[ovs-dev] [PATCH] ovn-architecture: Start describing how to connect to physical networks.

Justin Pettit jpettit at nicira.com
Thu Oct 22 17:14:07 UTC 2015

> On Oct 22, 2015, at 9:28 AM, Ben Pfaff <blp at nicira.com> wrote:
> +    The first axis is the <dfn>connection point</dfn>.  Physical networks can
> +    be <em>connected at hypervisors</em>.  To access a physical network in this
> +    fashion, a VM must run on a hypervisor that is directly connected to that
> +    network, that is, its hypervisor must be on the physical network's subnet.
> +    Alternatively, physical networks can be <em>centrally connected</em>, with
> +    packets passing through a tunnel to a central point.  This model does not
> +    require hypervisors to have a direct connection to the physical network,
> +    but it does require setting up and maintaining a central gateway.

I worry a bit that our use of "physical networks" is a bit muddy.  In particular, the physical networks described here versus a VTEP bridging physical workloads.

> +    The second axis is the <dfn>degree of NAT</dfn> (network address
> +    translation).  The lowest level of NAT is <em>no NAT</em>, in which VMs are
> +    directly assigned physical network IP addresses.  The next level is <em>IP
> +    address translation</em>, which translates IP addresses.  This allows

This is probably a losing terminology battle, but I think this is really called NAT...

> +    physical and logical IP addresses to be separately allocated.  Finally,
> +    <em>(full) NAT</em> translates IP addresses and transport port numbers.
> +    Only full NAT allows multiple VMs to share a public IP address.

...and this is called PAT.

I think it may be useful to use both sets of terms.  Or not.  Maybe I'm just old.

> +        OVN doesn't add any value to this kind of physical network
> +        connectivity, because plugging the VM's interface directly into a
> +        physical network bridge works just as well.  OVN provides this option
> +        for use by CMSes (e.g. OpenStack Neutron) that require all of the
> +        network connectivity on a hypervisor to go through a single networking
> +        provider (i.e. OVN).

As Russel mentioned, this seems a little overly negative.

> +        OVN will implement direct support for this case.  For now, one can
> +        implement it with an <code>localnet</code> port that patches to an



More information about the dev mailing list