Reply inline. On Wed, Jan 30, 2013 at 10:11 PM, Murali Reddy <murali.re...@citrix.com>wrote:
> Kanzhe, > > Thanks for the detailed explantation. I get the end-to-end flow now. If I > understand correctly, every flow across the VM's in same virtual network, > at initiation, still needs to go through the controller right? > Yes, controller sets up every flow int the network based on the first packet of the flow. It is when the isolation policy is enforced. Of course, there are more technical details in how to stop flows when isolation policy changes, such as VM moved, change in policy. It will be best to refer to controller document for details. > How do you expect 'shared network' be treated. Do you expect admin to > setup the necessary flow information through controller for shared networks? > > It depends on how the network is shared, at L2 or L3. In this version of plugin, only L2 isolation is supported. None of the L3 or inter-virtual network functions were supported. Just think aloud here, L2 shared network can be easily implemented with inter-virtualNetwork policy. L3 shared network can be implemented with Virtual Routing policy. Regards, > Murali > > From: Kanzhe Jiang <kanzhe.ji...@bigswitch.com> > Date: Thursday, 31 January 2013 1:28 AM > To: Murali Reddy <murali.re...@citrix.com> > Cc: "cloudstack-dev@incubator.apache.org" < > cloudstack-dev@incubator.apache.org> > Subject: Re: Review Request: BigSwitch VNS Networking Plugin > > Hi Murali, > > When creating network, the plugin will capture the networkUUID, tenantID, > vlan and send a request to the controller to create a virtual network. > Controller will create an addressSpace construct to match the vlan so that > all device in the addressSpace has unique mac and ip, then create a virtual > network. The membership of the virtualNetwork is based on a tag rule. A tag > rule is that any device with the tag will be classified to the virtual > network. > > When a VM is created, BigSwitchVnsElement.java will send a request to the > controller to create a port and attachment for the VM. The port contains > the networkuuid. The attachment contains the VM's mac address. The > controller then associates the VM with its network tag. > > At this point, nothing is happening to the switches yet. > > When VM sends packets, the VM's network association is determined based on > its first packet. If the destination is in the same virtual network, the > controller will permit the flow and set up a end-to-end flow. When setting > up the flow, vlan is programmed on the switches along the route. The > switches can be virtual or OF-enabled physical switches. > > Then the network is destroyed, the plugin notifies the controller, which > then removes the tag and virtual network. > > Hope the explanation clarifies the workflow. > Let me know if you have more question. > > Thanks, > Kanzhe > -- Kanzhe Jiang MTS at BigSwitch
