36,"context_line":""},{"line_number":37,"context_line":"* enable/disable SNAT once for all (supported, controlled by ``enable_snat``)"},{"line_number":38,"context_line":"* enable/disable SNAT for one internal IP (of VM)"},{"line_number":39,"context_line":"* enable/disable SNAT for a range CIDR of IPs"},{"line_number":40,"context_line":"* enable/disable SNAT for a subnet"},{"line_number":41,"context_line":"* bandwidth limitation for SNAT rules"},{"line_number":42,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"97d96ac3_5b47374f","line":39,"range":{"start_line":39,"start_character":0,"end_line":39,"end_character":1},"in_reply_to":"d25c78a9_5427a07c","updated":"2021-06-16 06:22:09.000000000","message":"For each router with its connected subnets, the cidrs (or ips) to create SNAT rule for will be very different. In the real production cloud environment, the SNAT rule will most likely evolve into 1-1 relationship to \"address group\". Because the CIDRs of subnets and the requirements for SNAT will be various for different users. So, there is no foreseeable solution to solve those 5 problems I mentioned above.\nThis not only increases the complexity of the API, but I don\u0027t think this kind of forced binding relationship has benefit. Make this independent and simple is the only thing I insist here.","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"5e55c5d812076aedfc9529f70435143515002e44","unresolved":true,"context_lines":[{"line_number":36,"context_line":""},{"line_number":37,"context_line":"* enable/disable SNAT once for all (supported, controlled by ``enable_snat``)"},{"line_number":38,"context_line":"* enable/disable SNAT for one internal IP (of VM)"},{"line_number":39,"context_line":"* enable/disable SNAT for a range CIDR of IPs"},{"line_number":40,"context_line":"* enable/disable SNAT for a subnet"},{"line_number":41,"context_line":"* bandwidth limitation for SNAT rules"},{"line_number":42,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"72c2290b_56727f3c","line":39,"range":{"start_line":39,"start_character":0,"end_line":39,"end_character":1},"in_reply_to":"fb6b3a97_d1571dba","updated":"2021-03-01 11:01:29.000000000","message":"My idea is make this plugin independent to not involve with any other services.\n\nThe ``internal IP``, ``subnets`` or ``a range CIDR of IPs`` for SNAT are all under a router for this plugin, it will check these inputs:\n1. if IP or CIDR is under the router\u0027s subnets \n2. if the subnet is connected to the router\n3. if the subnets connected to router has these IPs\n4. if IPs or subnets has `Elastic Snat`, the connected subnets can not be removed\n\nIf we mix address group here, things will get complicated. Firstly a binding between address group and `Elastic Snat` should be added which is used to represent the input here. Secondly, `address group` update needs to verify if there are `Elastic snats` using it to prevent address out of router connected subnets. From the table [1], the addresses attribute has no relationship to router. Then for this plugin, it needs to cover these actions like \u0027address add/update/delete\u0027, not only the `Elastic Snat` itself, but also `address group` binding to it. Finally, for this input here, it is ordered. I don\u0027t know if the address of `address group` can place it in the order for the user\u0027s requirements.\n\nSo, if you insist on using address group, IMO, maybe we can refactor to use it someday like security group do now as a new RFE. Since security group does not use it from the begining.\n\n[1] https://specs.openstack.org/openstack/neutron-specs/specs/victoria/address-groups-support-in-security-group-rule.html#new-address-groups-api","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"0e2eb91f301d63b67f28725f6efb01989451b547","unresolved":true,"context_lines":[{"line_number":36,"context_line":""},{"line_number":37,"context_line":"* enable/disable SNAT once for all (supported, controlled by ``enable_snat``)"},{"line_number":38,"context_line":"* enable/disable SNAT for one internal IP (of VM)"},{"line_number":39,"context_line":"* enable/disable SNAT for a range CIDR of IPs"},{"line_number":40,"context_line":"* enable/disable SNAT for a subnet"},{"line_number":41,"context_line":"* bandwidth limitation for SNAT rules"},{"line_number":42,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"d25c78a9_5427a07c","line":39,"range":{"start_line":39,"start_character":0,"end_line":39,"end_character":1},"in_reply_to":"fb78fd20_b9790fc5","updated":"2021-06-01 07:12:12.000000000","message":"I don\u0027t agree with that. We have that concept of the groups of IPs which is address group already. It has some validation and can be potentially improved somehow in the future. And IMO we should reuse it in other places where it fits. And that is such case IMO.","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"527dc092c44aa4ceaa8a2907be8a932f1e3828b7","unresolved":true,"context_lines":[{"line_number":40,"context_line":"* enable/disable SNAT for a subnet"},{"line_number":41,"context_line":"* bandwidth limitation for SNAT rules"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":".. note:: This is only for python neutron L3 agent, any other L3 driver will"},{"line_number":44,"context_line":"          not be considered. But the API can be reused if they support the"},{"line_number":45,"context_line":"          function."},{"line_number":46,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"25ba62bc_4edf6717","line":43,"range":{"start_line":43,"start_character":27,"end_line":43,"end_character":50},"updated":"2021-03-01 08:33:06.000000000","message":"nit: I would say something like \"standard Neutron\u0027s L3 agent implementation\"","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"0f82ef2af32949ce7e3bbaf89764a8ca72d35691","unresolved":false,"context_lines":[{"line_number":40,"context_line":"* enable/disable SNAT for a subnet"},{"line_number":41,"context_line":"* bandwidth limitation for SNAT rules"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":".. note:: This is only for python neutron L3 agent, any other L3 driver will"},{"line_number":44,"context_line":"          not be considered. But the API can be reused if they support the"},{"line_number":45,"context_line":"          function."},{"line_number":46,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"910ed139_369e5226","line":43,"range":{"start_line":43,"start_character":27,"end_line":43,"end_character":50},"in_reply_to":"25ba62bc_4edf6717","updated":"2021-03-09 01:53:01.000000000","message":"Done","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"527dc092c44aa4ceaa8a2907be8a932f1e3828b7","unresolved":true,"context_lines":[{"line_number":42,"context_line":""},{"line_number":43,"context_line":".. note:: This is only for python neutron L3 agent, any other L3 driver will"},{"line_number":44,"context_line":"          not be considered. But the API can be reused if they support the"},{"line_number":45,"context_line":"          function."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"Solution Proposed"},{"line_number":48,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":8,"id":"72d246b6_8305149c","line":45,"updated":"2021-03-01 08:33:06.000000000","message":"How You will validate if it is supported by backend?","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"9af500ab7e76bea4707048c3edc2490eb240b606","unresolved":true,"context_lines":[{"line_number":42,"context_line":""},{"line_number":43,"context_line":".. note:: This is only for python neutron L3 agent, any other L3 driver will"},{"line_number":44,"context_line":"          not be considered. But the API can be reused if they support the"},{"line_number":45,"context_line":"          function."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"Solution Proposed"},{"line_number":48,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":8,"id":"4043d215_b469b697","line":45,"in_reply_to":"5fc9065c_efdbf617","updated":"2021-03-08 11:38:04.000000000","message":"So as a used I may add such SNAT entries and I will not know that it won\u0027t work for me at all, is that correct?","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"5e55c5d812076aedfc9529f70435143515002e44","unresolved":true,"context_lines":[{"line_number":42,"context_line":""},{"line_number":43,"context_line":".. note:: This is only for python neutron L3 agent, any other L3 driver will"},{"line_number":44,"context_line":"          not be considered. But the API can be reused if they support the"},{"line_number":45,"context_line":"          function."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"Solution Proposed"},{"line_number":48,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":8,"id":"5fc9065c_efdbf617","line":45,"in_reply_to":"72d246b6_8305149c","updated":"2021-03-01 11:01:29.000000000","message":"We do not validate it. A generic driver abstraction will be added for backends. For l3 agent (built-in backend), the driver will notify L3 agent to do router update. If any backend want to control the SNAT in such way, implement the driver they need.","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"527dc092c44aa4ceaa8a2907be8a932f1e3828b7","unresolved":true,"context_lines":[{"line_number":64,"context_line":"  IP_REGEX \u003d (r\u0027([0-9]{1,3}\\.){3}[0-9]{1,3}($|/([1-32]))\u0027)"},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"  # The name of the resource."},{"line_number":67,"context_line":"  RESOURCE_NAME \u003d \u0027elastic_snat\u0027"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"  # The plural for the resource."},{"line_number":70,"context_line":"  COLLECTION_NAME \u003d \u0027elastic_snats\u0027"}],"source_content_type":"text/x-rst","patch_set":8,"id":"f405c175_0f1b23ed","line":67,"updated":"2021-03-01 08:33:06.000000000","message":"can\u0027t it be just \"snat\"?","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"9af500ab7e76bea4707048c3edc2490eb240b606","unresolved":true,"context_lines":[{"line_number":64,"context_line":"  IP_REGEX \u003d (r\u0027([0-9]{1,3}\\.){3}[0-9]{1,3}($|/([1-32]))\u0027)"},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"  # The name of the resource."},{"line_number":67,"context_line":"  RESOURCE_NAME \u003d \u0027elastic_snat\u0027"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"  # The plural for the resource."},{"line_number":70,"context_line":"  COLLECTION_NAME \u003d \u0027elastic_snats\u0027"}],"source_content_type":"text/x-rst","patch_set":8,"id":"1ba094d8_3febab8c","line":67,"in_reply_to":"0610f023_4764c736","updated":"2021-03-08 11:38:04.000000000","message":"I\u0027m not sure but it\u0027s fine for me if others are ok too :)","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"5e55c5d812076aedfc9529f70435143515002e44","unresolved":true,"context_lines":[{"line_number":64,"context_line":"  IP_REGEX \u003d (r\u0027([0-9]{1,3}\\.){3}[0-9]{1,3}($|/([1-32]))\u0027)"},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"  # The name of the resource."},{"line_number":67,"context_line":"  RESOURCE_NAME \u003d \u0027elastic_snat\u0027"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"  # The plural for the resource."},{"line_number":70,"context_line":"  COLLECTION_NAME \u003d \u0027elastic_snats\u0027"}],"source_content_type":"text/x-rst","patch_set":8,"id":"0610f023_4764c736","line":67,"in_reply_to":"f405c175_0f1b23ed","updated":"2021-03-01 11:01:29.000000000","message":"This `elastic_` statement makes it easier for the users to understand the API capabilities that they are calling. It is self-explain that we control SNAT in small granularity.","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"527dc092c44aa4ceaa8a2907be8a932f1e3828b7","unresolved":true,"context_lines":[{"line_number":103,"context_line":"              \u0027default\u0027: [],"},{"line_number":104,"context_line":"              \u0027validate\u0027: {\u0027type:list_of_regex_or_none\u0027: IP_REGEX},"},{"line_number":105,"context_line":"              \u0027convert_to\u0027: converters.convert_none_to_empty_list,"},{"line_number":106,"context_line":"              \u0027is_visible\u0027: True}"},{"line_number":107,"context_line":"      }"},{"line_number":108,"context_line":"  }"},{"line_number":109,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"8942d160_1adb5146","line":106,"updated":"2021-03-01 08:33:06.000000000","message":"this could be exactly \"address_group\", am I right?","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"5e55c5d812076aedfc9529f70435143515002e44","unresolved":true,"context_lines":[{"line_number":103,"context_line":"              \u0027default\u0027: [],"},{"line_number":104,"context_line":"              \u0027validate\u0027: {\u0027type:list_of_regex_or_none\u0027: IP_REGEX},"},{"line_number":105,"context_line":"              \u0027convert_to\u0027: converters.convert_none_to_empty_list,"},{"line_number":106,"context_line":"              \u0027is_visible\u0027: True}"},{"line_number":107,"context_line":"      }"},{"line_number":108,"context_line":"  }"},{"line_number":109,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"ddc17f78_47457b73","line":106,"in_reply_to":"8942d160_1adb5146","updated":"2021-03-01 