On 11/03/2015 04:01 PM, Ben Pfaff wrote: > On Tue, Nov 03, 2015 at 03:45:45PM -0500, Russell Bryant wrote: >> In the meantime, we can be working on how to model this properly in >> OVN_Northbound, as well as trying to work out a reasonable >> implementation based on Geneve. The modeling in my prototype isn't >> expressive enough. > > The model that I proposed in Tokyo was to make redirection through a > chain one of the possible actions for ACLs in the OVN_Northbound > database. (I'm not claiming this is original or inspired; maybe you had > the same idea.)
And have the chain be a list of parameters to the action? My original thought was a new table of chains. Each chain has a list of service endpoints (originally i had this as logical ports, but it'd need to be IP or MAC addresses, I guess). A chain would also have a match defined in the same syntax used by ACLs. I imagined the implementation in a separate logical flow table. I guess both sound like the same thing, really. It's just a matter of how strictly the data gets structured in OVN_Northbound. Doing it in ACLs sounds pretty convenient and actually makes good sense when thinking about where this fits into the logical flow stages. > Parameters would be needed, and that's probably the harder part. I > don't know what the universe of reasonable ways to redirect through a > service includes. I believe we mentioned that redirecting to an IP > address or a MAC address are both expected to be supported. But that > leaves a lot of questions, such as: > > * Would each service be expected to be able to send the packet > directly to the next service? Or would it just bounce it back > to OVN and OVN would redirect it again? > > * Would the services be able to preserve arbitrary Geneve (or > NSH) metadata that OVN attaches to packets, so that it can be > passed back to OVN on exit from the services? > > * Do the services themselves live in logical networks or are > they identified by IP address (etc.) on a physical network? > > Some of these might have obvious answers to people who work in the area > of NFV or SFC. Good questions. So far I haven't done a great job guessing correctly when I've tried to guess the answers to things like this. :-) FWIW, it seems the API proposed for Neutron (networking-sfc) proposes the services as members of logical networks. You specify the chain in terms of logical ports in that API. I wonder how much of this OPNFV has specified? This seems like the perfect sort of thing OPNFV can help specify and work with upstream projects to get implemented. -- Russell Bryant _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss