Hi Justin,
> Hi, Dave. You are correct that the controller "owns" all the rules on
> the switch. (Technically, there are exceptions to this, but that's a
> road I wouldn't recommend going down.) It is up to the
> controller/application to decide how to handle existing flows, but all
> the ones I know of wipe the existing flows on OpenFlow connection
> establishment. (It's kind of a nightmare to debug a controller app
> otherwise.)
Thanks for the clarification-- I'll avoid digging into the exceptions
(emergency mode rules?) :)
> Would a proxy, generic port forwarding application, or IP tables rules
> work for you? I would think any of those would do the job you want and
> not interfere with any OpenFlow controllers. (Unless, of course, it's
> specifically dropping those flows, which is probably a configuration
> problem anyway.)
I did a few experiments and it looks like iptables and NAT will do what I want.
I'll assign dom0 and the helper domains link-local 169.254.* addresses on a
private network and then use a DNAT iptables rule to readdress traffic heading
to a port on the dom0 management ip. No additional openflow hackery needed [a
pity because I was looking forward to playing with it more :)]
Thanks,
Dave
>
> We should be able to come up with a solution that works for you, so let
> me know if none of those suggestions seems appropriate.
>
> --Justin
>
> (I don't know how this became such a parenthetical message.)
>
>
> On Oct 5, 2010, at 7:31 AM, Dave Scott wrote:
>
> > Hi,
> >
> > I'm currently exploring ways of moving parts of XenServer/XCP's
> domain0 into helper domains and I think the openvswitch may be able to
> help. FYI here's the kind of thing I'm thinking of:
> >
> > * Client sends HTTP request to domain0's management IP (call this M)
> > * xapi binds a random local port on the management IP (call this P)
> > * xapi boots up a helper domain, tells it to listen on M:P
> > * xapi uses openflow (or ovs-ofctl) to program the local openvswitch
> to redirect TCP traffic to M:P to the helper domain's switch port,
> while translating the MACs using mod_dl_{src,dst}
> > * xapi issues an HTTP 302 redirect to M:P
> >
> > Although sharing the management IP between two domains is a bit
> hacky :) it's nice not to require the admin to configure a means for
> xapi to allocate IP addresses for all its non-domain0 children.
> >
> > Apart from comments on the general (in)sanity (which I'm also
> interested in), I'm curious about how connecting a controller would
> affect this scheme. My understanding is that the controller "owns" all
> the rules in the lower switches: would a controller always wipe out
> these "local" rules I've added, or does that just depend on the
> controller? Is there any general way to prevent a controller doing that,
> for some small subset of the rules?
> >
> > Any comments appreciated.
> >
> > Cheers,
> > Dave
> >
> >
> > _______________________________________________
> > discuss mailing list
> > discuss@openvswitch.org
> > http://openvswitch.org/mailman/listinfo/discuss_openvswitch.org
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss_openvswitch.org