11:01:29.000000000","message":"IMO, same to line 39, please take a look at the reply on line 39.","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"9af500ab7e76bea4707048c3edc2490eb240b606","unresolved":true,"context_lines":[{"line_number":103,"context_line":"              \u0027default\u0027: [],"},{"line_number":104,"context_line":"              \u0027validate\u0027: {\u0027type:list_of_regex_or_none\u0027: IP_REGEX},"},{"line_number":105,"context_line":"              \u0027convert_to\u0027: converters.convert_none_to_empty_list,"},{"line_number":106,"context_line":"              \u0027is_visible\u0027: True}"},{"line_number":107,"context_line":"      }"},{"line_number":108,"context_line":"  }"},{"line_number":109,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"2d4e7088_eb72703c","line":106,"in_reply_to":"ddc17f78_47457b73","updated":"2021-03-08 11:38:04.000000000","message":"Also, please check my reply above :)","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"527dc092c44aa4ceaa8a2907be8a932f1e3828b7","unresolved":true,"context_lines":[{"line_number":118,"context_line":""},{"line_number":119,"context_line":"::"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"  POST /v2.0/elastic_snats -d {"},{"line_number":122,"context_line":"      \"elastic_snat\": {"},{"line_number":123,"context_line":"          \"name\": \u003csome-name\u003e,"},{"line_number":124,"context_line":"          \"floatingip_id\": \u003cuuid-of-a-floating-ip\u003e,"}],"source_content_type":"text/x-rst","patch_set":8,"id":"cfd40f01_fb8aef17","line":121,"updated":"2021-03-01 08:33:06.000000000","message":"why this has to be top level resource? Wouldn\u0027t it be better to have it as subresource of the router? Like e.g. extra routes now?","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"0f82ef2af32949ce7e3bbaf89764a8ca72d35691","unresolved":true,"context_lines":[{"line_number":118,"context_line":""},{"line_number":119,"context_line":"::"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"  POST /v2.0/elastic_snats -d {"},{"line_number":122,"context_line":"      \"elastic_snat\": {"},{"line_number":123,"context_line":"          \"name\": \u003csome-name\u003e,"},{"line_number":124,"context_line":"          \"floatingip_id\": \u003cuuid-of-a-floating-ip\u003e,"}],"source_content_type":"text/x-rst","patch_set":8,"id":"f5d73cd5_f853569e","line":121,"in_reply_to":"8c6a998e_7bc71af7","updated":"2021-03-09 01:53:01.000000000","message":"I know the port_fowarding plugin. In real cloud application development, our users said that API is not so much easily to use:\n1. There is no API to list all tenants\u0027 port_forwardings.\n2. No API to list one tenant\u0027s port_forwardings.\n3. Users can not list their all port_forwardings, since it needs floating IP id...\n4. User can not find a port forwarding by name/ip/..., again, it also needs a floating IP id...\n\nAnd I have another example, we have security group rule as a top level API [1]. From a simple view, a security group rule should be a sub-resource to the group. But now, it does not.\n\nTop level resources has advantages are simple to use, easily to list and clear for coding. The relation of the ``elastic_snat`` to ``router`` will be represented by the attributes of router_id. Yes, same to security group rule.\n\n[1] https://docs.openstack.org/api-ref/network/v2/index.html?expanded\u003dcreate-security-group-rule-detail#security-group-rules-security-group-rules","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"9af500ab7e76bea4707048c3edc2490eb240b606","unresolved":true,"context_lines":[{"line_number":118,"context_line":""},{"line_number":119,"context_line":"::"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"  POST /v2.0/elastic_snats -d {"},{"line_number":122,"context_line":"      \"elastic_snat\": {"},{"line_number":123,"context_line":"          \"name\": \u003csome-name\u003e,"},{"line_number":124,"context_line":"          \"floatingip_id\": \u003cuuid-of-a-floating-ip\u003e,"}],"source_content_type":"text/x-rst","patch_set":8,"id":"8c6a998e_7bc71af7","line":121,"in_reply_to":"a5cb07cb_1da2822f","updated":"2021-03-08 11:38:04.000000000","message":"I don\u0027t think the fact that it will be in separate service plugin or that it will have a name attribute is forcing it to be \"top level\" attribute in API. Please check port_forwardings - it is separate service plugin, and has e.g. description attribute and it is floating_ip\u0027s subresource. In that case I think it could be similar but I would also like to know opinion of others, especially Akihiro :)","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"5e55c5d812076aedfc9529f70435143515002e44","unresolved":true,"context_lines":[{"line_number":118,"context_line":""},{"line_number":119,"context_line":"::"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"  POST /v2.0/elastic_snats -d {"},{"line_number":122,"context_line":"      \"elastic_snat\": {"},{"line_number":123,"context_line":"          \"name\": \u003csome-name\u003e,"},{"line_number":124,"context_line":"          \"floatingip_id\": \u003cuuid-of-a-floating-ip\u003e,"}],"source_content_type":"text/x-rst","patch_set":8,"id":"a5cb07cb_1da2822f","line":121,"in_reply_to":"cfd40f01_fb8aef17","updated":"2021-03-01 11:01:29.000000000","message":"This is intend to be. Mostly is because we want to make this simple. It is a top level or sublevel does not make things different, the subnet/IP/router checks are all same for APIs when you create/update/delete the `Elastic Snat`. And we will introduce a new service plugin which is going to handle a new resource that has the most basic elements \u0027id\u0027 and \u0027name\u0027.\n\nA customer from us locally wants that name attribute, because they want to know what\u0027s the purpose for one specific `Elastic Snat` by directly reading the name string.","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"527dc092c44aa4ceaa8a2907be8a932f1e3828b7","unresolved":true,"context_lines":[{"line_number":231,"context_line":""},{"line_number":232,"context_line":"Rule number 1 is the direct action for ``Elastic Snat`` rules."},{"line_number":233,"context_line":""},{"line_number":234,"context_line":"Rule neumber 2 is the original SNAT rule of neutron Router. In the real"},{"line_number":235,"context_line":"deployment, this rule will not exist because of the limitaion of enforcing"},{"line_number":236,"context_line":"``enable_snat\u003dFalse`` for external gateway."},{"line_number":237,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"cd7777ec_a4976dff","line":234,"range":{"start_line":234,"start_character":5,"end_line":234,"end_character":12},"updated":"2021-03-01 08:33:06.000000000","message":"nit: number","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"527dc092c44aa4ceaa8a2907be8a932f1e3828b7","unresolved":true,"context_lines":[{"line_number":231,"context_line":""},{"line_number":232,"context_line":"Rule number 1 is the direct action for ``Elastic Snat`` rules."},{"line_number":233,"context_line":""},{"line_number":234,"context_line":"Rule neumber 2 is the original SNAT rule of neutron Router. In the real"},{"line_number":235,"context_line":"deployment, this rule will not exist because of the limitaion of enforcing"},{"line_number":236,"context_line":"``enable_snat\u003dFalse`` for external gateway."},{"line_number":237,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"f25be50e_edfd2f96","line":234,"range":{"start_line":234,"start_character":44,"end_line":234,"end_character":51},"updated":"2021-03-01 08:33:06.000000000","message":"the Neutron","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"0f82ef2af32949ce7e3bbaf89764a8ca72d35691","unresolved":false,"context_lines":[{"line_number":231,"context_line":""},{"line_number":232,"context_line":"Rule number 1 is the direct action for ``Elastic Snat`` rules."},{"line_number":233,"context_line":""},{"line_number":234,"context_line":"Rule neumber 2 is the original SNAT rule of neutron Router. In the real"},{"line_number":235,"context_line":"deployment, this rule will not exist because of the limitaion of enforcing"},{"line_number":236,"context_line":"``enable_snat\u003dFalse`` for external gateway."},{"line_number":237,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"2062c0a8_387910b3","line":234,"range":{"start_line":234,"start_character":5,"end_line":234,"end_character":12},"in_reply_to":"cd7777ec_a4976dff","updated":"2021-03-09 01:53:01.000000000","message":"Done","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"0f82ef2af32949ce7e3bbaf89764a8ca72d35691","unresolved":false,"context_lines":[{"line_number":231,"context_line":""},{"line_number":232,"context_line":"Rule number 1 is the direct action for ``Elastic Snat`` rules."},{"line_number":233,"context_line":""},{"line_number":234,"context_line":"Rule neumber 2 is the original SNAT rule of neutron Router. In the real"},{"line_number":235,"context_line":"deployment, this rule will not exist because of the limitaion of enforcing"},{"line_number":236,"context_line":"``enable_snat\u003dFalse`` for external gateway."},{"line_number":237,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"44bc4cbf_a5addc23","line":234,"range":{"start_line":234,"start_character":44,"end_line":234,"end_character":51},"in_reply_to":"f25be50e_edfd2f96","updated":"2021-03-09 01:53:01.000000000","message":"Done","commit_id":"7198428fe74393595ff639d5ca409eafc8e9a744"}],"specs/xena/elastic_snat.rst":[{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"823cbfacb8e041ab9d4d91e86e51f5d9c6439fd7","unresolved":true,"context_lines":[{"line_number":15,"context_line":"no binding floating IPs to access the public world."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"We are going to define a new control mechanism for Neutron to enable"},{"line_number":18,"context_line":"the SNAT funtion more granularly."},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"Problem Description"},{"line_number":21,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":14,"id":"2768fab1_86c7685c","line":18,"range":{"start_line":18,"start_character":9,"end_line":18,"end_character":16},"updated":"2021-09-29 06:55:48.000000000","message":"nit: function","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"4d43ec4d700f3e8a24afde30a5db7260e9112889","unresolved":false,"context_lines":[{"line_number":15,"context_line":"no binding floating IPs to access the public world."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"We are going to define a new control mechanism for Neutron to enable"},{"line_number":18,"context_line":"the SNAT funtion more granularly."},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"Problem Description"},{"line_number":21,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":14,"id":"4d5abf89_d0114be3","line":18,"range":{"start_line":18,"start_character":9,"end_line":18,"end_character":16},"in_reply_to":"2768fab1_86c7685c","updated":"2021-11-12 05:32:48.000000000","message":"Done","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"0740c6b7919c73a321a0c9d1d349dfef56d3bf49","unresolved":true,"context_lines":[{"line_number":53,"context_line":"Solution Proposed"},{"line_number":54,"context_line":"-----------------"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"Since floating IPs have the QoS attribute and the SNAT IP need to be a"},{"line_number":57,"context_line":"IP address from the network where the router gateway port is created,"},{"line_number":58,"context_line":"we will utilize the floating IP (with a different or same service type)"},{"line_number":59,"context_line":"and its binding SNAT rules to achive the goal."}],"source_content_type":"text/x-rst","patch_set":14,"id":"fe8267f5_1a64e601","line":56,"range":{"start_line":56,"start_character":50,"end_line":56,"end_character":57},"updated":"2021-11-11 14:29:03.000000000","message":"so this will be a Neutron port created by the backend?","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"4d43ec4d700f3e8a24afde30a5db7260e9112889","unresolved":true,"context_lines":[{"line_number":53,"context_line":"Solution Proposed"},{"line_number":54,"context_line":"-----------------"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"Since floating IPs have the QoS attribute and the SNAT IP need to be a"},{"line_number":57,"context_line":"IP address from the network where the router gateway port is created,"},{"line_number":58,"context_line":"we will utilize the floating IP (with a different or same service type)"},{"line_number":59,"context_line":"and its binding SNAT rules to achive the goal."}],"source_content_type":"text/x-rst","patch_set":14,"id":"a093a070_6bda13e1","line":56,"range":{"start_line":56,"start_character":50,"end_line":56,"end_character":57},"in_reply_to":"fe8267f5_1a64e601","updated":"2021-11-12 05:32:48.000000000","message":"It is a floating IP. And indeed, floating IP has a port.","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"823cbfacb8e041ab9d4d91e86e51f5d9c6439fd7","unresolved":true,"context_lines":[{"line_number":61,"context_line":"Server side changes"},{"line_number":62,"context_line":"+++++++++++++++++++"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"Add new top level API resource ``Elastic Snat`` for the SNAT function,"},{"line_number":65,"context_line":"since we add new resource with it plugin are relatively independent."