[ovs-dev] [PATCH ovn 1/3] ovn: Enforce unique tags for container interfaces.
Russell Bryant
rbryant at redhat.com
Tue Apr 7 14:20:42 UTC 2015
On 04/07/2015 03:29 AM, Thomas Graf wrote:
> On 04/06/15 at 02:00pm, Gurucharan Shetty wrote:
>>> I think lxc deployment inside the VM definitely makes sense from a
>>> hardware isolation perspective but it may not be feasible for
>>> everyone. A simple example is resource allocation across multiple
>>> tenants on process level which becomes a lot more difficult if the
>>> host can no longer see the tasks themselves.
>> I did not quite understand what you mean above. The OVN schema allows
>> both lxc-in-vm as well as lxc in host. The ovn-architecture document
>> provides details on that front.
>
> Right. That's why I said it's a nit on commit message level.
I'll see if I can tweak it so it doesn't hit a nerve. :-)
> The commit message defined the tag as being a VLAN ID. The OVN
> architecture doc does this as well to some extend. I'm not convinced
> that using the VLAN ID this is suitable for everyone, in particular
> as we don't support QinQ yet.
>
> I agree though that identifying the VIF based on *a* tag is
> appropriate.
IIRC, the proposal was actually quite explicit that the tag is a VLAN
ID. It's not a hidden implementation detail because something (not OVN)
has to set up ovs inside the VM with all of the containers attached and
have it tag traffic from each container.
With that said, I'd be happy to see alternatives. I brought it up
briefly here:
http://openvswitch.org/pipermail/dev/2015-March/052584.html
--
Russell Bryant
More information about the dev
mailing list