[ovs-git] [openvswitch/ovs] 3bb479: OVN: Add support for Transport Zones

Lucas Alvares Gomes noreply at github.com
Mon Apr 22 20:37:23 UTC 2019 

  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: 3bb479d9aa52f0a25e941bb3156b5fc4ddca3c8c
      https://github.com/openvswitch/ovs/commit/3bb479d9aa52f0a25e941bb3156b5fc4ddca3c8c
  Author: Lucas Alvares Gomes <lucasagomes at gmail.com>
  Date:   2019-04-22 (Mon, 22 Apr 2019)

  Changed paths:
    M NEWS
    M ovn/controller/chassis.c
    M ovn/controller/chassis.h
    M ovn/controller/encaps.c
    M ovn/controller/encaps.h
    M ovn/controller/ovn-controller.8.xml
    M ovn/controller/ovn-controller.c
    M ovn/ovn-sb.ovsschema
    M ovn/ovn-sb.xml
    M tests/ovn.at

  Log Message:
  -----------
  OVN: Add support for Transport Zones

This patch is adding support for Transport Zones. Transport zones (a.k.a
TZs) is way to enable users of OVN to separate Chassis into different
logical groups that will only form tunnels between members of the same
groups. Each Chassis can belong to one or more Transport Zones. If
not set, the Chassis will be considered part of a default group.

Configuring Transport Zones is done by creating a key called
"ovn-transport-zones" in the external_ids column of the Open_vSwitch
table from the local OVS instance. The value is a string with the name
of the Transport Zone that this instance is part of. Multiple TZs can
be specified with a comma-separated list. For example:

$ sudo ovs-vsctl set open . external-ids:ovn-transport-zones=tz1

or

$ sudo ovs-vsctl set open . external-ids:ovn-transport-zones=tz1,tz2,tz3

This configuration is also exposed in the Chassis table of the OVN
Southbound Database in a new column called "transport_zones".

The use for Transport Zones includes but are not limited to:

* Edge computing: As a way to preventing edge sites from trying to create
  tunnels with every node on every other edge site while still allowing
  these sites to create tunnels with the central node.

* Extra security layer: Where users wants to create "trust zones"
  and prevent computes in a more secure zone to communicate with a less
  secure zone.

This patch is also backward compatible so the upgrade guide for OVN [0]
is still valid and the ovn-controller service can be upgraded before the
OVSDBs.

[0] http://docs.openvswitch.org/en/latest/intro/install/ovn-upgrades/

Reported-by: Daniel Alvarez Sanchez <dalvarez at redhat.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2019-February/048255.html
Signed-off-by: Lucas Alvares Gomes <lucasagomes at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>

More information about the git mailing list