Query on East-West traffic


Ravi Shankar S
 

Hi All,

     

     I have a query on East-West traffic and how it is handled by OVSDB and openstack. There are 2 possible cases in East West traffic.

 

  Case 1 - Tenants having different network:

 

     Consider the below case,

     Tenant 1 with network 2.0.0.0/24

     Tenant 2 with network 1.0.0.0/24

 

     Tenant 1 tries to ping to tenant 2. In this case a tuple of [tunnel_id/vxlan_id, des_ip] will be used by openvswitch to identify and switch packet to the destination tenant network.           

 

 

Flow Rules for reaching different tenant (Ref: Flavio’s how-to-odl-with-openstack-part2.html blog):

 

cookie=0x0, duration=9662.085s, table=60, n_packets=122, n_bytes=11222, priority=2048,ip,tun_id=0x3e9,nw_dst=2.0.0.0/24 actions=set_field:fa:16:3e:cb:14:47->eth_src,dec_ttl,set_field:0x3ea->tun_id,goto_table:70

cookie=0x0, duration=9661.045s, table=60, n_packets=4, n_bytes=392, priority=2048,ip,tun_id=0x3ea,nw_dst=1.0.0.0/24 actions=set_field:fa:16:3e:69:5a:42->eth_src,dec_ttl,set_field:0x3e9->tun_id,goto_table:70

              I have verified in my local setup that East – West traffic is working fine with tenants with different networks.

 Case 2 – Two or more tenants having same network:

 

     Consider the below case,

     Tenant 1 with network 1.0.0.0/24

     Tenant 2 with network 1.0.0.0/24

 

             How does the openvswitch create rules to reach tenant 2, when tenant 1 tries to ping ? The ping  binary does not seem to provide any option for tunnel_id/segmentation ID.

 

Legacy behavior:

In the legacy network, we can have the same network in different Virtual routing and forwarding (VRF). The ping binary has options to ping to a specific VRF id and destination IP.

 

              So, there are 2 options

1.       Have Vxlan ID/tunnel ID as part of ping/application. By this way the openvswitch can form a unique tuple of [tunnel_id/vxlan_id, des_ip]. Please give your comment on this.

2.       Use floating IP option and assign

a.       Static floating IP to each of the VM’s in the tenant network

a.       In a large scale deployment we might run out of floating IP’s. This might not be an ideal solution.

b.      Assign floating IP per compute node or each tenant network in the deployment

a.       In this case ODL has to internally maintain which ports to reach for a particular floating IP.   

 

               Is the IP overlap use case possible in current scenario with ODL + openstack?

I hope it is a valid use case from deployment perspective? Please correct me if I am wrong and give your valid inputs.

               

 

Regards,

Ravi

 

Join z.archive.ovsdb-dev@lists.opendaylight.org to automatically receive all group messages.