},{"line_number":66,"context_line":"The new resource ``Elastic Snat`` has basic elements \u0027id\u0027 and \u0027name\u0027,"},{"line_number":67,"context_line":"while the new plugin will handle the CURD action. The following is the"}],"source_content_type":"text/x-rst","patch_set":14,"id":"971c8d02_6bf886a6","line":64,"updated":"2021-09-29 06:55:48.000000000","message":"should it be top level API resource? Why not router\u0027s resource like is for example extra_route?","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"4d43ec4d700f3e8a24afde30a5db7260e9112889","unresolved":true,"context_lines":[{"line_number":61,"context_line":"Server side changes"},{"line_number":62,"context_line":"+++++++++++++++++++"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"Add new top level API resource ``Elastic Snat`` for the SNAT function,"},{"line_number":65,"context_line":"since we add new resource with it plugin are relatively independent."},{"line_number":66,"context_line":"The new resource ``Elastic Snat`` has basic elements \u0027id\u0027 and \u0027name\u0027,"},{"line_number":67,"context_line":"while the new plugin will handle the CURD action. The following is the"}],"source_content_type":"text/x-rst","patch_set":14,"id":"ca056b11_076c36cf","line":64,"in_reply_to":"971c8d02_6bf886a6","updated":"2021-11-12 05:32:48.000000000","message":"In real production world, as we practiced, this is simple for upper platform to invoke neutron API. And this is easily for operators to list the resources. We have pain on port forwardings since it must add a floating IP id for the API uri. Admin can not list all port forwardings once for all, or for a project.\n\nAnd more, we had done some works to move sub-resource to top level, for instance, qos rules [1].\n\n[1] https://review.opendev.org/c/openstack/neutron-lib/+/608473","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"823cbfacb8e041ab9d4d91e86e51f5d9c6439fd7","unresolved":true,"context_lines":[{"line_number":91,"context_line":"          \u0027floatingip_id\u0027: {\u0027allow_post\u0027: True,"},{"line_number":92,"context_line":"                            \u0027allow_put\u0027: False,"},{"line_number":93,"context_line":"                            \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":94,"context_line":"                            \u0027is_visible\u0027: True},"},{"line_number":95,"context_line":"          \u0027router_id\u0027: {\u0027allow_post\u0027: True,"},{"line_number":96,"context_line":"                        \u0027allow_put\u0027: False,"},{"line_number":97,"context_line":"                        \u0027validate\u0027: {\u0027type:uuid\u0027: None},"}],"source_content_type":"text/x-rst","patch_set":14,"id":"b8a977cc_f369b037","line":94,"updated":"2021-09-29 06:55:48.000000000","message":"IIUC all this spec You want to use floating IP as additional external gateway IP for the router. If that is correct understanding I think that calling it Floating IP might be confusing for users.","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"4d43ec4d700f3e8a24afde30a5db7260e9112889","unresolved":true,"context_lines":[{"line_number":91,"context_line":"          \u0027floatingip_id\u0027: {\u0027allow_post\u0027: True,"},{"line_number":92,"context_line":"                            \u0027allow_put\u0027: False,"},{"line_number":93,"context_line":"                            \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":94,"context_line":"                            \u0027is_visible\u0027: True},"},{"line_number":95,"context_line":"          \u0027router_id\u0027: {\u0027allow_post\u0027: True,"},{"line_number":96,"context_line":"                        \u0027allow_put\u0027: False,"},{"line_number":97,"context_line":"                        \u0027validate\u0027: {\u0027type:uuid\u0027: None},"}],"source_content_type":"text/x-rst","patch_set":14,"id":"72b9b125_2b2d8813","line":94,"in_reply_to":"b8a977cc_f369b037","updated":"2021-11-12 05:32:48.000000000","message":"You can consider this is similart to port forwarding, while it uses a floating IP to do DNAT. This approach is to do SNAT by using another floating IP. (p.s., one same floating IP can be used to do DNAT and SNAT).","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"823cbfacb8e041ab9d4d91e86e51f5d9c6439fd7","unresolved":true,"context_lines":[{"line_number":110,"context_line":"          \u0027internal_cidrs\u0027: {"},{"line_number":111,"context_line":"              \u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":112,"context_line":"              \u0027default\u0027: [],"},{"line_number":113,"context_line":"              \u0027validate\u0027: {\u0027type:list_of_regex_or_none\u0027: IP_REGEX},"},{"line_number":114,"context_line":"              \u0027convert_to\u0027: converters.convert_none_to_empty_list,"},{"line_number":115,"context_line":"              \u0027is_visible\u0027: True}"},{"line_number":116,"context_line":"      }"}],"source_content_type":"text/x-rst","patch_set":14,"id":"161bb831_7ccdeab6","line":113,"updated":"2021-09-29 06:55:48.000000000","message":"there is already \"subnet_list\" validator in neutron-lib https://github.com/openstack/neutron-lib/blob/f9b428667be5b30a0acacb284b607bc5d2e2dc4e/neutron_lib/api/validators/__init__.py#L719\nBut I still think that this should be id of the address_group resource.","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"4d43ec4d700f3e8a24afde30a5db7260e9112889","unresolved":false,"context_lines":[{"line_number":110,"context_line":"          \u0027internal_cidrs\u0027: {"},{"line_number":111,"context_line":"              \u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":112,"context_line":"              \u0027default\u0027: [],"},{"line_number":113,"context_line":"              \u0027validate\u0027: {\u0027type:list_of_regex_or_none\u0027: IP_REGEX},"},{"line_number":114,"context_line":"              \u0027convert_to\u0027: converters.convert_none_to_empty_list,"},{"line_number":115,"context_line":"              \u0027is_visible\u0027: True}"},{"line_number":116,"context_line":"      }"}],"source_content_type":"text/x-rst","patch_set":14,"id":"d74878d8_52362d31","line":113,"in_reply_to":"161bb831_7ccdeab6","updated":"2021-11-12 05:32:48.000000000","message":"Done","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"823cbfacb8e041ab9d4d91e86e51f5d9c6439fd7","unresolved":true,"context_lines":[{"line_number":112,"context_line":"              \u0027default\u0027: [],"},{"line_number":113,"context_line":"              \u0027validate\u0027: {\u0027type:list_of_regex_or_none\u0027: IP_REGEX},"},{"line_number":114,"context_line":"              \u0027convert_to\u0027: converters.convert_none_to_empty_list,"},{"line_number":115,"context_line":"              \u0027is_visible\u0027: True}"},{"line_number":116,"context_line":"      }"},{"line_number":117,"context_line":"  }"},{"line_number":118,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"b3894200_a34a07c3","line":115,"updated":"2021-09-29 06:55:48.000000000","message":"In L41 You mentioned bandwidth limit for such snat resource. Why there is no qos_policy_id added here?","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"4d43ec4d700f3e8a24afde30a5db7260e9112889","unresolved":true,"context_lines":[{"line_number":112,"context_line":"              \u0027default\u0027: [],"},{"line_number":113,"context_line":"              \u0027validate\u0027: {\u0027type:list_of_regex_or_none\u0027: IP_REGEX},"},{"line_number":114,"context_line":"              \u0027convert_to\u0027: converters.convert_none_to_empty_list,"},{"line_number":115,"context_line":"              \u0027is_visible\u0027: True}"},{"line_number":116,"context_line":"      }"},{"line_number":117,"context_line":"  }"},{"line_number":118,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"4a98fa79_8d61a96f","line":115,"in_reply_to":"b3894200_a34a07c3","updated":"2021-11-12 05:32:48.000000000","message":"TC rate limit will be applied by the Floating IP\u0027s qos policy in agent side. You can consider this is similart to port forwarding, while it uses a floating IP to do DNAT. This approach is to do SNAT.","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"0740c6b7919c73a321a0c9d1d349dfef56d3bf49","unresolved":true,"context_lines":[{"line_number":178,"context_line":"::"},{"line_number":179,"context_line":""},{"line_number":180,"context_line":"  GET /v2.0/elastic_snats"},{"line_number":181,"context_line":""},{"line_number":182,"context_line":"* Show an ``Elastic Snat``:"},{"line_number":183,"context_line":""},{"line_number":184,"context_line":"::"}],"source_content_type":"text/x-rst","patch_set":14,"id":"4e2e1861_1a616c0b","line":181,"updated":"2021-11-11 14:29:03.000000000","message":"perhaps APIs like GET /v2.0/elastic_snats/get_router_snats/\u003crouter_id\u003e would be useful","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"328bb42e5df259be4959792df0b532908192a0b5","unresolved":true,"context_lines":[{"line_number":178,"context_line":"::"},{"line_number":179,"context_line":""},{"line_number":180,"context_line":"  GET /v2.0/elastic_snats"},{"line_number":181,"context_line":""},{"line_number":182,"context_line":"* Show an ``Elastic Snat``:"},{"line_number":183,"context_line":""},{"line_number":184,"context_line":"::"}],"source_content_type":"text/x-rst","patch_set":14,"id":"7083da84_12bc093a","line":181,"in_reply_to":"29e62ead_397da521","updated":"2021-11-23 08:25:50.000000000","message":"ok","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"4d43ec4d700f3e8a24afde30a5db7260e9112889","unresolved":true,"context_lines":[{"line_number":178,"context_line":"::"},{"line_number":179,"context_line":""},{"line_number":180,"context_line":"  GET /v2.0/elastic_snats"},{"line_number":181,"context_line":""},{"line_number":182,"context_line":"* Show an ``Elastic Snat``:"},{"line_number":183,"context_line":""},{"line_number":184,"context_line":"::"}],"source_content_type":"text/x-rst","patch_set":14,"id":"29e62ead_397da521","line":181,"in_reply_to":"4e2e1861_1a616c0b","updated":"2021-11-12 05:32:48.000000000","message":"We support filters, so it can be done by:\n\nGET /v2.0/elastic_snats?router_id\u003dxxxx","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"823cbfacb8e041ab9d4d91e86e51f5d9c6439fd7","unresolved":true,"context_lines":[{"line_number":198,"context_line":""},{"line_number":199,"context_line":"* ``enable_snat`` of router gateway and creating ``Elastic Snat`` for a"},{"line_number":200,"context_line":"  router are mutually exclusive. This is to narrow down the complexity for"},{"line_number":201,"context_line":"  users. In short, router should have an external gateway with ``enable_snat\u003dFalse``."},{"line_number":202,"context_line":"* Can not remove a floating SNAT IP which has ``Elastic Snat``"},{"line_number":203,"context_line":"* Can not remove a router gateway if there are ``Elastic Snat``"},{"line_number":204,"context_line":"* Can not remove a subnet if there are IPs or CIDR used by ``Elastic Snat``"}],"source_content_type":"text/x-rst","patch_set":14,"id":"57563acd_cb497567","line":201,"updated":"2021-09-29 06:55:48.000000000","message":"this will be (again) confusing for users IMO. You are proposing to tell them that to use \"elastic_snat\" (but still snat) they need to first disable snat in the router 😊","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"0740c6b7919c73a321a0c9d1d349dfef56d3bf49","unresolved":true,"context_lines":[{"line_number":198,"context_line":""},{"line_number":199,"context_line":"* ``enable_snat`` of router gateway and creating ``Elastic Snat`` for a"},{"line_number":200,"context_line":"  router are mutually exclusive. This is to narrow down the complexity for"},{"line_number":201,"context_line":"  users. In short, router should have an external gateway with ``enable_snat\u003dFalse``."},{"line_number":202,"context_line":"* Can not remove a floating SNAT IP which has ``Elastic Snat``"},{"line_number":203,"context_line":"* Can not remove a router gateway if there are ``Elastic Snat``"},{"line_number":204,"context_line":"* Can not remove a subnet if there are IPs or CIDR used by ``Elastic Snat``"}],"source_content_type":"text/x-rst","patch_set":14,"id":"d796113a_2bbfe977","line":201,"in_reply_to":"4ee07947_d53334de","updated":"2021-11-11 14:29:03.000000000","message":"IMO what is important to make it clear what happens if enable_snat\u003dTrue/False and if the user uses the new API.\nIF I understand well this new feature is mutually exclusive with the old enable_snat feature, am I right?","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"c3c9af52e5021c95ef4e1e57fee6d8886dbf4ead","unresolved":true,"context_lines":[{"line_number":198,"context_line":""},{"line_number":199,"context_line":"* ``enable_snat`` of router gateway and creating ``Elastic Snat`` for a"},{"line_number":200,"context_line":"  router are mutually exclusive. This is to narrow down the complexity for"},{"line_number":201,"context_line":"  users. In short, router should have an external gateway with ``enable_snat\u003dFalse``."