On 11/03/2015 04:01 PM, Ben Pfaff wrote:
> On Tue, Nov 03, 2015 at 03:45:45PM -0500, Russell Bryant wrote:
>> In the meantime, we can be working on how to model this properly in
>> OVN_Northbound, as well as trying to work out a reasonable
>> implementation based on Geneve.  The modeling in my prototype isn't
>> expressive enough.
> The model that I proposed in Tokyo was to make redirection through a
> chain one of the possible actions for ACLs in the OVN_Northbound
> database.  (I'm not claiming this is original or inspired; maybe you had
> the same idea.)

And have the chain be a list of parameters to the action?

My original thought was a new table of chains.  Each chain has a list of
service endpoints (originally i had this as logical ports, but it'd need
to be IP or MAC addresses, I guess).  A chain would also have a match
defined in the same syntax used by ACLs.  I imagined the implementation
in a separate logical flow table.

I guess both sound like the same thing, really.  It's just a matter of
how strictly the data gets structured in OVN_Northbound.  Doing it in
ACLs sounds pretty convenient and actually makes good sense when
thinking about where this fits into the logical flow stages.

> Parameters would be needed, and that's probably the harder part.  I
> don't know what the universe of reasonable ways to redirect through a
> service includes.  I believe we mentioned that redirecting to an IP
> address or a MAC address are both expected to be supported.  But that
> leaves a lot of questions, such as:
>         * Would each service be expected to be able to send the packet
>           directly to the next service?  Or would it just bounce it back
>           to OVN and OVN would redirect it again?
>         * Would the services be able to preserve arbitrary Geneve (or
>           NSH) metadata that OVN attaches to packets, so that it can be
>           passed back to OVN on exit from the services?
>         * Do the services themselves live in logical networks or are
>           they identified by IP address (etc.) on a physical network?
> Some of these might have obvious answers to people who work in the area
> of NFV or SFC.

Good questions.  So far I haven't done a great job guessing correctly
when I've tried to guess the answers to things like this.  :-)

FWIW, it seems the API proposed for Neutron (networking-sfc) proposes
the services as members of logical networks.  You specify the chain in
terms of logical ports in that API.

I wonder how much of this OPNFV has specified?  This seems like the
perfect sort of thing OPNFV can help specify and work with upstream
projects to get implemented.

Russell Bryant
discuss mailing list

Reply via email to