John McDowall <jmcdow...@paloaltonetworks.com> wrote on 06/27/2016 08:45:45 PM:
> From: John McDowall <jmcdow...@paloaltonetworks.com> > To: Ryan Moats/Omaha/IBM@IBMUS > Cc: "dev@openvswitch.org" <dev@openvswitch.org> > Date: 06/27/2016 08:45 PM > Subject: Re: [ovs-dev] SFC-Summary: MultiTenant > > Previous thread contents are here: http://openvswitch.org/pipermail/ > dev/2016-June/073836.html > > Ryan, > > Trying to keep the thread to a single subject so we can knock them off. > > There are two cases for multi-tenancy: > > The VNF is multi-tenant: This implies that a single VNF can exist as > a port-pair in multiple logical networks. For this to happen the VNF > has to support two features: > Separate management planes so different tenants can manage them independently > Ability to handle overlapping IP-Address ranges in the control and > data planes. > The network can be logically separated into different segments with > overlapping IP address ranges. This is one of the functions of OVS/ > OVN I thought or do I have a key mis-understanding? If a VNF has its > logical ports in the namespace of a specific logical switch then > there should be no barrier to multi-tenant networks – or am I > missing something fundamental? > > I think 1) is a vendor issue and while we can make it easy for them > they still need to do the work to separate the management/control > and data planes? > > Thoughts? The piece I think that is being missed is that table 0 of OVS associated the incoming logical port with the ingress physical port. When I look at multi-tenancy, I believe that physical port is assumed to bind to multiple logical ports, and I haven't yet seen where we've given OVS the knowledge of how to select the proper logical port/logical datapath for a particular incoming packet. Ryan _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