},{"line_number":202,"context_line":"* Can not remove a floating SNAT IP which has ``Elastic Snat``"},{"line_number":203,"context_line":"* Can not remove a router gateway if there are ``Elastic Snat``"},{"line_number":204,"context_line":"* Can not remove a subnet if there are IPs or CIDR used by ``Elastic Snat``"}],"source_content_type":"text/x-rst","patch_set":14,"id":"4ee07947_d53334de","line":201,"in_reply_to":"57563acd_cb497567","updated":"2021-11-11 01:59:09.000000000","message":"\"In short, when users try to create elastic SNAT for a router, it should have an external gateway with ``enable_snat\u003dFalse``\", how about this?","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"823cbfacb8e041ab9d4d91e86e51f5d9c6439fd7","unresolved":true,"context_lines":[{"line_number":199,"context_line":"* ``enable_snat`` of router gateway and creating ``Elastic Snat`` for a"},{"line_number":200,"context_line":"  router are mutually exclusive. This is to narrow down the complexity for"},{"line_number":201,"context_line":"  users. In short, router should have an external gateway with ``enable_snat\u003dFalse``."},{"line_number":202,"context_line":"* Can not remove a floating SNAT IP which has ``Elastic Snat``"},{"line_number":203,"context_line":"* Can not remove a router gateway if there are ``Elastic Snat``"},{"line_number":204,"context_line":"* Can not remove a subnet if there are IPs or CIDR used by ``Elastic Snat``"},{"line_number":205,"context_line":"* Can not bind a floating IP to a VM port while it has 1 to 1 ``Elastic Snat``"}],"source_content_type":"text/x-rst","patch_set":14,"id":"692090b1_3d93a6fb","line":202,"range":{"start_line":202,"start_character":19,"end_line":202,"end_character":35},"updated":"2021-09-29 06:55:48.000000000","message":"this isn\u0027t floating IP really :/","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"c3c9af52e5021c95ef4e1e57fee6d8886dbf4ead","unresolved":true,"context_lines":[{"line_number":199,"context_line":"* ``enable_snat`` of router gateway and creating ``Elastic Snat`` for a"},{"line_number":200,"context_line":"  router are mutually exclusive. This is to narrow down the complexity for"},{"line_number":201,"context_line":"  users. In short, router should have an external gateway with ``enable_snat\u003dFalse``."},{"line_number":202,"context_line":"* Can not remove a floating SNAT IP which has ``Elastic Snat``"},{"line_number":203,"context_line":"* Can not remove a router gateway if there are ``Elastic Snat``"},{"line_number":204,"context_line":"* Can not remove a subnet if there are IPs or CIDR used by ``Elastic Snat``"},{"line_number":205,"context_line":"* Can not bind a floating IP to a VM port while it has 1 to 1 ``Elastic Snat``"}],"source_content_type":"text/x-rst","patch_set":14,"id":"620d9015_49fd4561","line":202,"range":{"start_line":202,"start_character":19,"end_line":202,"end_character":35},"in_reply_to":"692090b1_3d93a6fb","updated":"2021-11-11 01:59:09.000000000","message":"Maybe it can be \"Floating (SNAT) IP\" or \"SNAT floating IP\".","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"823cbfacb8e041ab9d4d91e86e51f5d9c6439fd7","unresolved":true,"context_lines":[{"line_number":200,"context_line":"  router are mutually exclusive. This is to narrow down the complexity for"},{"line_number":201,"context_line":"  users. In short, router should have an external gateway with ``enable_snat\u003dFalse``."},{"line_number":202,"context_line":"* Can not remove a floating SNAT IP which has ``Elastic Snat``"},{"line_number":203,"context_line":"* Can not remove a router gateway if there are ``Elastic Snat``"},{"line_number":204,"context_line":"* Can not remove a subnet if there are IPs or CIDR used by ``Elastic Snat``"},{"line_number":205,"context_line":"* Can not bind a floating IP to a VM port while it has 1 to 1 ``Elastic Snat``"},{"line_number":206,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"64c0ed08_037c433f","line":203,"updated":"2021-09-29 06:55:48.000000000","message":"why? is that gateway used somehow in that \"elastic snat\" functionality?","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"c3c9af52e5021c95ef4e1e57fee6d8886dbf4ead","unresolved":true,"context_lines":[{"line_number":200,"context_line":"  router are mutually exclusive. This is to narrow down the complexity for"},{"line_number":201,"context_line":"  users. In short, router should have an external gateway with ``enable_snat\u003dFalse``."},{"line_number":202,"context_line":"* Can not remove a floating SNAT IP which has ``Elastic Snat``"},{"line_number":203,"context_line":"* Can not remove a router gateway if there are ``Elastic Snat``"},{"line_number":204,"context_line":"* Can not remove a subnet if there are IPs or CIDR used by ``Elastic Snat``"},{"line_number":205,"context_line":"* Can not bind a floating IP to a VM port while it has 1 to 1 ``Elastic Snat``"},{"line_number":206,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"4bbc6bdf_5a85c2f8","line":203,"in_reply_to":"64c0ed08_037c433f","updated":"2021-11-11 01:59:09.000000000","message":"Yes, snat rules will reside on external gateway qg-dev.","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"0740c6b7919c73a321a0c9d1d349dfef56d3bf49","unresolved":true,"context_lines":[{"line_number":208,"context_line":"side need to be in very strict order, in order to reduce complexity for the"},{"line_number":209,"context_line":"input of the API we will have restrictions:"},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"* ``subnets`` and ``internal_cidrs`` should not be set at the same time."},{"line_number":212,"context_line":"* ``subnets`` and ``internal_cidrs`` should not be empty at the same time."},{"line_number":213,"context_line":""},{"line_number":214,"context_line":"Then, it will be easier for users to ensure the sequence of elements in one"},{"line_number":215,"context_line":"input list than merging two lists."}],"source_content_type":"text/x-rst","patch_set":14,"id":"29ed22c8_66a297a8","line":212,"range":{"start_line":211,"start_character":0,"end_line":212,"end_character":74},"updated":"2021-11-11 14:29:03.000000000","message":"so actions like this are not allowed:\nPOST {subnets: [\u0027a\u0027, \u0027b\u0027], internal_cidrs: [\u0027x\u0027, \u0027y\u0027]}\nbut POST {subnets: [\u0027a\u0027, \u0027b\u0027]} ...... PUT {internal_cidrs: [\u0027x\u0027, \u0027y\u0027]}","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"823cbfacb8e041ab9d4d91e86e51f5d9c6439fd7","unresolved":true,"context_lines":[{"line_number":227,"context_line":""},{"line_number":228,"context_line":"  Chain neutron-l3-agent-snat"},{"line_number":229,"context_line":"  -  target                       prot opt in     out             source      destination"},{"line_number":230,"context_line":"  0  neutron-l3-agent-float-snat  all  --  *      *               0.0.0.0/0   0.0.0.0/0"},{"line_number":231,"context_line":"  1  neutron-router-elastic-snat  all  --  *      qg-2ff719d9-95  0.0.0.0/0   0.0.0.0/0"},{"line_number":232,"context_line":"  2  SNAT                         all  --  *      qg-2ff719d9-95  0.0.0.0/0   0.0.0.0/0       to:172.24.4.165"},{"line_number":233,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"8cb121b6_627f88f6","line":230,"range":{"start_line":230,"start_character":5,"end_line":230,"end_character":32},"updated":"2021-09-29 06:55:48.000000000","message":"what is that chain for?","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"c3c9af52e5021c95ef4e1e57fee6d8886dbf4ead","unresolved":true,"context_lines":[{"line_number":227,"context_line":""},{"line_number":228,"context_line":"  Chain neutron-l3-agent-snat"},{"line_number":229,"context_line":"  -  target                       prot opt in     out             source      destination"},{"line_number":230,"context_line":"  0  neutron-l3-agent-float-snat  all  --  *      *               0.0.0.0/0   0.0.0.0/0"},{"line_number":231,"context_line":"  1  neutron-router-elastic-snat  all  --  *      qg-2ff719d9-95  0.0.0.0/0   0.0.0.0/0"},{"line_number":232,"context_line":"  2  SNAT                         all  --  *      qg-2ff719d9-95  0.0.0.0/0   0.0.0.0/0       to:172.24.4.165"},{"line_number":233,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"0c922d32_d6c8ee33","line":230,"range":{"start_line":230,"start_character":5,"end_line":230,"end_character":32},"in_reply_to":"8cb121b6_627f88f6","updated":"2021-11-11 01:59:09.000000000","message":"It is the floating IP.","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"0740c6b7919c73a321a0c9d1d349dfef56d3bf49","unresolved":true,"context_lines":[{"line_number":253,"context_line":"++++++++++++++++++++++"},{"line_number":254,"context_line":""},{"line_number":255,"context_line":"1. User creates a ``ElasticSnat`` (and a floating SNAT IP for it)"},{"line_number":256,"context_line":"2. (Optional) Neutron creates a floating SNAT IP (with default QoS policy) for this ``ElasticSnat``"},{"line_number":257,"context_line":"3. Elastic-snat notify the L3 agent"},{"line_number":258,"context_line":"4. L3 agent creates related SNAT rules under a router namespace depends on the elastic-snat attributes"},{"line_number":259,"context_line":"5. L3 agent set bandwidth rate limit by the elastic-snat floating SNAT IP\u0027s QoS policy"}],"source_content_type":"text/x-rst","patch_set":14,"id":"dc322b1e_bcd82826","line":256,"range":{"start_line":256,"start_character":50,"end_line":256,"end_character":73},"updated":"2021-11-11 14:29:03.000000000","message":"Please clarify what is default qos in this case? the qos policy attached to the network, or the floating IP?\nOr the API will have a field for qos policy id? The rule will be bandwidth_limit ? Please document it here to be clear.","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"4d43ec4d700f3e8a24afde30a5db7260e9112889","unresolved":true,"context_lines":[{"line_number":253,"context_line":"++++++++++++++++++++++"},{"line_number":254,"context_line":""},{"line_number":255,"context_line":"1. User creates a ``ElasticSnat`` (and a floating SNAT IP for it)"},{"line_number":256,"context_line":"2. (Optional) Neutron creates a floating SNAT IP (with default QoS policy) for this ``ElasticSnat``"},{"line_number":257,"context_line":"3. Elastic-snat notify the L3 agent"},{"line_number":258,"context_line":"4. L3 agent creates related SNAT rules under a router namespace depends on the elastic-snat attributes"},{"line_number":259,"context_line":"5. L3 agent set bandwidth rate limit by the elastic-snat floating SNAT IP\u0027s QoS policy"}],"source_content_type":"text/x-rst","patch_set":14,"id":"b2c5b2b6_4746923e","line":256,"range":{"start_line":256,"start_character":50,"end_line":256,"end_character":73},"in_reply_to":"dc322b1e_bcd82826","updated":"2021-11-12 05:32:48.000000000","message":"Sorry, upstream neutron does not have this. It is locally in our cloud, we have default qos policy for floating IP. But, there is an RFE can do the same work: https://bugs.launchpad.net/neutron/+bug/1950454","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"823cbfacb8e041ab9d4d91e86e51f5d9c6439fd7","unresolved":true,"context_lines":[{"line_number":283,"context_line":"The default value is empty which means we will create IPs from all the subnets"},{"line_number":284,"context_line":"of the public network. If it is ``network:floatingip``, the SNAT IP is same to"},{"line_number":285,"context_line":"floating IP. If it is user defined value, such ``network:snat_ip``, the SNAT IP"},{"line_number":286,"context_line":"will be created from these subnets."},{"line_number":287,"context_line":""},{"line_number":288,"context_line":"Config option ``delete_fip_after_elastic_snat_deleted`` will be used to"},{"line_number":289,"context_line":"determine whether to delete the floating SNAT IP after ``Elastic Snat``"}],"source_content_type":"text/x-rst","patch_set":14,"id":"8a884866_1a19140d","line":286,"updated":"2021-09-29 06:55:48.000000000","message":"There is already subnet_service_type extension https://docs.openstack.org/api-ref/network/v2/#subnet-service-types-extension which can be used to achieve this IMO.","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"4d43ec4d700f3e8a24afde30a5db7260e9112889","unresolved":true,"context_lines":[{"line_number":283,"context_line":"The default value is empty which means we will create IPs from all the subnets"},{"line_number":284,"context_line":"of the public network. If it is ``network:floatingip``, the SNAT IP is same to"},{"line_number":285,"context_line":"floating IP. If it is user defined value, such ``network:snat_ip``, the SNAT IP"},{"line_number":286,"context_line":"will be created from these subnets."},{"line_number":287,"context_line":""},{"line_number":288,"context_line":"Config option ``delete_fip_after_elastic_snat_deleted`` will be used to"},{"line_number":289,"context_line":"determine whether to delete the floating SNAT IP after ``Elastic Snat``"}],"source_content_type":"text/x-rst","patch_set":14,"id":"d76cb2d8_e796602b","line":286,"in_reply_to":"8a884866_1a19140d","updated":"2021-11-12 05:32:48.000000000","message":"Yes, but we need an option for elastic_plugin which type of subnet we should use.","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"823cbfacb8e041ab9d4d91e86e51f5d9c6439fd7","unresolved":true,"context_lines":[{"line_number":287,"context_line":""},{"line_number":288,"context_line":"Config option ``delete_fip_after_elastic_snat_deleted`` will be used to"},{"line_number":289,"context_line":"determine whether to delete the floating SNAT IP after ``Elastic Snat``"},{"line_number":290,"context_line":"was removed."