Hi Ben, I specially liked the VIF port lifecycle, looks good to me, Ionly miss some “port_security” concepts we have in neutron, which I guess could have been deliberately omitted for a start.
In neutron we have something called security groups, and every port belongs to 1 or more security groups. Each security group has a list of rules to control traffic at port level in a very fine grained fashion (ingress/egress protocol/flags/etc… remote_ip/mask or security_group ID) I guess we could build render security_group ID to multiple IPs for each port, but then we will miss the ingress/egress and protocol flags (like type of protocol, ports, etc.. [1]) Also, be aware, that not having security group ID references from neutron, when lot’s of ports go to the same security group we end up with an exponential growth of rules / OF entries per port, we solved this in the server<->agent communication for the reference OVS solution by keeping a lists of IPs belonging to security group IDs, and then, separately having the references from the rules. [1] http://docs.openstack.org/admin-guide-cloud/content/securitygroup_api_abstractions.html Miguel Ángel Ajo On Thursday, 19 de February de 2015 at 09:13, Ben Pfaff wrote: > On Thu, Feb 19, 2015 at 12:12:26AM -0800, Ben Pfaff wrote: > > This commit adds preliminary design documentation for Open Virtual Network, > > or OVN, a new OVS-based project to add support for virtual networking to > > OVS, initially with OpenStack integration. > > > > This initial design has been influenced by many people, including (in > > alphabetical order) Aaron Rosen, Chris Wright, Jeremy Stribling, > > Justin Pettit, Ken Duda, Madhu Venugopal, Martin Casado, Pankaj Thakkar, > > Russell Bryant, and Teemu Koponen. All blunders, however, are due to my > > own hubris. > > > > Signed-off-by: Ben Pfaff <b...@nicira.com (mailto:b...@nicira.com)> > > I've posted the rendered version of the documentation following this > commit at http://benpfaff.org/~blp/dist-docs. You probably want to look > at the ovn* manpages, especially ovn-architecture(7), ovn(5), and > ovn-nb(5). > _______________________________________________ > dev mailing list > dev@openvswitch.org (mailto:dev@openvswitch.org) > http://openvswitch.org/mailman/listinfo/dev > > _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
