On Tue, Jun 28, 2016 at 12:05 PM, Ryan Moats <rmo...@us.ibm.com> wrote:
> John McDowall <jmcdow...@paloaltonetworks.com> wrote on 06/28/2016 > 10:54:31 > AM: > > > From: John McDowall <jmcdow...@paloaltonetworks.com> > > To: Ryan Moats/Omaha/IBM@IBMUS, Na Zhu <na...@cn.ibm.com> > > Cc: "dev@openvswitch.org" <dev@openvswitch.org> > > Date: 06/28/2016 10:54 AM > > Subject: Re: [ovs-dev] SFC-Summary: MultiTenant > > > > Ryan, > > > > Putting on my vendor hat for a minute or two…. > > > > The way we have solved this is our VNF supports multiple interfaces > > (I.e. Multiple port-pairs) that can be partitioned into different > > networks. So a single VNF can act in multiple tenant. I believe most > > other vendors have similar solutions and perhaps other approaches. > > That's a way to do it, and it doesn't require OVN to know any more > than what we are currently programming... > > > > > How would you like a VNF to behave to support multi-tenancy? > > I've been trying to work out how to be multi-tenant at the VNF port > level, and there's where I run into problems... > I was thinking this could be handled with child / sub-ports. We do this today for containers in VMs. We can have a single VIF for a VM that is connected to multiple networks that are owned by separate tenants. Some sort of encapsulation (VLAN ID, MPLS header, whatever) would be used to differentiate the traffic for each networking in/out of that VIF. I had started adding the ability to use MPLS for this in my prototype for this reason, as that was what networking-sfc had defined. -- Russell Bryant _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
