Open Stack

Certainly, let’s talk next week in Paris.

On Oct 29, 2014, at 12:11 PM, Cory Benfield <Cory.Benfield at metaswitch.com> wrote:

>> Some of us are looking at a different model. I’d be interested in your thoughts.
> 
> Fred,
> 
> Thanks for the link to the drafts. They look extremely similar to the 
> approach we've been pursuing for Project Calico, and it's good to see 
> that we're not the only people thinking in this direction.
> 
> It looks like the main differences between our approach and yours are 
> that we've tried to come up with a model that works both for IPv4 and 
> IPv6 (although we agree that moving the data center fabric to IPv6 has a 
> lot of advantages - e.g. we are planning on using 464XLAT as the 
> mechanism to handle IPv4 overlap).  Given this, we've focused our 
> policy/security model on ACLs rather than flow labels.  An interesting 
> derivative effect of that choice is that any policy or security model 
> can be enforced (such as intra-tenant controls, extra-cloud controls, 
> etc).
> 
> As a side note, we have been interested in using flow labels as 
> namespace identifiers and for SFC.  Recently, we have moved away from 
> that thinking given the guidance that the flow label should be not be 
> modified in flight.  If you believe that such modifications will be 
> acceptable, we would love to discuss that with you, and see where we can 
> collaborate.
> 
> As it is, I believe our proposed changes to Nova and Neutron should be 
> generic enough to provide a basis for implementing your approach as well 
> as supporting our Project Calico ML2 driver. If they aren't, we should 
> work together to make whatever changes we have to make to achieve that 
> generality.
> 
> It might also be worth checking out our agent code[0]. It's in the 
> middle of a rewrite at the minute so the code is unfinished, but it 
> handles a lot of what you'd be doing with your proposed drafts. 
> Hopefully it'd be a useful jumping off point.
> 
> Cory
> 
> [0]: https://github.com/Metaswitch/calico/tree/master/calico/felix
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141029/9d6c7b37/attachment.pgp>