On 11/03/2015 03:13 PM, Ben Pfaff wrote: > On Nov 3, 2015 11:57 AM, "Ben Pfaff" <b...@nicira.com > <mailto:b...@nicira.com>> wrote: >> >> On Tue, Oct 27, 2015 at 01:14:42AM -0500, v_d...@dell.com wrote: >> > I am currently exploring Service Function Chaining (SFC) >> > implementation using OVN and would like to hear thoughts from the >> > community. >> > >> > Has anyone implemented Service Function Chaining using OVN project and >> > would be willing to share his/her experiences? There are proposals for >> > adding NSH header as well as leveraging MPLS headers (interim solution >> > for lack of NSH support) for SFC but can someone more experienced in >> > this topic share if those modifications are really necessary for real >> > world SFC use cases? >> > >> > With the native support for L2 overlays and ACLs inherently built into >> > OVN, I am wondering if we are better off creating point to point >> > overlay networks between the VNFs and using ACLs for traffic >> > classification. Or is there more to it than that? >> >> Justin, Russell, Thomas, and I brainstormed together about SFC a bit in >> Tokyo. There was a brief discussion related to the topic on the >> openstack-dev list last week as well (see the thread >> "[neutron][networking-sfc] API clarification questions"). Thomas built >> a strawman prototype, I believe, though as I understand it the >> conversation on openstack-dev meant that it implemented an inadequate >> model. >> >> I don't know what the immediate plans are, but I expect that there'll be >> a place for SFC in OVN. > > Correction: Russell wrote the prototype. >
Yeah, I tried to build a prototype but it's inadequate for a few reasons, so it needs a do-over. I think I understand the problem better, at least. :-) I basically modeled it as a chain of logical ports all on the same logical switch. If those constraints were valid, we can send the packet through a chain without having to modify the source/dest IP, or even the source/dest MAC. We need to support more interesting chains, which means we need to pass around some additional metadata. We can do that with Geneve. We also need to expose some metadata about the chain into the VM (VNF) itself. There's lots of ways we could do that, but there seems to be more momentum behind NSH for this for whatever reason. We can actually decouple how we pass metadata between hosts from how we communicate chain related metadata in/out of a VNF. If NSH gets into OVS, we can use it for SFC as well. It probably makes sense to add NSH as a generic encap for OVN. We could also use it only to pass metadata in/out of a VNF if we wanted. In the meantime, we can be working on how to model this properly in OVN_Northbound, as well as trying to work out a reasonable implementation based on Geneve. The modeling in my prototype isn't expressive enough. -- Russell Bryant _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
