This repository has been archived by the owner on Jul 16, 2020. It is now read-only.
ciao-controller: Add External IP Support - HTTPS Api #532
Comments
|
Will floating ip support be exposed via an API? This is for future integration with Web UI. |
|
@jorgevgut yes, the idea is that the API will be exposed, we haven't defined the methods to expose yet |
leoswaldo
pushed a commit
to leoswaldo/ciao
that referenced
this issue
Sep 30, 2016
The methods assignPubIP and releasePubIP were missing their implementation. In order to implement these functions these code relies the corresponding iptables chains are in the cnci agent. To assign public IP: - For incoming traffic we are forwarding of all traffic coming to the public IP assigned to the cnci node to the private IP address of instance. we do this by making a DNAT. (ciao-floating-ip-pre chain) - For outgoing traffic we are masking the traffic by implementing a nat rule for SNAT, so the outgoing traffic from the instance will go to the cnci node and then to the destitation as if it were coming directly from the instance. (ciao-floating-ip-post chain) - Every time we add a new rule, we insert it at the beggining of its corresponding defined chain. To release public IP: - Verify the existing rule for the given IPs (internal and external) exist in each chain (ciao-floating-ip-pre and ciao-floating-ip-post), and then delete them, if they don't exist then we just notify. Fixes ciao-project#532 Signed-off-by: Leoswaldo Macias <leoswaldo.macias@intel.com>
leoswaldo
pushed a commit
to leoswaldo/ciao
that referenced
this issue
Sep 30, 2016
The methods assignPubIP and releasePubIP were missing their implementation. In order to implement these functions these code relies the corresponding iptables chains are in the cnci agent. To assign public IP: - For incoming traffic we are forwarding of all traffic coming to the public IP assigned to the cnci node to the private IP address of instance. we do this by making a DNAT. (ciao-floating-ip-pre chain) - For outgoing traffic we are masking the traffic by implementing a nat rule for SNAT, so the outgoing traffic from the instance will go to the cnci node and then to the destitation as if it were coming directly from the instance. (ciao-floating-ip-post chain) - Every time we add a new rule, we insert it at the beggining of its corresponding defined chain. To release public IP: - Verify the existing rule for the given IPs (internal and external) exist in each chain (ciao-floating-ip-pre and ciao-floating-ip-post), and then delete them, if they don't exist then we just notify. Fixes ciao-project#532 Signed-off-by: Leoswaldo Macias <leoswaldo.macias@intel.com>
leoswaldo
pushed a commit
to leoswaldo/ciao
that referenced
this issue
Sep 30, 2016
The methods assignPubIP and releasePubIP were missing their implementation. In order to implement these functions these code relies the corresponding iptables chains are in the cnci agent. To assign public IP: - For incoming traffic we are forwarding of all traffic coming to the public IP assigned to the cnci node to the private IP address of instance. we do this by making a DNAT. (ciao-floating-ip-pre chain) - For outgoing traffic we are masking the traffic by implementing a nat rule for SNAT, so the outgoing traffic from the instance will go to the cnci node and then to the destitation as if it were coming directly from the instance. (ciao-floating-ip-post chain) - Every time we add a new rule, we insert it at the beggining of its corresponding defined chain. To release public IP: - Verify the existing rule for the given IPs (internal and external) exist in each chain (ciao-floating-ip-pre and ciao-floating-ip-post), and then delete them, if they don't exist then we just notify. Fixes ciao-project#532 Signed-off-by: Leoswaldo Macias <leoswaldo.macias@intel.com>
leoswaldo
pushed a commit
to leoswaldo/ciao
that referenced
this issue
Sep 30, 2016
The methods assignPubIP and releasePubIP were missing their implementation. In order to implement these functions these code relies the corresponding iptables chains are in the cnci agent. To assign public IP: - For incoming traffic we are forwarding of all traffic coming to the public IP assigned to the cnci node to the private IP address of instance. we do this by making a DNAT. (ciao-floating-ip-pre chain) - For outgoing traffic we are masking the traffic by implementing a nat rule for SNAT, so the outgoing traffic from the instance will go to the cnci node and then to the destitation as if it were coming directly from the instance. (ciao-floating-ip-post chain) - Every time we add a new rule, we insert it at the beggining of its corresponding defined chain. To release public IP: - Verify the existing rule for the given IPs (internal and external) exist in each chain (ciao-floating-ip-pre and ciao-floating-ip-post), and then delete them, if they don't exist then we just notify. Fixes ciao-project#532 Signed-off-by: Leoswaldo Macias <leoswaldo.macias@intel.com>
