Sure, you can run OVS on a physical server.
On Fri, May 12, 2017 at 01:38:51PM +0000, DELARUELLE Marc-Laurent wrote: > Hi, > If NSX runs as OvS, you may control the flows between VM, and between VM and > physical servers. > But you can't control the flows between physical servers. > > Consider > - You create a VLAN and a 512 IP subnet befind a firewall > - You want to create some DMZ using micro segmentation on this subnet > - You need to deploy VM and physical servers > > Using Microsegmentation, you may isolate VM from differents DMZ in the same > VLAN. And you may control which physical servers may be reached from which > VM according DMZ membership. > But you can't control the flow between 2 physical servers on this subnet. > Using PVLAN, ACL on physical switches or ACL on the physical servers is not > an option in my company. > > This is why I wonder if a solution may be considered by ovs for physical > servers running Oracle for instance. Oracle can't be virtualized for licence > reasons. > I imagine a micro vswitch with physical nics on one side and virtual nics, > seen from the host, but not using VM or KVM. > And this micro vswitch could be managed to connect to VxLan and accepting a > DFW centrally managed. > > Another use case could be also Network Attach Storage. > Regards > MLD > > > -----Message d'origine----- > De : Ben Pfaff [mailto:b...@ovn.org] > Envoyé : vendredi 12 mai 2017 15:25 > À : DELARUELLE Marc-Laurent <marc-laurent.delarue...@renault.com> > Cc : ovs-discuss@openvswitch.org > Objet : Re: [ovs-discuss] Adding Ovs capabilities to physical server > > On Fri, May 12, 2017 at 11:38:19AM +0000, DELARUELLE Marc-Laurent wrote: > > I'm currently looking at NSX in my company. NSX is very nice, but it is > > limited to VM world, as Ovs. > > I may suggest to make a tiny Ovs for Linux or Windows physical server. It > > may be like a driver, adding VxLan native connectivity and DFW capabilities > > to physical servers. > > > > Perhaps this project already exists ? > > What does this need that OVS doesn't already have? > -- Disclaimer ------------------------------------ > Ce message ainsi que les eventuelles pieces jointes constituent une > correspondance privee et confidentielle a l'attention exclusive du > destinataire designe ci-dessus. Si vous n'etes pas le destinataire du present > message ou une personne susceptible de pouvoir le lui delivrer, il vous est > signifie que toute divulgation, distribution ou copie de cette transmission > est strictement interdite. Si vous avez recu ce message par erreur, nous vous > remercions d'en informer l'expediteur par telephone ou de lui retourner le > present message, puis d'effacer immediatement ce message de votre systeme. > > *** This e-mail and any attachments is a confidential correspondence intended > only for use of the individual or entity named above. If you are not the > intended recipient or the agent responsible for delivering the message to the > intended recipient, you are hereby notified that any disclosure, distribution > or copying of this communication is strictly prohibited. If you have received > this communication in error, please notify the sender by phone or by replying > this message, and then delete this message from your system. > > _______________________________________________ > discuss mailing list > disc...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
