[ovs-dev] SFC-Summary: MultiTenant

Ryan Moats rmoats at us.ibm.com
Tue Jun 28 04:26:35 UTC 2016


Na Zhu/China/IBM wrote on 06/27/2016 10:21:33 PM:

> From: Na Zhu/China/IBM
> To: John McDowall <jmcdowall at paloaltonetworks.com>, Ryan
Moats/Omaha/IBM at IBMUS
> Cc: "dev at openvswitch.org" <dev at openvswitch.org>
> Date: 06/27/2016 10:21 PM
> Subject: Re: [ovs-dev] SFC-Summary: MultiTenant
>
> Hi Ryan & John,
>
> For multi-tenancy use case, i think it is not allowed to boot VNF in
> openstack that can be used by multiple tenants.
> I am not clear about your concerns, can you clarify?

If I can't support multi-tenant in a particular VNF, then the
solution doesn't scale from a business perspective.

The discussion about here is how does OVN support a multi-tenant
VNF, independent of OpenStack.

I've asked the same question of the networking-sfc spec as part
of the review, because it has to be solved there as well.

Ryan

>
>
> Regards,
> Juno Zhu
> IBM China Development Labs (CDL) Cloud IaaS Lab
> Email: nazhu at cn.ibm.com
> 5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong
> New District, Shanghai, China (201203)
>
> From: John McDowall <jmcdowall at paloaltonetworks.com>
> To: Ryan Moats <rmoats at us.ibm.com>
> Cc: "dev at openvswitch.org" <dev at openvswitch.org>
> Date: 2016/06/28 09:46
> Subject: Re: [ovs-dev] SFC-Summary: MultiTenant
> Sent by: "dev" <dev-bounces at openvswitch.org>
>
> Previous thread contents are here: http://openvswitch.org/pipermail/
> dev/2016-June/073836.html
>
> Ryan,
>
> Trying to keep the thread to a single subject so we can knock them off.
>
> There are two cases for multi-tenancy:
>
>
>   1.  The VNF is multi-tenant: This implies that a single VNF can
> exist as a port-pair in multiple logical networks. For this to
> happen the VNF has to support two features:
>      *   Separate management planes so different tenants can manage
> them independently
>      *   Ability to handle overlapping IP-Address ranges in the
> control and data planes.
>   2.  The network can be logically separated into different segments
> with overlapping IP address ranges. This is one of the functions of
> OVS/OVN I thought or do I have a key mis-understanding? If a VNF has
> its logical ports in the namespace of a specific logical switch then
> there should be no barrier to multi-tenant networks - or am I
> missing something fundamental?
>
> I think 1) is a vendor issue and while we can make it easy for them
> they still need to do the work to separate the management/control
> and data planes?
>
> Thoughts?
>
> John
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev



More information about the dev mailing list