leoswaldo
pushed a commit
to leoswaldo/ciao
that referenced
this issue
Sep 30, 2016
The methods assignPubIP and releasePubIP were missing their implementation. In order to implement these functions these code relies the corresponding iptables chains are in the cnci agent. To assign public IP: - For incoming traffic we are forwarding of all traffic coming to the public IP assigned to the cnci node to the private IP address of instance. we do this by making a DNAT. (ciao-floating-ip-pre chain) - For outgoing traffic we are masking the traffic by implementing a nat rule for SNAT, so the outgoing traffic from the instance will go to the cnci node and then to the destitation as if it were coming directly from the instance. (ciao-floating-ip-post chain) - Every time we add a new rule, we insert it at the beggining of its corresponding defined chain. To release public IP: - Verify the existing rule for the given IPs (internal and external) exist in each chain (ciao-floating-ip-pre and ciao-floating-ip-post), and then delete them, if they don't exist then we just notify. Fixes ciao-project#532 Signed-off-by: Leoswaldo Macias <leoswaldo.macias@intel.com>
leoswaldo
pushed a commit
to leoswaldo/ciao
that referenced
this issue
Oct 3, 2016
The methods assignPubIP and releasePubIP were missing their implementation. In order to implement these functions these code relies the corresponding iptables chains are in the cnci agent. To assign public IP: - Assign the public ip to the iface of the CNCI Agent - For incoming traffic we are forwarding of all traffic coming to the public IP assigned to the cnci node to the private IP address of instance. we do this by making a DNAT. (ciao-floating-ip-pre chain) - For outgoing traffic we are masking the traffic by implementing a nat rule for SNAT, so the outgoing traffic from the instance will go to the cnci node and then to the destitation as if it were coming directly from the instance. (ciao-floating-ip-post chain) - Every time we add a new rule, we insert it at the beggining of its corresponding defined chain. To release public IP: - Remove the public ip from the iface of the CNCI Agent - Verify the existing rule for the given IPs (internal and external) exist in each chain (ciao-floating-ip-pre and ciao-floating-ip-post), and then delete them, if they don't exist then we just notify. Fixes ciao-project#532 Signed-off-by: Leoswaldo Macias <leoswaldo.macias@intel.com>
leoswaldo
pushed a commit
to leoswaldo/ciao
that referenced
this issue
Oct 3, 2016
The methods assignPubIP and releasePubIP were missing their implementation. In order to implement these functions these code relies the corresponding iptables chains are in the cnci agent. To assign public IP: - Assign the public ip to the iface of the CNCI Agent - For incoming traffic we are forwarding of all traffic coming to the public IP assigned to the cnci node to the private IP address of instance. we do this by making a DNAT. (ciao-floating-ip-pre chain) - For outgoing traffic we are masking the traffic by implementing a nat rule for SNAT, so the outgoing traffic from the instance will go to the cnci node and then to the destitation as if it were coming directly from the instance. (ciao-floating-ip-post chain) - Every time we add a new rule, we insert it at the beggining of its corresponding defined chain. To release public IP: - Remove the public ip from the iface of the CNCI Agent - Verify the existing rule for the given IPs (internal and external) exist in each chain (ciao-floating-ip-pre and ciao-floating-ip-post), and then delete them, if they don't exist then we just notify. Fixes ciao-project#532 Signed-off-by: Leoswaldo Macias <leoswaldo.macias@intel.com>
leoswaldo
pushed a commit
to leoswaldo/ciao
that referenced
this issue
Oct 3, 2016
