On 01/30/2016 11:23 PM, Han Zhou wrote: > Before this patch, inter-chassis communication between VIFs of same > lswitch will always go through tunnel, which end up of modeling a > single physical network with many lswitches and pairs of lports, and > complexity in CMS like OpenStack neutron to manage the lswitches and > lports especially when ACLs are involved. > > With this patch, inter-chassis communication can go through physical > networks via localnet port with a 1:1 mapping between lswitches and > physical networks. The original tunneling mechanism will still be > used if there is no localnet port configured on the lswitch. > > Signed-off-by: Han Zhou <zhou...@gmail.com>
The patches you based this on have been merged, but I can't seem to apply this patch. I tried from the email and patchwork and both fail for me. The patch came out smaller than I expected, so that's good. I'm still thinking this over, but I'll share some thoughts. The model is indeed simpler in some ways, but it has its own new complexity. Prior to this patch, OVN had full control over a logical network. With this patch, an OVN logical switch has a different meaning and packets go through the logical pipeline differently. Previously, every packet did the following: 1) Enter a logical switch 2) Execute logical ingress pipeline 3) Execute logical egress pipeline (possibly on remote hypervisor) 4) Leave logical switch In this localnet mode, a packet destined for a logical port on a remote hypervisor has a new kind of path: 1) Enter a logical switch 2) Execute logical ingress pipeline 3) Execute logical ingress pipeline again on remote hypervisor 4) Execute logical egress pipeline 5) Leave logical switch I believe this model would also introduce some additional restrictions on the ACL syntax. We can not necessarily uniquely identify the source logical port when the packet reaches the remote hypervisor, so the use of "inport" in "to-lport" ACLs won't work, at least. I'm not necessarily suggesting you should go try to fix these things, because I don't know that you can. I'm just trying to think through the impact of these changes on the semantics of an OVN logical switch. -- Russell Bryant _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
