[ovs-dev] [PATCH 8/8] [RFC] ovn: Start work on design ocumentation.

Miguel Ángel Ajo majopela at redhat.com
Thu Feb 19 09:57:02 UTC 2015


Hi Ben,  

   I specially liked the VIF port lifecycle, looks good to me, Ionly miss some  
“port_security” concepts we have in neutron, which I guess could have been  
deliberately omitted for a start.

   In neutron we have something called security groups, and every port
belongs to 1 or more security groups.  Each security group has a list of
rules to control traffic at port level in a very fine grained fashion (ingress/egress
protocol/flags/etc…   remote_ip/mask or security_group ID)

I guess we could build  render security_group ID to multiple IPs for each port,
but then we will miss the ingress/egress and protocol flags (like type  of protocol,
ports, etc.. [1])

Also, be aware, that not having security group ID references from neutron,
when lot’s of ports go to the same security group we end up with an exponential
growth of rules / OF entries per port, we solved this in the server<->agent
communication for the reference OVS solution by keeping a lists of IPs  
belonging to security group IDs, and then, separately having the  
references from the rules.


[1] http://docs.openstack.org/admin-guide-cloud/content/securitygroup_api_abstractions.html  

Miguel Ángel Ajo


On Thursday, 19 de February de 2015 at 09:13, Ben Pfaff wrote:

> On Thu, Feb 19, 2015 at 12:12:26AM -0800, Ben Pfaff wrote:
> > This commit adds preliminary design documentation for Open Virtual Network,
> > or OVN, a new OVS-based project to add support for virtual networking to
> > OVS, initially with OpenStack integration.
> >  
> > This initial design has been influenced by many people, including (in
> > alphabetical order) Aaron Rosen, Chris Wright, Jeremy Stribling,
> > Justin Pettit, Ken Duda, Madhu Venugopal, Martin Casado, Pankaj Thakkar,
> > Russell Bryant, and Teemu Koponen. All blunders, however, are due to my
> > own hubris.
> >  
> > Signed-off-by: Ben Pfaff <blp at nicira.com (mailto:blp at nicira.com)>
>  
> I've posted the rendered version of the documentation following this
> commit at http://benpfaff.org/~blp/dist-docs. You probably want to look
> at the ovn* manpages, especially ovn-architecture(7), ovn(5), and
> ovn-nb(5).
> _______________________________________________
> dev mailing list
> dev at openvswitch.org (mailto:dev at openvswitch.org)
> http://openvswitch.org/mailman/listinfo/dev
>  
>  





More information about the dev mailing list