},{"line_number":291,"context_line":""},{"line_number":292,"context_line":"Config option ``allow_elastic_snat_cidrs_overlapping`` will be used to"},{"line_number":293,"context_line":"determine Whether enable snat CIDRs overlapping under same router. This"}],"source_content_type":"text/x-rst","patch_set":14,"id":"fe004e4f_8c072627","line":290,"updated":"2021-09-29 06:55:48.000000000","message":"we should decide how that should works and not have config option for that.","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"0e2eb91f301d63b67f28725f6efb01989451b547","unresolved":true,"context_lines":[{"line_number":292,"context_line":"Config option ``allow_elastic_snat_cidrs_overlapping`` will be used to"},{"line_number":293,"context_line":"determine Whether enable snat CIDRs overlapping under same router. This"},{"line_number":294,"context_line":"is because iptables version lower than 1.6.2 does not support the"},{"line_number":295,"context_line":"``--random-fully`` match rule."},{"line_number":296,"context_line":""},{"line_number":297,"context_line":"Config option ``allow_remove_router_interface_if_has_snats`` will be used to"},{"line_number":298,"context_line":"determine whether allow removing router interface if there are elastic snats"}],"source_content_type":"text/x-rst","patch_set":14,"id":"48cc059e_13779fc1","line":295,"updated":"2021-06-01 07:12:12.000000000","message":"So we really need to care about such old iptables still? I don\u0027t think it\u0027s available in any of the officially supported distros.","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"823cbfacb8e041ab9d4d91e86e51f5d9c6439fd7","unresolved":true,"context_lines":[{"line_number":292,"context_line":"Config option ``allow_elastic_snat_cidrs_overlapping`` will be used to"},{"line_number":293,"context_line":"determine Whether enable snat CIDRs overlapping under same router. This"},{"line_number":294,"context_line":"is because iptables version lower than 1.6.2 does not support the"},{"line_number":295,"context_line":"``--random-fully`` match rule."},{"line_number":296,"context_line":""},{"line_number":297,"context_line":"Config option ``allow_remove_router_interface_if_has_snats`` will be used to"},{"line_number":298,"context_line":"determine whether allow removing router interface if there are elastic snats"}],"source_content_type":"text/x-rst","patch_set":14,"id":"4856ef30_1982509c","line":295,"in_reply_to":"1a607eae_79695f53","updated":"2021-09-29 06:55:48.000000000","message":"So IMO we should have some kind of drivers, like we have for e.g. trunks or qos and such driver should define if that is allowed or not. User don\u0027t need to set that with config option. It\u0027s matter of the driver\u0027s (backend\u0027s) developer to decide if that is supported or not.\n\nAnd also we should have additional API extension to make discoverable if that possibility is supported or not in the deployment.","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"0740c6b7919c73a321a0c9d1d349dfef56d3bf49","unresolved":true,"context_lines":[{"line_number":292,"context_line":"Config option ``allow_elastic_snat_cidrs_overlapping`` will be used to"},{"line_number":293,"context_line":"determine Whether enable snat CIDRs overlapping under same router. This"},{"line_number":294,"context_line":"is because iptables version lower than 1.6.2 does not support the"},{"line_number":295,"context_line":"``--random-fully`` match rule."},{"line_number":296,"context_line":""},{"line_number":297,"context_line":"Config option ``allow_remove_router_interface_if_has_snats`` will be used to"},{"line_number":298,"context_line":"determine whether allow removing router interface if there are elastic snats"}],"source_content_type":"text/x-rst","patch_set":14,"id":"9cd60632_bb51c257","line":295,"in_reply_to":"4856ef30_1982509c","updated":"2021-11-11 14:29:03.000000000","message":"+1, let\u0027s say here if Neutron will support overlapping cidrs, and document what is the minimum iptables/nftables whatever version we need for it.","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"a21c91bac618866c9938041117f305f610bfcfaa","unresolved":true,"context_lines":[{"line_number":292,"context_line":"Config option ``allow_elastic_snat_cidrs_overlapping`` will be used to"},{"line_number":293,"context_line":"determine Whether enable snat CIDRs overlapping under same router. This"},{"line_number":294,"context_line":"is because iptables version lower than 1.6.2 does not support the"},{"line_number":295,"context_line":"``--random-fully`` match rule."},{"line_number":296,"context_line":""},{"line_number":297,"context_line":"Config option ``allow_remove_router_interface_if_has_snats`` will be used to"},{"line_number":298,"context_line":"determine whether allow removing router interface if there are elastic snats"}],"source_content_type":"text/x-rst","patch_set":14,"id":"1a607eae_79695f53","line":295,"in_reply_to":"48cc059e_13779fc1","updated":"2021-06-16 06:22:09.000000000","message":"Some L3 backend, like NFV in side VMs, can still running with some lower version of iptables. Not only for iptables, but also some VPP L3 implementation may not support IPs overlapping when doing NAT. And I\u0027m not sure if OVN can support this overlapping in the final ovs flows. There are more than one match rule which should be used to do SNAT?","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"4d43ec4d700f3e8a24afde30a5db7260e9112889","unresolved":true,"context_lines":[{"line_number":292,"context_line":"Config option ``allow_elastic_snat_cidrs_overlapping`` will be used to"},{"line_number":293,"context_line":"determine Whether enable snat CIDRs overlapping under same router. This"},{"line_number":294,"context_line":"is because iptables version lower than 1.6.2 does not support the"},{"line_number":295,"context_line":"``--random-fully`` match rule."},{"line_number":296,"context_line":""},{"line_number":297,"context_line":"Config option ``allow_remove_router_interface_if_has_snats`` will be used to"},{"line_number":298,"context_line":"determine whether allow removing router interface if there are elastic snats"}],"source_content_type":"text/x-rst","patch_set":14,"id":"e8ec9a59_9ac04ec4","line":295,"in_reply_to":"9cd60632_bb51c257","updated":"2021-11-12 05:32:48.000000000","message":"How clould neutron-server know that agent side iptables version and overlapping supported status?","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"bfedb955af2d5d41ff4d51149f500b500021dcbf","unresolved":true,"context_lines":[{"line_number":292,"context_line":"Config option ``allow_elastic_snat_cidrs_overlapping`` will be used to"},{"line_number":293,"context_line":"determine Whether enable snat CIDRs overlapping under same router. This"},{"line_number":294,"context_line":"is because iptables version lower than 1.6.2 does not support the"},{"line_number":295,"context_line":"``--random-fully`` match rule."},{"line_number":296,"context_line":""},{"line_number":297,"context_line":"Config option ``allow_remove_router_interface_if_has_snats`` will be used to"},{"line_number":298,"context_line":"determine whether allow removing router interface if there are elastic snats"}],"source_content_type":"text/x-rst","patch_set":14,"id":"c52e5711_8fb89357","line":295,"in_reply_to":"e8ec9a59_9ac04ec4","updated":"2021-11-24 13:12:08.000000000","message":"In such case how it will be if e.g. some L3 agents will support that option and others not?","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"823cbfacb8e041ab9d4d91e86e51f5d9c6439fd7","unresolved":true,"context_lines":[{"line_number":296,"context_line":""},{"line_number":297,"context_line":"Config option ``allow_remove_router_interface_if_has_snats`` will be used to"},{"line_number":298,"context_line":"determine whether allow removing router interface if there are elastic snats"},{"line_number":299,"context_line":"under the router connected subnets."},{"line_number":300,"context_line":""},{"line_number":301,"context_line":"Config option ``elastic_snat_backend_api_driver`` will be used to determine"},{"line_number":302,"context_line":"which driver to be used for elastic snat plugin to interact with L3 backents."}],"source_content_type":"text/x-rst","patch_set":14,"id":"9bddae08_7aaafe32","line":299,"updated":"2021-09-29 06:55:48.000000000","message":"I also don\u0027t think we need config option for that.","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"c3c9af52e5021c95ef4e1e57fee6d8886dbf4ead","unresolved":true,"context_lines":[{"line_number":296,"context_line":""},{"line_number":297,"context_line":"Config option ``allow_remove_router_interface_if_has_snats`` will be used to"},{"line_number":298,"context_line":"determine whether allow removing router interface if there are elastic snats"},{"line_number":299,"context_line":"under the router connected subnets."},{"line_number":300,"context_line":""},{"line_number":301,"context_line":"Config option ``elastic_snat_backend_api_driver`` will be used to determine"},{"line_number":302,"context_line":"which driver to be used for elastic snat plugin to interact with L3 backents."}],"source_content_type":"text/x-rst","patch_set":14,"id":"c2ac162e_c7307c86","line":299,"in_reply_to":"9bddae08_7aaafe32","updated":"2021-11-11 01:59:09.000000000","message":"Sure, so the default behavior here will be set to \"if subnet/cidr of a subnet has Elastic SNAT rules, the plugin will prevent deleting router interface.\" Make sense?","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"0740c6b7919c73a321a0c9d1d349dfef56d3bf49","unresolved":true,"context_lines":[{"line_number":296,"context_line":""},{"line_number":297,"context_line":"Config option ``allow_remove_router_interface_if_has_snats`` will be used to"},{"line_number":298,"context_line":"determine whether allow removing router interface if there are elastic snats"},{"line_number":299,"context_line":"under the router connected subnets."},{"line_number":300,"context_line":""},{"line_number":301,"context_line":"Config option ``elastic_snat_backend_api_driver`` will be used to determine"},{"line_number":302,"context_line":"which driver to be used for elastic snat plugin to interact with L3 backents."}],"source_content_type":"text/x-rst","patch_set":14,"id":"ddc443a8_647e93c8","line":299,"in_reply_to":"c2ac162e_c7307c86","updated":"2021-11-11 14:29:03.000000000","message":"+1","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"0e2eb91f301d63b67f28725f6efb01989451b547","unresolved":true,"context_lines":[{"line_number":299,"context_line":"under the router connected subnets."},{"line_number":300,"context_line":""},{"line_number":301,"context_line":"Config option ``elastic_snat_backend_api_driver`` will be used to determine"},{"line_number":302,"context_line":"which driver to be used for elastic snat plugin to interact with L3 backents."},{"line_number":303,"context_line":""},{"line_number":304,"context_line":"User workflow"},{"line_number":305,"context_line":"-------------"}],"source_content_type":"text/x-rst","patch_set":14,"id":"b18437af_cb070992","line":302,"updated":"2021-06-01 07:12:12.000000000","message":"all those options makes our api very config driven. Do we really need all of them? Shouldn\u0027t we just determine correct behaviour and implement that?","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"a21c91bac618866c9938041117f305f610bfcfaa","unresolved":true,"context_lines":[{"line_number":299,"context_line":"under the router connected subnets."},{"line_number":300,"context_line":""},{"line_number":301,"context_line":"Config option ``elastic_snat_backend_api_driver`` will be used to determine"},{"line_number":302,"context_line":"which driver to be used for elastic snat plugin to interact with L3 backents."},{"line_number":303,"context_line":""},{"line_number":304,"context_line":"User workflow"},{"line_number":305,"context_line":"-------------"}],"source_content_type":"text/x-rst","patch_set":14,"id":"b3fcec3b_4c1a89c8","line":302,"in_reply_to":"b18437af_cb070992","updated":"2021-06-16 06:22:09.000000000","message":"For neutron L3 agent, these options will have default values. So firstly, we need to come to a consensus for these behaviours here. The default values will follow the consensus.\nThen, these options may be used for some L3 backend like OVN, L3 VPP and NFVs which may have limitation to adapt the API behavior.","commit_id":"cf8b439d1c2de3e2ed434b3dc0099035f0324c00"}],"specs/yoga/elastic_snat.rst":[{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"626bedc8cb527295719fbf0c50cbc6fae76709ea","unresolved":true,"context_lines":[{"line_number":37,"context_line":"* enable/disable SNAT once for all (supported, controlled by ``enable_snat``)"},{"line_number":38,"context_line":"* enable/disable SNAT for one internal IP (of VM)"},{"line_number":39,"context_line":"* enable/disable SNAT for a range CIDR of IPs"},{"line_number":40,"context_line":"* enable/disable SNAT for a subnet"},{"line_number":41,"context_line":"* bandwidth limitation for SNAT rules"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"A generic driver abstraction will be added for this new API/plugin. The"}],"source_content_type":"text/x-rst","patch_set":15,"id":"96ded748_82c1f026","line":40,"range":{"start_line":40,"start_character":2,"end_line":40,"end_character":34},"updated":"2021-11-24 13:28:15.000000000","message":"how it differs from not adding this subnet to a SNAT router at all?","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"fcfce4afc73a7a73813dfdd97c3e92aeab8e9782","unresolved":true,"context_lines":[{"line_number":37,"context_line":"* enable/disable SNAT once for all (supported, controlled by ``enable_snat``)"},{"line_number":38,"context_line":"* enable/disable SNAT for one internal IP (of VM)"},{"line_number":39,"context_line":"* enable/disable SNAT for a range CIDR of IPs"},{"line_number":40,"context_line":"* enable/disable SNAT for a subnet"},{"line_number":41,"context_line":"* bandwidth limitation for SNAT rules"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"A generic driver abstraction will be added for this new API/plugin. The"}],"source_content_type":"text/x-rst","patch_set":15,"id":"b0c4dbc1_eb9bcb0e","line":40,"range":{"start_line":40,"start_character":2,"end_line":40,"end_character":34},"in_reply_to":"1ff99033_56fe54ab","updated":"2021-11-25 09:27:24.000000000","message":"sorry, not sure I got the answer","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"1df4807dbe83554730fb5d6094fb487400fba857","unresolved":true,"context_lines":[{"line_number":37,"context_line":"* enable/disable SNAT once for all (supported, controlled by ``enable_snat``)"},{"line_number":38,"context_line":"* enable/disable SNAT for one internal IP (of VM)"},{"line_number":39,"context_line":"* enable/disable SNAT for a range CIDR of IPs"},{"line_number":40,"context_line":"* enable/disable SNAT for a subnet"},{"line_number":41,"context_line":"* bandwidth limitation for SNAT rules"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"A generic driver abstraction will be added for this new API/plugin. The"}],"source_content_type":"text/x-rst","patch_set":15,"id":"1ff99033_56fe54ab","line":40,"range":{"start_line":40,"start_character":2,"end_line":40,"end_character":34},"in_reply_to":"96ded748_82c1f026","updated":"2021-11-25 03:08:26.000000000","message":"User\u0027s network does not have only one subnet, then they want VMs from one subnet can use SNAT functions.","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"10885f871482d64b4caa7f81ede707ae905d764e","unresolved":true,"context_lines":[{"line_number":37,"context_line":"* enable/disable SNAT once for all (supported, controlled by ``enable_snat``)"},{"line_number":38,"context_line":"* enable/disable SNAT for one internal IP (of VM)"},{"line_number":39,"context_line":"* enable/disable SNAT for a range CIDR of IPs"},{"line_number":40,"context_line":"* enable/disable SNAT for a subnet"},{"line_number":41,"context_line":"* bandwidth limitation for SNAT rules"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"A generic driver abstraction will be added for this new API/plugin. The"}],"source_content_type":"text/x-rst","patch_set":15,"id":"f4c20962_3cf3e902","line":40,"range":{"start_line":40,"start_character":2,"end_line":40,"end_character":34},"in_reply_to":"b0c4dbc1_eb9bcb0e","updated":"2021-11-26 00:39:24.000000000","message":"Did you mean remove a subnet from a router to disable its SNAT? Then how VMs using IP from this subnet can communicate with others?","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"f56a21f40694c48cb372494ad988a75eec1269c1","unresolved":true,"context_lines":[{"line_number":37,"context_line":"* enable/disable SNAT once for all (supported, controlled by ``enable_snat``)"},{"line_number":38,"context_line":"* enable/disable SNAT for one internal IP (of VM)"},{"line_number":39,"context_line":"* enable/disable SNAT for a range CIDR of IPs"},{"line_number":40,"context_line":"* enable/disable SNAT for a subnet"},{"line_number":41,"context_line":"* bandwidth limitation for SNAT rules"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"A generic driver abstraction will be added for this new API/plugin. The"}],"source_content_type":"text/x-rst","patch_set":15,"id":"d681e12a_19e037d7","line":40,"range":{"start_line":40,"start_character":2,"end_line":40,"end_character":34},"in_reply_to":"f4c20962_3cf3e902","updated":"2021-11-26 00:49:59.000000000","message":"Add a subnet to router and add a SNAT rule for a subnet, there is a dependency between them. Subnet must be connected to a router, then we can create SNAT rules. It\u0027s something like you want to access the Internet, but you\u0027re not connected the cable to your router.\n\nIf one IP in a subnet wants SNAT, subnet can not be removed from a SNAT route. And there is no such \"remove a subnet from SNAT router\" mechanism. And maybe you will say \"add one IP to a SNAT router\", thats beyond this approach, or something like \"enable/disable SNAT for one internal IP (of VM)\". But anyway, subnet must be attached to router.","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"bfedb955af2d5d41ff4d51149f500b500021dcbf","unresolved":true,"context_lines":[{"line_number":55,"context_line":""},{"line_number":56,"context_line":"Since floating IPs have the QoS attribute and the SNAT IP need to be a"},{"line_number":57,"context_line":"IP address from the network where the router gateway port is created,"},{"line_number":58,"context_line":"we will utilize the floating IP (with a different or same service type)"},{"line_number":59,"context_line":"and its binding SNAT rules to achive the goal."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"You can consider this approach is similar to floating IP port forwarding,"}],"source_content_type":"text/x-rst","patch_set":15,"id":"492d841f_c1c60770","line":58,"range":{"start_line":58,"start_character":20,"end_line":58,"end_character":71},"updated":"2021-11-24 13:12:08.000000000","message":"I don\u0027t understand that really. AFAIK floating IP don\u0027t have service type - it is subnet thing, no?","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"fcfce4afc73a7a73813dfdd97c3e92aeab8e9782","unresolved":true,"context_lines":[{"line_number":55,"context_line":""},{"line_number":56,"context_line":"Since floating IPs have the QoS attribute and the SNAT IP need to be a"},{"line_number":57,"context_line":"IP address from the network where the router gateway port is created,"},{"line_number":58,"context_line":"we will utilize the floating IP (with a different or same service type)"},{"line_number":59,"context_line":"and its binding SNAT rules to achive the goal."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"You can consider this approach is similar to floating IP port forwarding,"}],"source_content_type":"text/x-rst","patch_set":15,"id":"a08005df_27fd7bf7","line":58,"range":{"start_line":58,"start_character":20,"end_line":58,"end_character":71},"in_reply_to":"2df18a9b_88845c42","updated":"2021-11-25 09:27:24.000000000","message":"I think better use different name to not mix Floating IPs with elastic SNAT","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"626bedc8cb527295719fbf0c50cbc6fae76709ea","unresolved":true,"context_lines":[{"line_number":55,"context_line":""},{"line_number":56,"context_line":"Since floating IPs have the QoS attribute and the SNAT IP need to be a"},{"line_number":57,"context_line":"IP address from the network where the router gateway port is created,"},{"line_number":58,"context_line":"we will utilize the floating IP (with a different or same service type)"},{"line_number":59,"context_line":"and its binding SNAT rules to achive the goal."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"You can consider this approach is similar to floating IP port forwarding,"}],"source_content_type":"text/x-rst","patch_set":15,"id":"b4a20414_5891fdf9","line":58,"range":{"start_line":58,"start_character":20,"end_line":58,"end_character":71},"in_reply_to":"492d841f_c1c60770","updated":"2021-11-24 13:28:15.000000000","message":"\"utilize the floating IP and its binding SNAT rules\" is not clear for me too. Please clarify","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"1df4807dbe83554730fb5d6094fb487400fba857","unresolved":true,"context_lines":[{"line_number":55,"context_line":""},{"line_number":56,"context_line":"Since floating IPs have the QoS attribute and the SNAT IP need to be a"},{"line_number":57,"context_line":"IP address from the network where the router gateway port is created,"},{"line_number":58,"context_line":"we will utilize the floating IP (with a different or same service type)"},{"line_number":59,"context_line":"and its binding SNAT rules to achive the goal."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"You can consider this approach is similar to floating IP port forwarding,"}],"source_content_type":"text/x-rst","patch_set":15,"id":"2df18a9b_88845c42","line":58,"range":{"start_line":58,"start_character":20,"end_line":58,"end_character":71},"in_reply_to":"b4a20414_5891fdf9","updated":"2021-11-25 03:08:26.000000000","message":"A floating IP for SNAT rules, something like a floating IP for port forwarding.","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"bfedb955af2d5d41ff4d51149f500b500021dcbf","unresolved":true,"context_lines":[{"line_number":70,"context_line":"upper platform to invoke neutron API. And this is easily for operators"},{"line_number":71,"context_line":"to list the resources. We have pain on port forwardings since it must"},{"line_number":72,"context_line":"add a floating IP ID for the API uri. Admin can not list all port"},{"line_number":73,"context_line":"forwardings once for all, or for a project."},{"line_number":74,"context_line":""},{"line_number":75,"context_line":"And more, we had done some works to move sub-resource to top level,"},{"line_number":76,"context_line":"for instance QoS rules [2]_."}],"source_content_type":"text/x-rst","patch_set":15,"id":"3a8ef43e_ec0ce7de","line":73,"updated":"2021-11-24 13:12:08.000000000","message":"but from logical point of view it seems more natural for me to have it as router\u0027s resource. What\u0027s the point of having that resource without router?","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"1df4807dbe83554730fb5d6094fb487400fba857","unresolved":true,"context_lines":[{"line_number":70,"context_line":"upper platform to invoke neutron API. And this is easily for operators"},{"line_number":71,"context_line":"to list the resources. We have pain on port forwardings since it must"},{"line_number":72,"context_line":"add a floating IP ID for the API uri. Admin can not list all port"},{"line_number":73,"context_line":"forwardings once for all, or for a project."},{"line_number":74,"context_line":""},{"line_number":75,"context_line":"And more, we had done some works to move sub-resource to top level,"},{"line_number":76,"context_line":"for instance QoS rules [2]_."}],"source_content_type":"text/x-rst","patch_set":15,"id":"c8f0783a_e48e1784","line":73,"in_reply_to":"3a8ef43e_ec0ce7de","updated":"2021-11-25 03:08:26.000000000","message":"It has an attribute router_id. It is a router\u0027s resource in such kind of view. Something like floating IP has router_id.","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"bfedb955af2d5d41ff4d51149f500b500021dcbf","unresolved":true,"context_lines":[{"line_number":72,"context_line":"add a floating IP ID for the API uri. Admin can not list all port"},{"line_number":73,"context_line":"forwardings once for all, or for a project."},{"line_number":74,"context_line":""},{"line_number":75,"context_line":"And more, we had done some works to move sub-resource to top level,"},{"line_number":76,"context_line":"for instance QoS rules [2]_."},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"The new resource ``Elastic Snat`` has basic elements \u0027id\u0027 and \u0027name\u0027,"}],"source_content_type":"text/x-rst","patch_set":15,"id":"a0f10d6b_5d4b1cf3","line":75,"range":{"start_line":75,"start_character":27,"end_line":75,"end_character":32},"updated":"2021-11-24 13:12:08.000000000","message":"nit: work","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"bfedb955af2d5d41ff4d51149f500b500021dcbf","unresolved":true,"context_lines":[{"line_number":73,"context_line":"forwardings once for all, or for a project."},{"line_number":74,"context_line":""},{"line_number":75,"context_line":"And more, we had done some works to move sub-resource to top level,"},{"line_number":76,"context_line":"for instance QoS rules [2]_."},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"The new resource ``Elastic Snat`` has basic elements \u0027id\u0027 and \u0027name\u0027,"},{"line_number":79,"context_line":"while the new plugin will handle the CURD action. The following is the"}],"source_content_type":"text/x-rst","patch_set":15,"id":"d51049e1_b89de5ce","line":76,"updated":"2021-11-24 13:12:08.000000000","message":"not exactly - it\u0027s just an alias but if You e.g. want to create qos rule You have to do it by calling /policies/\u003cpolicy_id\u003e/bandwidth_limit_rules","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"1df4807dbe83554730fb5d6094fb487400fba857","unresolved":true,"context_lines":[{"line_number":73,"context_line":"forwardings once for all, or for a project."