Hi Kyle,
This is what I thought was going on. So basically, networking-sfc is currently not providing multi-tenancy for VNFs using the chain, and you need to build chains (and VNFs) per-tenant. Cathy> If the "VLAN-aware-VM" feature of Neutron allows sub-ports of a VM (i.e. the VNF) to be associated with different tenants, then networking-sfc API will transparently support multi-tenancy VNF. Each chain is per tenant, but a VNF with multiple sub-ports can be shared by multiple chains with each chain associated with one sub-port. Thanks, Cathy > On Tue, Jul 12, 2016 at 9:18 AM, Kyle Mestery <mest...@mestery.com> wrote: >> >> On Tue, Jul 12, 2016 at 9:52 AM, Russell Bryant <russ...@ovn.org> wrote: >> > On Tue, Jun 28, 2016 at 12:05 PM, Ryan Moats <rmo...@us.ibm.com> wrote: >> > >> >> John McDowall <jmcdow...@paloaltonetworks.com> wrote on 06/28/2016 >> >> 10:54:31 >> >> AM: >> >> >> >> > From: John McDowall <jmcdow...@paloaltonetworks.com> >> >> > To: Ryan Moats/Omaha/IBM@IBMUS, Na Zhu <na...@cn.ibm.com> >> >> > Cc: "dev@openvswitch.org" <dev@openvswitch.org> >> >> > Date: 06/28/2016 10:54 AM >> >> > Subject: Re: [ovs-dev] SFC-Summary: MultiTenant >> >> > >> >> > Ryan, >> >> > >> >> > Putting on my vendor hat for a minute or two…. >> >> > >> >> > The way we have solved this is our VNF supports multiple >> >> > interfaces (I.e. Multiple port-pairs) that can be partitioned >> >> > into different networks. So a single VNF can act in multiple >> >> > tenant. I believe most other vendors have similar solutions and perhaps >> >> > other approaches. >> >> >> >> That's a way to do it, and it doesn't require OVN to know any more >> >> than what we are currently programming... >> >> >> >> > >> >> > How would you like a VNF to behave to support multi-tenancy? >> >> >> >> I've been trying to work out how to be multi-tenant at the VNF >> >> port level, and there's where I run into problems... >> >> >> > >> > I was thinking this could be handled with child / sub-ports. We do >> > this today for containers in VMs. We can have a single VIF for a >> > VM that is connected to multiple networks that are owned by >> > separate tenants. Some sort of encapsulation (VLAN ID, MPLS >> > header, whatever) would be used to differentiate the traffic for >> > each networking in/out of that VIF. I had started adding the >> > ability to use MPLS for this in my prototype for this reason, as that was >> > what networking-sfc had defined. >> > >> >> This makes the assumption that the thing on the other end of the port >> (the VNF, I guess) is not only MPLS aware, but also "tenant to label" >> aware. How does that information (tenant to MPLS label) get passed to >> the VNF? Apologies if this is already handled somehow with the >> networking-sfc API. >> >> > -- >> > Russell Bryant >> > _______________________________________________ >> > dev mailing list >> > dev@openvswitch.org >> > http://openvswitch.org/mailman/listinfo/dev >> _______________________________________________ >> dev mailing list >> dev@openvswitch.org >> http://openvswitch.org/mailman/listinfo/dev > > _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