The methods assignPubIP and releasePubIP were missing their implementation. In order to implement these functions these code relies the corresponding iptables chains are in the cnci agent. To assign public IP: - Assign the public ip to the iface of the CNCI Agent - For incoming traffic we are forwarding of all traffic coming to the public IP assigned to the cnci node to the private IP address of instance. we do this by making a DNAT. (ciao-floating-ip-pre chain) - For outgoing traffic we are masking the traffic by implementing a nat rule for SNAT, so the outgoing traffic from the instance will go to the cnci node and then to the destitation as if it were coming directly from the instance. (ciao-floating-ip-post chain) - Every time we add a new rule, we insert it at the beggining of its corresponding defined chain. To release public IP: - Remove the public ip from the iface of the CNCI Agent - Verify the existing rule for the given IPs (internal and external) exist in each chain (ciao-floating-ip-pre and ciao-floating-ip-post), and then delete them, if they don't exist then we just notify. Fixes ciao-project#532 Signed-off-by: Leoswaldo Macias <leoswaldo.macias@intel.com>
leoswaldo
pushed a commit
to leoswaldo/ciao
that referenced
this issue
Oct 3, 2016
The methods assignPubIP and releasePubIP were missing their implementation. In order to implement these functions these code relies the corresponding iptables chains are in the cnci agent. To assign public IP: - Assign the public ip to the iface of the CNCI Agent - For incoming traffic we are forwarding of all traffic coming to the public IP assigned to the cnci node to the private IP address of instance. we do this by making a DNAT. (ciao-floating-ip-pre chain) - For outgoing traffic we are masking the traffic by implementing a nat rule for SNAT, so the outgoing traffic from the instance will go to the cnci node and then to the destitation as if it were coming directly from the instance. (ciao-floating-ip-post chain) - Every time we add a new rule, we insert it at the beggining of its corresponding defined chain. To release public IP: - Remove the public ip from the iface of the CNCI Agent - Verify the existing rule for the given IPs (internal and external) exist in each chain (ciao-floating-ip-pre and ciao-floating-ip-post), and then delete them, if they don't exist then we just notify. Fixes ciao-project#532 Signed-off-by: Leoswaldo Macias <leoswaldo.macias@intel.com>
leoswaldo
pushed a commit
to leoswaldo/ciao
that referenced
this issue
Oct 4, 2016
The methods assignPubIP and releasePubIP were missing their implementation. In order to implement these functions these code relies the corresponding iptables chains are in the cnci agent. To assign public IP: - Assign the public ip to the iface of the CNCI Agent - For incoming traffic we are forwarding of all traffic coming to the public IP assigned to the cnci node to the private IP address of instance. we do this by making a DNAT. (ciao-floating-ip-pre chain) - For outgoing traffic we are masking the traffic by implementing a nat rule for SNAT, so the outgoing traffic from the instance will go to the cnci node and then to the destitation as if it were coming directly from the instance. (ciao-floating-ip-post chain) - Every time we add a new rule, we insert it at the beggining of its corresponding defined chain. To release public IP: - Remove the public ip from the iface of the CNCI Agent - Verify the existing rule for the given IPs (internal and external) exist in each chain (ciao-floating-ip-pre and ciao-floating-ip-post), and then delete them, if they don't exist then we just notify. Fixes ciao-project#532 Signed-off-by: Leoswaldo Macias <leoswaldo.macias@intel.com>
leoswaldo
changed the title
mcastelino
pushed a commit
to mcastelino/ciao
that referenced
this issue
Oct 26, 2016
The methods assignPubIP and releasePubIP were missing their implementation. In order to implement these functions these code relies the corresponding iptables chains are in the cnci agent. To assign public IP: - Assign the public ip to the iface of the CNCI Agent - For incoming traffic we are forwarding of all traffic coming to the public IP assigned to the cnci node to the private IP address of instance. we do this by making a DNAT. (ciao-floating-ip-pre chain) - For outgoing traffic we are masking the traffic by implementing a nat rule for SNAT, so the outgoing traffic from the instance will go to the cnci node and then to the destitation as if it were coming directly from the instance. (ciao-floating-ip-post chain) - Every time we add a new rule, we insert it at the beggining of its corresponding defined chain. To release public IP: - Remove the public ip from the iface of the CNCI Agent - Verify the existing rule for the given IPs (internal and external) exist in each chain (ciao-floating-ip-pre and ciao-floating-ip-post), and then delete them, if they don't exist then we just notify. Fixes ciao-project#532 Signed-off-by: Leoswaldo Macias <leoswaldo.macias@intel.com>
