It isn't. For networking-sfc, at least for OVS driver (the default), the MPLS label is popped before the packet reaches the VNF.
But Russell did bring up a great solution for supporting multi-tenancy on VNF... it does open the can of worm where we need to distinguish between VNF that supports multi-tenancy (save label) vs not (pop label). And we need to have agreement with the VNF vendors on label format... On Tue, Jul 12, 2016 at 9:18 AM, Kyle Mestery <mest...@mestery.com> wrote: > On Tue, Jul 12, 2016 at 9:52 AM, Russell Bryant <russ...@ovn.org> wrote: > > On Tue, Jun 28, 2016 at 12:05 PM, Ryan Moats <rmo...@us.ibm.com> wrote: > > > >> John McDowall <jmcdow...@paloaltonetworks.com> wrote on 06/28/2016 > >> 10:54:31 > >> AM: > >> > >> > From: John McDowall <jmcdow...@paloaltonetworks.com> > >> > To: Ryan Moats/Omaha/IBM@IBMUS, Na Zhu <na...@cn.ibm.com> > >> > Cc: "dev@openvswitch.org" <dev@openvswitch.org> > >> > Date: 06/28/2016 10:54 AM > >> > Subject: Re: [ovs-dev] SFC-Summary: MultiTenant > >> > > >> > Ryan, > >> > > >> > Putting on my vendor hat for a minute or two…. > >> > > >> > The way we have solved this is our VNF supports multiple interfaces > >> > (I.e. Multiple port-pairs) that can be partitioned into different > >> > networks. So a single VNF can act in multiple tenant. I believe most > >> > other vendors have similar solutions and perhaps other approaches. > >> > >> That's a way to do it, and it doesn't require OVN to know any more > >> than what we are currently programming... > >> > >> > > >> > How would you like a VNF to behave to support multi-tenancy? > >> > >> I've been trying to work out how to be multi-tenant at the VNF port > >> level, and there's where I run into problems... > >> > > > > I was thinking this could be handled with child / sub-ports. We do this > > today for containers in VMs. We can have a single VIF for a VM that is > > connected to multiple networks that are owned by separate tenants. Some > > sort of encapsulation (VLAN ID, MPLS header, whatever) would be used to > > differentiate the traffic for each networking in/out of that VIF. I had > > started adding the ability to use MPLS for this in my prototype for this > > reason, as that was what networking-sfc had defined. > > > > This makes the assumption that the thing on the other end of the port > (the VNF, I guess) is not only MPLS aware, but also "tenant to label" > aware. How does that information (tenant to MPLS label) get passed to > the VNF? Apologies if this is already handled somehow with the > networking-sfc API. > > > -- > > Russell Bryant > > _______________________________________________ > > dev mailing list > > dev@openvswitch.org > > http://openvswitch.org/mailman/listinfo/dev > _______________________________________________ > dev mailing list > dev@openvswitch.org > http://openvswitch.org/mailman/listinfo/dev > _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
