jclouds-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrea Turli <andrea.tu...@gmail.com>
Subject Re: Question about GCE Provider
Date Mon, 20 Apr 2015 20:30:21 GMT
Daniel,

I agree that network-per-group idea doesn't scale very well, but there are
some advantages that we can lose if we have just one single network.
having a single network sounds like a problem when you want to attach a
particular firewall rule only to a VM. Say that a network "jclouds" already
exists and defines a firewall rule for 22 and 80. Every VM attached to that
network will have those port opened even if it is not strictly required. Do
you think targetTags are then what we want to use to specify which instance
can accept that traffic on that port?

Thanks,
Andrea

On Wed, Apr 15, 2015 at 11:01 PM Daniel Broudy <broudy@google.com> wrote:

> There are some pretty strict quotas on the rate at which you can create and
> destroy networks. I think the current network-per-group idea doesn't scale
> well.
>
>
> "A network performs the same function that a router does in a home network:
> it describes the network range and gateway IP address, handles
> communication between instances, and serves as a gateway between instances
> and callers outside the network. [...] Any communication between instances
> in different networks, even within the same project, must be through
> external IP addresses." [1]
>
> I think we should switch to using the default network and only creating a
> new network if the user specifies that is what they want.
>
> [1] https://cloud.google.com/compute/docs/networking#networks_1
>
> On Tue, Apr 14, 2015 at 10:21 PM, Andrea Turli <andrea.turli@gmail.com>
> wrote:
>
> > Daniel,
> >
> > Is it a common use case to spin up more than 5 node groups on one
> project?
> > >
> >
> > I think in jclouds we should support the most generic case possible, not
> > only 5 node groups then.
> >
> > >
> > > If it is, we should not be creating one network per node group on GCE
> > > because there is quota of 5 networks per project.
> > >
> > > I am wondering why we create a new network for each group. Would it
> make
> > > more sense to use the default network for all groups and keep groups
> > > distinct by using tags and naming conventions?
> > >
> >
> > I think a network per node group makes sense for traffic segmentation and
> > multi tenancy but if you think it shouldn't be necessary I think it is
> good
> > to have your feedback here as you are the expert :)
> > Maybe we could keep going with this approach and make sure that the
> network
> > (and the firewall rules!) gets deleted when the node group is destroyed.
> >
> > I am still gaining familiarity with the compute abstraction.
> > >
> >
> > Best,
> > Andrea
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message