},{"line_number":74,"context_line":""},{"line_number":75,"context_line":"And more, we had done some works to move sub-resource to top level,"},{"line_number":76,"context_line":"for instance QoS rules [2]_."},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"The new resource ``Elastic Snat`` has basic elements \u0027id\u0027 and \u0027name\u0027,"},{"line_number":79,"context_line":"while the new plugin will handle the CURD action. The following is the"}],"source_content_type":"text/x-rst","patch_set":15,"id":"280a37a6_4de5ebb0","line":76,"in_reply_to":"d51049e1_b89de5ce","updated":"2021-11-25 03:08:26.000000000","message":"But more APIs can be called as top level:\nhttps://docs.openstack.org/api-ref/network/v2/index.html#quality-of-service-rules-alias-api\nNo needs to assemble a policy_id in the middle of the url.","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"bfedb955af2d5d41ff4d51149f500b500021dcbf","unresolved":true,"context_lines":[{"line_number":100,"context_line":"          \u0027name\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":101,"context_line":"                   \u0027validate\u0027: {\u0027type:string\u0027: db_const.NAME_FIELD_SIZE},"},{"line_number":102,"context_line":"                   \u0027is_visible\u0027: True, \u0027default\u0027: \u0027\u0027},"},{"line_number":103,"context_line":"          \u0027floatingip_id\u0027: {\u0027allow_post\u0027: True,"},{"line_number":104,"context_line":"                            \u0027allow_put\u0027: False,"},{"line_number":105,"context_line":"                            \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":106,"context_line":"                            \u0027is_visible\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":15,"id":"10957155_746df0d6","line":103,"updated":"2021-11-24 13:12:08.000000000","message":"still for me using \"floatingip\" here may be confusing as this is not floating at all. IMO we should have some new resource which would represent that as this isn\u0027t really floating ip at all.\n\nAlso one more question. Why can\u0027t we simply use router\u0027s gateway_ip and allow users to configure what private IPs/subnets can use that gateway for SNAT? Why we need additional public IPs to be configured in the router?","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"626bedc8cb527295719fbf0c50cbc6fae76709ea","unresolved":true,"context_lines":[{"line_number":100,"context_line":"          \u0027name\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":101,"context_line":"                   \u0027validate\u0027: {\u0027type:string\u0027: db_const.NAME_FIELD_SIZE},"},{"line_number":102,"context_line":"                   \u0027is_visible\u0027: True, \u0027default\u0027: \u0027\u0027},"},{"line_number":103,"context_line":"          \u0027floatingip_id\u0027: {\u0027allow_post\u0027: True,"},{"line_number":104,"context_line":"                            \u0027allow_put\u0027: False,"},{"line_number":105,"context_line":"                            \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":106,"context_line":"                            \u0027is_visible\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":15,"id":"82857bf2_a5e2a5dc","line":103,"in_reply_to":"10957155_746df0d6","updated":"2021-11-24 13:28:15.000000000","message":"+1 to the floating IP confusion","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"1df4807dbe83554730fb5d6094fb487400fba857","unresolved":true,"context_lines":[{"line_number":100,"context_line":"          \u0027name\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":101,"context_line":"                   \u0027validate\u0027: {\u0027type:string\u0027: db_const.NAME_FIELD_SIZE},"},{"line_number":102,"context_line":"                   \u0027is_visible\u0027: True, \u0027default\u0027: \u0027\u0027},"},{"line_number":103,"context_line":"          \u0027floatingip_id\u0027: {\u0027allow_post\u0027: True,"},{"line_number":104,"context_line":"                            \u0027allow_put\u0027: False,"},{"line_number":105,"context_line":"                            \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":106,"context_line":"                            \u0027is_visible\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":15,"id":"dd8c93f1_5f6a04f6","line":103,"in_reply_to":"82857bf2_a5e2a5dc","updated":"2021-11-25 03:08:26.000000000","message":"One gateway IP is not elastic, then we can not achive the goal \"bandwidth limitation for SNAT rules\". Again, consider why we introdced floating IP to port forwarding.","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"2d28130c1b5ca19b5c5dd008a05dc8201dbee07d","unresolved":true,"context_lines":[{"line_number":100,"context_line":"          \u0027name\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":101,"context_line":"                   \u0027validate\u0027: {\u0027type:string\u0027: db_const.NAME_FIELD_SIZE},"},{"line_number":102,"context_line":"                   \u0027is_visible\u0027: True, \u0027default\u0027: \u0027\u0027},"},{"line_number":103,"context_line":"          \u0027floatingip_id\u0027: {\u0027allow_post\u0027: True,"},{"line_number":104,"context_line":"                            \u0027allow_put\u0027: False,"},{"line_number":105,"context_line":"                            \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":106,"context_line":"                            \u0027is_visible\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":15,"id":"7ceeb65d_91f59c2d","line":103,"in_reply_to":"a98d9cf7_0f09e057","updated":"2022-02-08 08:56:39.000000000","message":"For this new resource, the main attribute of it shoule be \"CIDRs\" or \"Subnets\". \"router_id\" is the router for this rule. \"floatingip_id\" is pointing to the source IP address to do SNAT, aka we use a floating IP, it is the rule\u0027s source IP. This input can be named as \"source_ip_id\", but Neutron does not have a resource named \"source_ip\". So, it is floating_ip_id then.","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"ce243344d239445dfa432244c06fb2b3e08dd53b","unresolved":true,"context_lines":[{"line_number":100,"context_line":"          \u0027name\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":101,"context_line":"                   \u0027validate\u0027: {\u0027type:string\u0027: db_const.NAME_FIELD_SIZE},"},{"line_number":102,"context_line":"                   \u0027is_visible\u0027: True, \u0027default\u0027: \u0027\u0027},"},{"line_number":103,"context_line":"          \u0027floatingip_id\u0027: {\u0027allow_post\u0027: True,"},{"line_number":104,"context_line":"                            \u0027allow_put\u0027: False,"},{"line_number":105,"context_line":"                            \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":106,"context_line":"                            \u0027is_visible\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":15,"id":"a98d9cf7_0f09e057","line":103,"in_reply_to":"dd8c93f1_5f6a04f6","updated":"2021-11-26 07:01:47.000000000","message":"Even with we will want to have \"gateways per snat resource\" than it shouldn\u0027t be named floating IP. It\u0027s something different.","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"328bb42e5df259be4959792df0b532908192a0b5","unresolved":true,"context_lines":[{"line_number":121,"context_line":"          \u0027internal_cidrs\u0027: {"},{"line_number":122,"context_line":"              \u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":123,"context_line":"              \u0027default\u0027: [],"},{"line_number":124,"context_line":"              \u0027validate\u0027: {\u0027type:list_of_regex_or_none\u0027: IP_REGEX},"},{"line_number":125,"context_line":"              \u0027convert_to\u0027: converters.convert_none_to_empty_list,"},{"line_number":126,"context_line":"              \u0027is_visible\u0027: True}"},{"line_number":127,"context_line":"      }"}],"source_content_type":"text/x-rst","patch_set":15,"id":"063aa4e1_6608647c","line":124,"range":{"start_line":124,"start_character":28,"end_line":124,"end_character":54},"updated":"2021-11-23 08:25:50.000000000","message":"nit: https://github.com/openstack/neutron-lib/blob/f9b428667be5b30a0acacb284b607bc5d2e2dc4e/neutron_lib/api/validators/__init__.py#L719","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"734ec3f5d43505978435b588668356db756d0ce0","unresolved":true,"context_lines":[{"line_number":121,"context_line":"          \u0027internal_cidrs\u0027: {"},{"line_number":122,"context_line":"              \u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":123,"context_line":"              \u0027default\u0027: [],"},{"line_number":124,"context_line":"              \u0027validate\u0027: {\u0027type:list_of_regex_or_none\u0027: IP_REGEX},"},{"line_number":125,"context_line":"              \u0027convert_to\u0027: converters.convert_none_to_empty_list,"},{"line_number":126,"context_line":"              \u0027is_visible\u0027: True}"},{"line_number":127,"context_line":"      }"}],"source_content_type":"text/x-rst","patch_set":15,"id":"ea9b807c_c049738e","line":124,"range":{"start_line":124,"start_character":28,"end_line":124,"end_character":54},"in_reply_to":"063aa4e1_6608647c","updated":"2021-11-23 12:16:10.000000000","message":"Can it cover the input examples of line 160 and 183?","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"ce243344d239445dfa432244c06fb2b3e08dd53b","unresolved":true,"context_lines":[{"line_number":121,"context_line":"          \u0027internal_cidrs\u0027: {"},{"line_number":122,"context_line":"              \u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":123,"context_line":"              \u0027default\u0027: [],"},{"line_number":124,"context_line":"              \u0027validate\u0027: {\u0027type:list_of_regex_or_none\u0027: IP_REGEX},"},{"line_number":125,"context_line":"              \u0027convert_to\u0027: converters.convert_none_to_empty_list,"},{"line_number":126,"context_line":"              \u0027is_visible\u0027: True}"},{"line_number":127,"context_line":"      }"}],"source_content_type":"text/x-rst","patch_set":15,"id":"c102148d_fcff48cb","line":124,"range":{"start_line":124,"start_character":28,"end_line":124,"end_character":54},"in_reply_to":"bb4eddb4_7f4fbe3d","updated":"2021-11-26 07:01:47.000000000","message":"I don\u0027t think it can validate subnet_id also. But You can simply do something like \"validate_list_of_cidrs_or_uuid\" and combine existing validators there.\n\nBut I have another question - do we really need to have both those settings? Can\u0027t it be only for CIDRs? Why do we need possibility to set subnet_id there?","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"1df4807dbe83554730fb5d6094fb487400fba857","unresolved":true,"context_lines":[{"line_number":121,"context_line":"          \u0027internal_cidrs\u0027: {"},{"line_number":122,"context_line":"              \u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":123,"context_line":"              \u0027default\u0027: [],"},{"line_number":124,"context_line":"              \u0027validate\u0027: {\u0027type:list_of_regex_or_none\u0027: IP_REGEX},"},{"line_number":125,"context_line":"              \u0027convert_to\u0027: converters.convert_none_to_empty_list,"},{"line_number":126,"context_line":"              \u0027is_visible\u0027: True}"},{"line_number":127,"context_line":"      }"}],"source_content_type":"text/x-rst","patch_set":15,"id":"bb4eddb4_7f4fbe3d","line":124,"range":{"start_line":124,"start_character":28,"end_line":124,"end_character":54},"in_reply_to":"de68bbed_8516f08b","updated":"2021-11-25 03:08:26.000000000","message":"And cloud it aslo accept subnet_id list? If so, these two input ``subnets`` and ``internal_cidrs`` can be merged to one.","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"bfedb955af2d5d41ff4d51149f500b500021dcbf","unresolved":true,"context_lines":[{"line_number":121,"context_line":"          \u0027internal_cidrs\u0027: {"},{"line_number":122,"context_line":"              \u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":123,"context_line":"              \u0027default\u0027: [],"},{"line_number":124,"context_line":"              \u0027validate\u0027: {\u0027type:list_of_regex_or_none\u0027: IP_REGEX},"},{"line_number":125,"context_line":"              \u0027convert_to\u0027: converters.convert_none_to_empty_list,"},{"line_number":126,"context_line":"              \u0027is_visible\u0027: True}"},{"line_number":127,"context_line":"      }"}],"source_content_type":"text/x-rst","patch_set":15,"id":"de68bbed_8516f08b","line":124,"range":{"start_line":124,"start_character":28,"end_line":124,"end_character":54},"in_reply_to":"ea9b807c_c049738e","updated":"2021-11-24 13:12:08.000000000","message":"I think it can","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"1ec6c8eb7171debd8e80cb53b94ec03a2e986174","unresolved":true,"context_lines":[{"line_number":229,"context_line":"+++++++++++++++++++++"},{"line_number":230,"context_line":""},{"line_number":231,"context_line":"Add a new agent extension ``elastic_fip_snat`` to retrieve the floating IPs"},{"line_number":232,"context_line":"which have binding SNAT rules to setup the iptables SNAT rules."