[Openstack] [neutron] - vlan-aware-vms

Wed, 13 Jul 2016 09:08:51 -0700 

Below is the latest spec for vlan-aware-vms
https://specs.openstack.org/openstack/neutron-specs/specs/newton/vlan-aware-vms.html



I have a quick question on the above. (multi-tenancy).
Assume the case of nested containers in a VM.
Yes, the containers can be in different networks of the same tenant and the 
above blue-print will handle the case very well. How does it work when the 
containers are in different networks in different tenants ?
The trick is to create neutron ports (for the subports) and then link them to 
the trunk port using
neutron trunk-subport-add TRUNK \   PORT[,SEGMENTATION-TYPE,SEGMENTATION-ID] \  
 [PORT,...]

In the above command all the neutron ports (trunk  ports and subports) must be 
in the same tenant.As far as I know, a tenant will not see neutron ports from 
another tenant.    Or will this command allow
neutron ports from different tenants to be attached ?
Solution1:

C1(ten1)   C2(ten2)|                   |--------------------------------OVS 
bridge inside VM--------------------------------|| Trunk 
port|------------------------br-trunk (vlan-aware-vms 
spec)--------------------------------------------
E.g.  VM "X" consists of containers C1 in Tenant 1 with portID = C10000 
(network dn1)container C2 in Tenant 2 with portID = C20000 (network dn2)The 
trunk port of VM "X" is in tenant 100 with portID = T10000 (network dt)
Will the above command allow a neutron trunk to have neutron sub-ports in 
different tenants ?
neutron trunk-subport-add T10000 \   A  vlan 10000 \   B vlan 20000

Solution2:Have a separate trunk port for each tenant connected to the vM
C1(Ten1)    C2(Ten2)|                    ||                    
|-------------------------------OVS bridge inside 
VM--------------------------------|                              ||Trunk(Ten1)  
        | (Trunk(Ten2)|                              
|---------------------------------br-trunk (vlan-aware-vms 
spec)---------------------------------------
If the approach is solution2, then the issue is that Nova will notallow a 
neutron port to be attached to a VM (if the neutron portbelongs to another 
tenant).   

Any pointers will be highly appreciated.
thanks,Farhad.








_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Reply via email to