yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1746779] [NEW] Support a simple PAT (port address translation) API as alternative to LBaaS.

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Pino de Candia <gdecandia@xxxxxxxxxxxx>
Date: Thu, 01 Feb 2018 18:05:57 -0000
Reply-to: Bug 1746779 <1746779@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

I would like to SSH to my VMs without assigning them each a Floating IP
address. Today this requires managing a bastion VM or LBaaS API.

Instead, I would like to use a PAT API in order to tell Neutron that given my L2 port with address IP-A (on the provider network):
- tcp packets to IP-A and port 1000 should have their destination re-written to VM-1's private IP and port 22.
- tcp packets to IP-A and port 2000 should have their destination re-written to VM-2's private IP and port 22.
- ... and so on.

Similarly:
- packets from VM-1's port 22 should have their source re-written to IP-A and port 1000
- packets from VM-2's port 22 should have their source re-written to IP-A and port 2000
- ... and so on.


I can do this with LBaaS v2 API, but it's not really meant for this use-case.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1746779

Title:
  Support a simple PAT (port address translation) API as alternative to
  LBaaS.

Status in neutron:
  New

Bug description:
  I would like to SSH to my VMs without assigning them each a Floating
  IP address. Today this requires managing a bastion VM or LBaaS API.

  Instead, I would like to use a PAT API in order to tell Neutron that given my L2 port with address IP-A (on the provider network):
  - tcp packets to IP-A and port 1000 should have their destination re-written to VM-1's private IP and port 22.
  - tcp packets to IP-A and port 2000 should have their destination re-written to VM-2's private IP and port 22.
  - ... and so on.

  Similarly:
  - packets from VM-1's port 22 should have their source re-written to IP-A and port 1000
  - packets from VM-2's port 22 should have their source re-written to IP-A and port 2000
  - ... and so on.

  
  I can do this with LBaaS v2 API, but it's not really meant for this use-case.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1746779/+subscriptions