},{"line_number":233,"context_line":""},{"line_number":234,"context_line":"The rules are sorted by the mask length of the source address CIDR."},{"line_number":235,"context_line":"Rule order in iptables ``nat`` table:"}],"source_content_type":"text/x-rst","patch_set":15,"id":"06aba795_6561c6ec","line":232,"updated":"2021-11-23 14:48:56.000000000","message":"So it doesn\u0027t look like this supports OVN, or at least it\u0027s not mentioned here.","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"c204fdd88030837b2f226ba8073afbe3178db35a","unresolved":true,"context_lines":[{"line_number":229,"context_line":"+++++++++++++++++++++"},{"line_number":230,"context_line":""},{"line_number":231,"context_line":"Add a new agent extension ``elastic_fip_snat`` to retrieve the floating IPs"},{"line_number":232,"context_line":"which have binding SNAT rules to setup the iptables SNAT rules."},{"line_number":233,"context_line":""},{"line_number":234,"context_line":"The rules are sorted by the mask length of the source address CIDR."},{"line_number":235,"context_line":"Rule order in iptables ``nat`` table:"}],"source_content_type":"text/x-rst","patch_set":15,"id":"78f4cbf3_079286f0","line":232,"in_reply_to":"06aba795_6561c6ec","updated":"2021-11-23 15:06:02.000000000","message":"Line 46 has the answer. For Ovn L3 functions we can add a new driver behind this new plugin.","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"1ec6c8eb7171debd8e80cb53b94ec03a2e986174","unresolved":true,"context_lines":[{"line_number":260,"context_line":"``enable_snat\u003dFalse`` for external gateway."},{"line_number":261,"context_line":""},{"line_number":262,"context_line":"Rule number 3, 4 and 5 are created by the agent extension for"},{"line_number":263,"context_line":"corresponding ``Elastic Snat`` rules."},{"line_number":264,"context_line":""},{"line_number":265,"context_line":"Neutron basic workflow"},{"line_number":266,"context_line":"++++++++++++++++++++++"}],"source_content_type":"text/x-rst","patch_set":15,"id":"971f68c4_7da3f151","line":263,"updated":"2021-11-23 14:48:56.000000000","message":"So what happens when the IP of an instance isn\u0027t in the \u0027enable\u0027 list?  Packets just get dropped at the router?  It seems like a destination unreachable should be sent?  I\u0027m just trying to think what an actual router would respond with since the IP is basically administratively disabled from having it\u0027s packets forwarded.","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"c204fdd88030837b2f226ba8073afbe3178db35a","unresolved":true,"context_lines":[{"line_number":260,"context_line":"``enable_snat\u003dFalse`` for external gateway."},{"line_number":261,"context_line":""},{"line_number":262,"context_line":"Rule number 3, 4 and 5 are created by the agent extension for"},{"line_number":263,"context_line":"corresponding ``Elastic Snat`` rules."},{"line_number":264,"context_line":""},{"line_number":265,"context_line":"Neutron basic workflow"},{"line_number":266,"context_line":"++++++++++++++++++++++"}],"source_content_type":"text/x-rst","patch_set":15,"id":"86e8b2f1_50e83b82","line":263,"in_reply_to":"971f68c4_7da3f151","updated":"2021-11-23 15:06:02.000000000","message":"It is a drop. Rule 2 will be removed after set \"enable_snat\u003dFalse\", then no ack for such request.","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"bfedb955af2d5d41ff4d51149f500b500021dcbf","unresolved":true,"context_lines":[{"line_number":300,"context_line":""},{"line_number":301,"context_line":"Config option ``delete_fip_after_elastic_snat_deleted`` will be used to"},{"line_number":302,"context_line":"determine whether to delete the floating SNAT IP after ``Elastic Snat``"},{"line_number":303,"context_line":"was removed."},{"line_number":304,"context_line":""},{"line_number":305,"context_line":"For some cloud native scenario, the VM can be a k8s node, and the pod in that VMs will"},{"line_number":306,"context_line":"have differnt IPs from VM\u0027s subnet. For those pod IPs, they may want to access external"}],"source_content_type":"text/x-rst","patch_set":15,"id":"210f0aaf_cc5bb7ed","line":303,"updated":"2021-11-24 13:12:08.000000000","message":"that should be implemented in one way in the Neutron and we shouldn\u0027t add possibility to configure it for users. IMO it doesn\u0027t makes sense.","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"1df4807dbe83554730fb5d6094fb487400fba857","unresolved":true,"context_lines":[{"line_number":300,"context_line":""},{"line_number":301,"context_line":"Config option ``delete_fip_after_elastic_snat_deleted`` will be used to"},{"line_number":302,"context_line":"determine whether to delete the floating SNAT IP after ``Elastic Snat``"},{"line_number":303,"context_line":"was removed."},{"line_number":304,"context_line":""},{"line_number":305,"context_line":"For some cloud native scenario, the VM can be a k8s node, and the pod in that VMs will"},{"line_number":306,"context_line":"have differnt IPs from VM\u0027s subnet. For those pod IPs, they may want to access external"}],"source_content_type":"text/x-rst","patch_set":15,"id":"54497dbf_265ef06d","line":303,"in_reply_to":"210f0aaf_cc5bb7ed","updated":"2021-11-25 03:08:26.000000000","message":"So, remove the auto created floating IP or remain it?","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"2d28130c1b5ca19b5c5dd008a05dc8201dbee07d","unresolved":true,"context_lines":[{"line_number":300,"context_line":""},{"line_number":301,"context_line":"Config option ``delete_fip_after_elastic_snat_deleted`` will be used to"},{"line_number":302,"context_line":"determine whether to delete the floating SNAT IP after ``Elastic Snat``"},{"line_number":303,"context_line":"was removed."},{"line_number":304,"context_line":""},{"line_number":305,"context_line":"For some cloud native scenario, the VM can be a k8s node, and the pod in that VMs will"},{"line_number":306,"context_line":"have differnt IPs from VM\u0027s subnet. For those pod IPs, they may want to access external"}],"source_content_type":"text/x-rst","patch_set":15,"id":"8d2acf74_64543ffa","line":303,"in_reply_to":"2d54a0e2_03331746","updated":"2022-02-08 08:56:39.000000000","message":"In real cloud environment, user may have bought a floating IP for their snat rules, so directly delete it may cause some refund issue.\n\nAnyway, it should be fine to delete, if it is auto created.","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"ce243344d239445dfa432244c06fb2b3e08dd53b","unresolved":true,"context_lines":[{"line_number":300,"context_line":""},{"line_number":301,"context_line":"Config option ``delete_fip_after_elastic_snat_deleted`` will be used to"},{"line_number":302,"context_line":"determine whether to delete the floating SNAT IP after ``Elastic Snat``"},{"line_number":303,"context_line":"was removed."},{"line_number":304,"context_line":""},{"line_number":305,"context_line":"For some cloud native scenario, the VM can be a k8s node, and the pod in that VMs will"},{"line_number":306,"context_line":"have differnt IPs from VM\u0027s subnet. For those pod IPs, they may want to access external"}],"source_content_type":"text/x-rst","patch_set":15,"id":"2d54a0e2_03331746","line":303,"in_reply_to":"54497dbf_265ef06d","updated":"2021-11-26 07:01:47.000000000","message":"I would say to delete it. What\u0027s the point of keeping it there?","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"bfedb955af2d5d41ff4d51149f500b500021dcbf","unresolved":true,"context_lines":[{"line_number":305,"context_line":"For some cloud native scenario, the VM can be a k8s node, and the pod in that VMs will"},{"line_number":306,"context_line":"have differnt IPs from VM\u0027s subnet. For those pod IPs, they may want to access external"},{"line_number":307,"context_line":"world by using Elastic SNAT functions. So config option ``allowed_cidrs_for_elastic_snat``"},{"line_number":308,"context_line":"will be used to determine whether the input cidr of Elastic SNAT is allowed."},{"line_number":309,"context_line":""},{"line_number":310,"context_line":"Config option ``allow_elastic_snat_cidrs_overlapping`` will be used to"},{"line_number":311,"context_line":"determine Whether enable snat CIDRs overlapping under same router. This"}],"source_content_type":"text/x-rst","patch_set":15,"id":"685b13ef_4f36605d","line":308,"updated":"2021-11-24 13:12:08.000000000","message":"can\u0027t that be done in API per \"elastic_snat\" resource for example? It would be more flexible than using config option for that.","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"1df4807dbe83554730fb5d6094fb487400fba857","unresolved":true,"context_lines":[{"line_number":305,"context_line":"For some cloud native scenario, the VM can be a k8s node, and the pod in that VMs will"},{"line_number":306,"context_line":"have differnt IPs from VM\u0027s subnet. For those pod IPs, they may want to access external"},{"line_number":307,"context_line":"world by using Elastic SNAT functions. So config option ``allowed_cidrs_for_elastic_snat``"},{"line_number":308,"context_line":"will be used to determine whether the input cidr of Elastic SNAT is allowed."},{"line_number":309,"context_line":""},{"line_number":310,"context_line":"Config option ``allow_elastic_snat_cidrs_overlapping`` will be used to"},{"line_number":311,"context_line":"determine Whether enable snat CIDRs overlapping under same router. This"}],"source_content_type":"text/x-rst","patch_set":15,"id":"b935e95c_f48e291a","line":308,"in_reply_to":"685b13ef_4f36605d","updated":"2021-11-25 03:08:26.000000000","message":"Sorry, I did not get the point.\n\nThis is for the API to check whether the user\u0027s input CIDR is acceptable. One way is no limitation, for instance, user\u0027s subnet is 192.168.100.0/24. But they create SNAT rules to IPs 10.0.0.0/8. Another is limited to input CIDR must under subnets\u0027 CIDRs only.\n\nThe k8s is an user scenario, pod IPs are not controled by Neutron. So it is out of neutron subnets\u0027 CIDR. If we do not allow that, this will not be support. But if we allow any CIDR, for some users, they may create SNAT rule with no real use. Or they set wrong CIDR which not cover they want.","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"ce243344d239445dfa432244c06fb2b3e08dd53b","unresolved":true,"context_lines":[{"line_number":305,"context_line":"For some cloud native scenario, the VM can be a k8s node, and the pod in that VMs will"},{"line_number":306,"context_line":"have differnt IPs from VM\u0027s subnet. For those pod IPs, they may want to access external"},{"line_number":307,"context_line":"world by using Elastic SNAT functions. So config option ``allowed_cidrs_for_elastic_snat``"},{"line_number":308,"context_line":"will be used to determine whether the input cidr of Elastic SNAT is allowed."},{"line_number":309,"context_line":""},{"line_number":310,"context_line":"Config option ``allow_elastic_snat_cidrs_overlapping`` will be used to"},{"line_number":311,"context_line":"determine Whether enable snat CIDRs overlapping under same router. This"}],"source_content_type":"text/x-rst","patch_set":15,"id":"c9be3a31_677c3785","line":308,"in_reply_to":"74ef60f0_369657ee","updated":"2021-11-26 07:01:47.000000000","message":"One way is to allow snat for the same IPs as are in the port\u0027s allowed_address_pairs maybe. Would that work?","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"6e98585c89da69fe7063a90c38e4637dab63cd10","unresolved":true,"context_lines":[{"line_number":305,"context_line":"For some cloud native scenario, the VM can be a k8s node, and the pod in that VMs will"},{"line_number":306,"context_line":"have differnt IPs from VM\u0027s subnet. For those pod IPs, they may want to access external"},{"line_number":307,"context_line":"world by using Elastic SNAT functions. So config option ``allowed_cidrs_for_elastic_snat``"},{"line_number":308,"context_line":"will be used to determine whether the input cidr of Elastic SNAT is allowed."},{"line_number":309,"context_line":""},{"line_number":310,"context_line":"Config option ``allow_elastic_snat_cidrs_overlapping`` will be used to"},{"line_number":311,"context_line":"determine Whether enable snat CIDRs overlapping under same router. This"}],"source_content_type":"text/x-rst","patch_set":15,"id":"74ef60f0_369657ee","line":308,"in_reply_to":"b935e95c_f48e291a","updated":"2021-11-25 08:41:37.000000000","message":"I do not add such cfg option, it is an admin question: they have to know which IPs to enable in snat API, if they add useless or wrong cidrs that is there responsibility.\nAnyway the cfg option is to determine a list of cidrs at deployment time, and that\u0027s even harder as I see to know what can added there, and that is again the same admins\u0027 decision should be, so why can\u0027t they know at API usage time?","commit_id":"1258ec6a5300a7663571c108a47e547a532f504e"}]}