On Tue, Jul 12, 2016 at 6:17 PM, Stephen Wong <stephen.kf.w...@gmail.com> wrote: > It isn't. For networking-sfc, at least for OVS driver (the default), the > MPLS label is popped before the packet reaches the VNF. > > But Russell did bring up a great solution for supporting multi-tenancy on > VNF... it does open the can of worm where we need to distinguish between VNF > that supports multi-tenancy (save label) vs not (pop label). And we need to > have agreement with the VNF vendors on label format... >
This is what I thought was going on. So basically, networking-sfc is currently not providing multi-tenancy for VNFs using the chain, and you need to build chains (and VNFs) per-tenant. > On Tue, Jul 12, 2016 at 9:18 AM, Kyle Mestery <mest...@mestery.com> wrote: >> >> On Tue, Jul 12, 2016 at 9:52 AM, Russell Bryant <russ...@ovn.org> wrote: >> > On Tue, Jun 28, 2016 at 12:05 PM, Ryan Moats <rmo...@us.ibm.com> wrote: >> > >> >> John McDowall <jmcdow...@paloaltonetworks.com> wrote on 06/28/2016 >> >> 10:54:31 >> >> AM: >> >> >> >> > From: John McDowall <jmcdow...@paloaltonetworks.com> >> >> > To: Ryan Moats/Omaha/IBM@IBMUS, Na Zhu <na...@cn.ibm.com> >> >> > Cc: "dev@openvswitch.org" <dev@openvswitch.org> >> >> > Date: 06/28/2016 10:54 AM >> >> > Subject: Re: [ovs-dev] SFC-Summary: MultiTenant >> >> > >> >> > Ryan, >> >> > >> >> > Putting on my vendor hat for a minute or two…. >> >> > >> >> > The way we have solved this is our VNF supports multiple interfaces >> >> > (I.e. Multiple port-pairs) that can be partitioned into different >> >> > networks. So a single VNF can act in multiple tenant. I believe most >> >> > other vendors have similar solutions and perhaps other approaches. >> >> >> >> That's a way to do it, and it doesn't require OVN to know any more >> >> than what we are currently programming... >> >> >> >> > >> >> > How would you like a VNF to behave to support multi-tenancy? >> >> >> >> I've been trying to work out how to be multi-tenant at the VNF port >> >> level, and there's where I run into problems... >> >> >> > >> > I was thinking this could be handled with child / sub-ports. We do this >> > today for containers in VMs. We can have a single VIF for a VM that is >> > connected to multiple networks that are owned by separate tenants. Some >> > sort of encapsulation (VLAN ID, MPLS header, whatever) would be used to >> > differentiate the traffic for each networking in/out of that VIF. I had >> > started adding the ability to use MPLS for this in my prototype for this >> > reason, as that was what networking-sfc had defined. >> > >> >> This makes the assumption that the thing on the other end of the port >> (the VNF, I guess) is not only MPLS aware, but also "tenant to label" >> aware. How does that information (tenant to MPLS label) get passed to >> the VNF? Apologies if this is already handled somehow with the >> networking-sfc API. >> >> > -- >> > Russell Bryant >> > _______________________________________________ >> > dev mailing list >> > dev@openvswitch.org >> > http://openvswitch.org/mailman/listinfo/dev >> _______________________________________________ >> dev mailing list >> dev@openvswitch.org >> http://openvswitch.org/mailman/listinfo/dev > > _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