mcastelino
pushed a commit
to mcastelino/ciao
that referenced
this issue
Oct 26, 2016
The methods assignPubIP and releasePubIP were missing their implementation. In order to implement these functions these code relies the corresponding iptables chains are in the cnci agent. To assign public IP: - Assign the public ip to the iface of the CNCI Agent - For incoming traffic we are forwarding of all traffic coming to the public IP assigned to the cnci node to the private IP address of instance. we do this by making a DNAT. (ciao-floating-ip-pre chain) - For outgoing traffic we are masking the traffic by implementing a nat rule for SNAT, so the outgoing traffic from the instance will go to the cnci node and then to the destitation as if it were coming directly from the instance. (ciao-floating-ip-post chain) - Every time we add a new rule, we insert it at the beggining of its corresponding defined chain. To release public IP: - Remove the public ip from the iface of the CNCI Agent - Verify the existing rule for the given IPs (internal and external) exist in each chain (ciao-floating-ip-pre and ciao-floating-ip-post), and then delete them, if they don't exist then we just notify. Fixes ciao-project#532 Signed-off-by: Leoswaldo Macias <leoswaldo.macias@intel.com>
|
The OpenStack APIs for floating IPs don't map well to the ciao external IP architecture. We will not be implementing the OpenStack APIs, and will instead provide a set of ciao specific APIs. |
kaccardi
changed the title
mcastelino
pushed a commit
to mcastelino/ciao
that referenced
this issue
Nov 2, 2016
The methods assignPubIP and releasePubIP were missing their implementation. In order to implement these functions these code relies the corresponding iptables chains are in the cnci agent. To assign public IP: - Assign the public ip to the iface of the CNCI Agent - For incoming traffic we are forwarding of all traffic coming to the public IP assigned to the cnci node to the private IP address of instance. we do this by making a DNAT. (ciao-floating-ip-pre chain) - For outgoing traffic we are masking the traffic by implementing a nat rule for SNAT, so the outgoing traffic from the instance will go to the cnci node and then to the destitation as if it were coming directly from the instance. (ciao-floating-ip-post chain) - Every time we add a new rule, we insert it at the beggining of its corresponding defined chain. To release public IP: - Remove the public ip from the iface of the CNCI Agent - Verify the existing rule for the given IPs (internal and external) exist in each chain (ciao-floating-ip-pre and ciao-floating-ip-post), and then delete them, if they don't exist then we just notify. Fixes ciao-project#532 Signed-off-by: Leoswaldo Macias <leoswaldo.macias@intel.com>
mcastelino
pushed a commit
to mcastelino/ciao
that referenced
this issue
Nov 9, 2016
The methods assignPubIP and releasePubIP were missing their implementation. In order to implement these functions these code relies the corresponding iptables chains are in the cnci agent. To assign public IP: - Assign the public ip to the iface of the CNCI Agent - For incoming traffic we are forwarding of all traffic coming to the public IP assigned to the cnci node to the private IP address of instance. we do this by making a DNAT. (ciao-floating-ip-pre chain) - For outgoing traffic we are masking the traffic by implementing a nat rule for SNAT, so the outgoing traffic from the instance will go to the cnci node and then to the destitation as if it were coming directly from the instance. (ciao-floating-ip-post chain) - Every time we add a new rule, we insert it at the beggining of its corresponding defined chain. To release public IP: - Remove the public ip from the iface of the CNCI Agent - Verify the existing rule for the given IPs (internal and external) exist in each chain (ciao-floating-ip-pre and ciao-floating-ip-post), and then delete them, if they don't exist then we just notify. Fixes ciao-project#532 Signed-off-by: Leoswaldo Macias <leoswaldo.macias@intel.com>
Merged
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Implement HTTPS API for Assignment and release of external IPs
The text was updated successfully, but these errors were encountered: