[ovs-discuss] SFC using OVN

Russell Bryant rbryant at redhat.com
Tue Nov 3 21:15:40 UTC 2015 

On 11/03/2015 04:01 PM, Ben Pfaff wrote:
> On Tue, Nov 03, 2015 at 03:45:45PM -0500, Russell Bryant wrote:
>> In the meantime, we can be working on how to model this properly in
>> OVN_Northbound, as well as trying to work out a reasonable
>> implementation based on Geneve.  The modeling in my prototype isn't
>> expressive enough.
> 
> The model that I proposed in Tokyo was to make redirection through a
> chain one of the possible actions for ACLs in the OVN_Northbound
> database.  (I'm not claiming this is original or inspired; maybe you had
> the same idea.)

And have the chain be a list of parameters to the action?

My original thought was a new table of chains.  Each chain has a list of
service endpoints (originally i had this as logical ports, but it'd need
to be IP or MAC addresses, I guess).  A chain would also have a match
defined in the same syntax used by ACLs.  I imagined the implementation
in a separate logical flow table.

I guess both sound like the same thing, really.  It's just a matter of
how strictly the data gets structured in OVN_Northbound.  Doing it in
ACLs sounds pretty convenient and actually makes good sense when
thinking about where this fits into the logical flow stages.

> Parameters would be needed, and that's probably the harder part.  I
> don't know what the universe of reasonable ways to redirect through a
> service includes.  I believe we mentioned that redirecting to an IP
> address or a MAC address are both expected to be supported.  But that
> leaves a lot of questions, such as:
> 
>         * Would each service be expected to be able to send the packet
>           directly to the next service?  Or would it just bounce it back
>           to OVN and OVN would redirect it again?
>
>         * Would the services be able to preserve arbitrary Geneve (or
>           NSH) metadata that OVN attaches to packets, so that it can be
>           passed back to OVN on exit from the services?
> 
>         * Do the services themselves live in logical networks or are
>           they identified by IP address (etc.) on a physical network?
> 
> Some of these might have obvious answers to people who work in the area
> of NFV or SFC.

Good questions.  So far I haven't done a great job guessing correctly
when I've tried to guess the answers to things like this.  :-)

FWIW, it seems the API proposed for Neutron (networking-sfc) proposes
the services as members of logical networks.  You specify the chain in
terms of logical ports in that API.

I wonder how much of this OPNFV has specified?  This seems like the
perfect sort of thing OPNFV can help specify and work with upstream
projects to get implemented.

-- 
Russell Bryant

More information about the discuss mailing list