[ovs-discuss] Adding Ovs capabilities to physical server

Ben Pfaff blp at ovn.org
Mon May 15 14:57:58 UTC 2017


Yes, that's what I mean.  OVS can switch whatever packets you want,
whether they're from a VM or not.

On Mon, May 15, 2017 at 09:11:57AM +0000, DELARUELLE Marc-Laurent wrote:
> Do you mean it's possible to run OVS on a physical server and then set all the network connectivity on the OVS ?
> 
> AFAIU, OVS provide network to VM in KVM.
> 
> Here, no KVM, only a physical OS.
> Thanks
> MLD
> 
> 
> 
> -----Message d'origine-----
> De : Ben Pfaff [mailto:blp at ovn.org] 
> Envoyé : samedi 13 mai 2017 07:59
> À : DELARUELLE Marc-Laurent <marc-laurent.delaruelle at renault.com>
> Cc : ovs-discuss at openvswitch.org
> Objet : Re: [ovs-discuss] Adding Ovs capabilities to physical server
> 
> Sure, you can run OVS on a physical server.
> 
> On Fri, May 12, 2017 at 01:38:51PM +0000, DELARUELLE Marc-Laurent wrote:
> > Hi,
> > If NSX runs as OvS, you may control the flows between VM, and between VM and physical servers.
> > But you can't control the flows between physical servers.
> > 
> > Consider 
> > - You create a VLAN and a 512 IP subnet befind a firewall
> > - You want to create some DMZ using micro segmentation on this subnet
> > - You need to deploy  VM and physical servers 
> > 
> > Using Microsegmentation, you may isolate VM from differents DMZ in the same VLAN. And you may control which physical servers may be reached from which  VM according DMZ membership. 
> > But you can't control the flow between 2 physical servers on this subnet.
> > Using PVLAN, ACL on physical switches or ACL on the physical servers is not an option in my company.
> > 
> > This is why I wonder if a solution may be considered by ovs for physical servers running Oracle for instance.  Oracle can't be virtualized for licence reasons.
> > I imagine a micro vswitch with physical nics on one side and virtual nics, seen from the host, but not using VM or KVM.
> > And this micro vswitch could be managed to connect to VxLan and accepting a DFW centrally managed.
> > 
> > Another use case could be also Network Attach Storage. 
> > Regards
> > MLD
> > 
> > 
> > -----Message d'origine-----
> > De : Ben Pfaff [mailto:blp at ovn.org] 
> > Envoyé : vendredi 12 mai 2017 15:25
> > À : DELARUELLE Marc-Laurent <marc-laurent.delaruelle at renault.com>
> > Cc : ovs-discuss at openvswitch.org
> > Objet : Re: [ovs-discuss] Adding Ovs capabilities to physical server
> > 
> > On Fri, May 12, 2017 at 11:38:19AM +0000, DELARUELLE Marc-Laurent wrote:
> > > I'm currently looking at NSX in my company. NSX is very nice, but it is limited to VM world, as Ovs.
> > > I may suggest to make a tiny Ovs for Linux or Windows physical server. It may be like a driver, adding VxLan native connectivity and DFW capabilities to physical servers.
> > > 
> > > Perhaps this project already exists ?
> > 
> > What does this need that OVS doesn't already have?
> > -- Disclaimer ------------------------------------ 
> > Ce message ainsi que les eventuelles pieces jointes constituent une correspondance privee et confidentielle a l'attention exclusive du destinataire designe ci-dessus. Si vous n'etes pas le destinataire du present message ou une personne susceptible de pouvoir le lui delivrer, il vous est signifie que toute divulgation, distribution ou copie de cette transmission est strictement interdite. Si vous avez recu ce message par erreur, nous vous remercions d'en informer l'expediteur par telephone ou de lui retourner le present message, puis d'effacer immediatement ce message de votre systeme.
> > 
> > *** This e-mail and any attachments is a confidential correspondence intended only for use of the individual or entity named above. If you are not the intended recipient or the agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by phone or by replying this message, and then delete this message from your system.
> > 
> > _______________________________________________
> > discuss mailing list
> > discuss at openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
> -- Disclaimer ------------------------------------ 
> Ce message ainsi que les eventuelles pieces jointes constituent une correspondance privee et confidentielle a l'attention exclusive du destinataire designe ci-dessus. Si vous n'etes pas le destinataire du present message ou une personne susceptible de pouvoir le lui delivrer, il vous est signifie que toute divulgation, distribution ou copie de cette transmission est strictement interdite. Si vous avez recu ce message par erreur, nous vous remercions d'en informer l'expediteur par telephone ou de lui retourner le present message, puis d'effacer immediatement ce message de votre systeme.
> 
> *** This e-mail and any attachments is a confidential correspondence intended only for use of the individual or entity named above. If you are not the intended recipient or the agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by phone or by replying this message, and then delete this message from your system.
> 


More information about the discuss mailing list