Re: Query on East-West traffic


Anil Vishnoi
 

Ravi, if you need more details about it, look at following awesome blogs by flavio


Thanks
Anil

On Tue, Aug 18, 2015 at 5:45 PM, Sam Hague <shague@...> wrote:
Ravi,

for 2 I think we normally just ping from the dhcp namespace which is similar to a vrf. The namespace is also tenant specific so that will match the right flows. All traffic coming from certain ports will have the segId/tenant info tagged to it to identify it.

Sam

On Tue, Aug 18, 2015 at 4:01 AM, <Ravi_Sabapathy@...> wrote:

Hi All,

     

     I have a query on East-West traffic and how it is handled by OVSDB and openstack. There are 2 possible cases in East West traffic.

 

  Case 1 - Tenants having different network:

 

     Consider the below case,

     Tenant 1 with network 2.0.0.0/24

     Tenant 2 with network 1.0.0.0/24

 

     Tenant 1 tries to ping to tenant 2. In this case a tuple of [tunnel_id/vxlan_id, des_ip] will be used by openvswitch to identify and switch packet to the destination tenant network.           

 

 

Flow Rules for reaching different tenant (Ref: Flavio’s how-to-odl-with-openstack-part2.html blog):

 

cookie=0x0, duration=9662.085s, table=60, n_packets=122, n_bytes=11222, priority=2048,ip,tun_id=0x3e9,nw_dst=2.0.0.0/24 actions=set_field:fa:16:3e:cb:14:47->eth_src,dec_ttl,set_field:0x3ea->tun_id,goto_table:70

cookie=0x0, duration=9661.045s, table=60, n_packets=4, n_bytes=392, priority=2048,ip,tun_id=0x3ea,nw_dst=1.0.0.0/24 actions=set_field:fa:16:3e:69:5a:42->eth_src,dec_ttl,set_field:0x3e9->tun_id,goto_table:70

              I have verified in my local setup that East – West traffic is working fine with tenants with different networks.

 Case 2 – Two or more tenants having same network:

 

     Consider the below case,

     Tenant 1 with network 1.0.0.0/24

     Tenant 2 with network 1.0.0.0/24

 

             How does the openvswitch create rules to reach tenant 2, when tenant 1 tries to ping ? The ping  binary does not seem to provide any option for tunnel_id/segmentation ID.

 

Legacy behavior:

In the legacy network, we can have the same network in different Virtual routing and forwarding (VRF). The ping binary has options to ping to a specific VRF id and destination IP.

 

              So, there are 2 options

1.       Have Vxlan ID/tunnel ID as part of ping/application. By this way the openvswitch can form a unique tuple of [tunnel_id/vxlan_id, des_ip]. Please give your comment on this.

2.       Use floating IP option and assign

a.       Static floating IP to each of the VM’s in the tenant network

a.       In a large scale deployment we might run out of floating IP’s. This might not be an ideal solution.

b.      Assign floating IP per compute node or each tenant network in the deployment

a.       In this case ODL has to internally maintain which ports to reach for a particular floating IP.   

 

               Is the IP overlap use case possible in current scenario with ODL + openstack?

I hope it is a valid use case from deployment perspective? Please correct me if I am wrong and give your valid inputs.

               

 

Regards,

Ravi

 


_______________________________________________
ovsdb-dev mailing list
ovsdb-dev@...
https://lists.opendaylight.org/mailman/listinfo/ovsdb-dev



_______________________________________________
ovsdb-dev mailing list
ovsdb-dev@...
https://lists.opendaylight.org/mailman/listinfo/ovsdb-dev




--
Thanks
Anil

Join z.archive.ovsdb-dev@lists.opendaylight.org to automatically receive all group messages.