[ovs-dev] SFC-Summary: MultiTenant
Russell Bryant
russell at ovn.org
Tue Jul 12 14:52:02 UTC 2016
On Tue, Jun 28, 2016 at 12:05 PM, Ryan Moats <rmoats at us.ibm.com> wrote:
> John McDowall <jmcdowall at paloaltonetworks.com> wrote on 06/28/2016
> 10:54:31
> AM:
>
> > From: John McDowall <jmcdowall at paloaltonetworks.com>
> > To: Ryan Moats/Omaha/IBM at IBMUS, Na Zhu <nazhu at cn.ibm.com>
> > Cc: "dev at openvswitch.org" <dev at openvswitch.org>
> > Date: 06/28/2016 10:54 AM
> > Subject: Re: [ovs-dev] SFC-Summary: MultiTenant
> >
> > Ryan,
> >
> > Putting on my vendor hat for a minute or two….
> >
> > The way we have solved this is our VNF supports multiple interfaces
> > (I.e. Multiple port-pairs) that can be partitioned into different
> > networks. So a single VNF can act in multiple tenant. I believe most
> > other vendors have similar solutions and perhaps other approaches.
>
> That's a way to do it, and it doesn't require OVN to know any more
> than what we are currently programming...
>
> >
> > How would you like a VNF to behave to support multi-tenancy?
>
> I've been trying to work out how to be multi-tenant at the VNF port
> level, and there's where I run into problems...
>
I was thinking this could be handled with child / sub-ports. We do this
today for containers in VMs. We can have a single VIF for a VM that is
connected to multiple networks that are owned by separate tenants. Some
sort of encapsulation (VLAN ID, MPLS header, whatever) would be used to
differentiate the traffic for each networking in/out of that VIF. I had
started adding the ability to use MPLS for this in my prototype for this
reason, as that was what networking-sfc had defined.
--
Russell Bryant
More information about the dev
mailing list