>I was thinking this could be handled with child / sub-ports. We do this >today for containers in VMs. We can have a single VIF for a VM that is >connected to multiple networks that are owned by separate tenants. Some >sort of encapsulation (VLAN ID, MPLS header, whatever) would be used to >differentiate the traffic for each networking in/out of that VIF. I had >started adding the ability to use MPLS for this in my prototype for this >reason, as that was what networking-sfc had defined. I have a quick question on the above. (multi-tenancy).Yes, I know the containers can be in different networks of the same tenant.How does it work when the containers are in different tenants ? Below is the latest spec for vlan-aware-vms https://specs.openstack.org/openstack/neutron-specs/specs/liberty/vlan-aware-vms.html
The trick is to create neutron ports (for the subports) and then link them to the trunk port using neutron trunk-subport-add TRUNK \ PORT[,SEGMENTATION-TYPE,SEGMENTATION-ID] \ [PORT,...] In the above command all the neutron ports (trunk ports and subports) must be in the same tenant.As far as I know, a tenant will not see neutron ports from another tenant. Or will this command allow neutron ports from different tenants to be attached ? E.g. VM "X" consists of containers C1 in Tenant 1 with portID = C10000 (network dn1)container C2 in Tenant 2 with portID = C20000 (network dn2)The trunk port of VM "X" is in tenant 100 with portID = T10000 (network dt) The above command will be neutron trunk-subport-add T10000 \ A vlan 10000 \ B vlan 20000 Is my understanding correct? thanks,Farhad. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
