On Mon, Mar 7, 2016 at 9:47 AM, Dan Mihai Dumitriu <dm...@cornell.edu> wrote:
> I would argue for a server-side OVSDB to other backend proxy. I would also > argue against a client side (in ovn-controller) abstraction of the other-db > - one reason for this is related to the security/safety argument, in the > sense that other-db may not have any ACL mechanism, or any way to limit > what the client can do, and thus would be susceptible to a compromised > chassis. If OVN has its own RPC mechanism between the chassis > (ovn-controller) and the control cluster, the security issues can be > controlled more precisely, considering the particular requirements of this > system. I think there are also advantages for doing upgrades, and just > generally for decoupling the ovn-controller implementation from the db > backend. > Good points. Thanks for sharing. -- Russell Bryant _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev