Hi Andy, 

Assuming the “controller” configures the fw via apis and only interacts with 
the apps (not session/transport layers in vpp) for session setup/teardown, it 
should be possible. Or, in other words, session layer cannot wait for a 
decision to be made by some remote enforcement point. It does however handle 
applications’ refusal to accept new sessions. 

Regards, 
Florin

> On Sep 30, 2021, at 11:39 PM, Andy Ye <andy...@gmail.com> wrote:
> 
> Hi Florin,
> 
> Thank you for your reply!
> 
> "For instance, running apps within the vms that attach to their respective 
> vpps via vcl and then report their connections to a central point, over the 
> network (so potentially over vcl), should be possible."
> 
> This is partially of the intention. To be clearer, what those vpps on 
> different vms do, can be just all process network packets (setup/teardown 
> sessions) applying some firewall rules, behind a load balancer, the central 
> managed "controller" will host the one big session table with certain network 
> resources (i.e. IPs) under single policy across all the vpps over different 
> vms.
> 
> Hope this helps you understand better, is that feasible?
> 
> Best, 
> --Andy
> 
> On Thu, Sep 30, 2021, 6:01 PM Florin Coras <fcoras.li...@gmail.com 
> <mailto:fcoras.li...@gmail.com>> wrote:
> Hi Andy, 
> 
> Let me check if I understood your question correctly: you want sessions 
> within multiple vpps, running in separate vms, to be centrally managed?
> 
> If that’s so, it depends what “centrally managed” means. For instance, 
> running apps within the vms that attach to their respective vpps via vcl and 
> then report their connections to a central point, over the network (so 
> potentially over vcl), should be possible. Within such a setup, the 
> “controller” can then control the behavior of the apps, i.e., sessions they 
> accept and connect. On the other hand, if the controller wants a unified view 
> of all session/transport layer state in all vpps, that doesn’t sound feasible 
> as it is too much information and too dynamic.  
> 
> Out of curiosity, why would you want to do that? 
> 
> Regards,
> Florin
> 
> > On Sep 30, 2021, at 4:37 PM, andy...@gmail.com <mailto:andy...@gmail.com> 
> > wrote:
> > 
> > Hi,
> > 
> > Want to check the feasibility of using vpp vnet/session VCL frameworks to 
> > centrally manage sessions across multiple vm/hosts' vpps (dataplanes). 
> > multiple vpps on the same vm/host session management is straightforward, we 
> > can just use shm to do so. But for across vm/hosts vpps to share the same 
> > session table, will vpp vnet/session and VCL help to make session table a 
> > server-side app?
> > 
> > Thanks,
> > --Andy 
> > 
> > 
> 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#20271): https://lists.fd.io/g/vpp-dev/message/20271
Mute This Topic: https://lists.fd.io/mt/85987392/21656
Mute #vpp-hoststack:https://lists.fd.io/g/vpp-dev/mutehashtag/vpp-hoststack
Mute #vpp-dev:https://lists.fd.io/g/vpp-dev/mutehashtag/vpp-dev
Mute 
#control_and_data_plane_together:https://lists.fd.io/g/vpp-dev/mutehashtag/control_and_data_plane_together
Mute #vppctl:https://lists.fd.io/g/vpp-dev/mutehashtag/vppctl
Mute #shm:https://lists.fd.io/g/vpp-dev/mutehashtag/shm
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to