Open Stack

On Wed, Sep 18, 2013 at 9:09 PM, Ramon Acedo <ramon.acedo at ubuntu.com> wrote:

> Hi Rahul,
>
> On 12 September 2013 18:58, Rahul Sharma <rahulsharmaait at gmail.com> wrote:
>
>>
>> Today we were able to achieve the end-to-end flow of traffic by adding
>> rules manually to the openvswitch-switches in nova-compute vm. If support
>> for the configuring flows in switches is added through API's, maybe we can
>> support openvswitch as well. Though, ideally one should not use vSwitch as
>> its having minimal capabilities and one should always go with the DVS for
>> ESX.
>>
>
> Would you mind sharing the rules you used for Open vSwitch to allow the
> traffic flow through the Nova Compute VM?
>
> Using vSphere DVS or vSphere standard vSwitch shouldn't make any
> difference for this setup (it does in the vSphere network design though).
>
>
Hmm, I am not sure whether vSphere DVS performs intelligent MAC learning
which vSwitch lacks, but if it does, then we can use port-group br-int
without adding it in promiscuous mode.

Ideally, nova-compute vm should not be dependent on its placement with
respect to the physical compute node, so the design should be that all the
traffic of instances should be sent out using br-int to physical switch,
and then should be forwarded to eth2 of compute-vm. Also, segregation based
on tenant can be achieved by creating port-groups of different vlan-id for
each tenant and attaching those port-groups to instances, rather than the
current "br-int" of vswitch. If all these things are taken care, and flows
are added to OVS, then we can achieve quantum-networking using OVS in
vSphere similar to the the one in KVM.


> In the network plugin compatibility matrix with compute drivers [1] it
> says that only Nicira NVP and Plumgrid are supported with VMware ESXi as
> Nova Compute, which is different from the vSphere DVS (Distributed
> vSwitch). However, I believe that Open vSwitch has everything it's needed
> to provide the same level of functionality with ESXi/vCenter than with KVM
> OpenStack setups (including per tenant network isolation).
>
>
Yes, I agree to that. Only thing which is missing is the proper design to
achieve the same on ESXi/vCenter.


> Thanks!
>
> [1]
> http://docs.openstack.org/trunk/openstack-network/admin/content/flexibility.html
>

-Regards
Rahul Sharma
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130919/201ae019/attachment.html>