[openstack-dev] [neutron][networking-sfc] API clarification questions

Russell Bryant rbryant at redhat.com
Wed Oct 28 08:27:04 UTC 2015

----- Original Message -----
> Hi Russell,
> Please see my replies inline.
> Thanks,
> Cathy
> -----Original Message-----
> From: Russell Bryant [mailto:rbryant at redhat.com]
> Sent: Wednesday, October 28, 2015 4:21 PM
> To: OpenStack Development Mailing List; Cathy Zhang; Henry Fourie
> Subject: [neutron][networking-sfc] API clarification questions
> I read through the proposed SFC API here:
> http://docs.openstack.org/developer/networking-sfc/api.html
> I'm looking at implementing what would be required to support this API in
> OVN.  I have a prototype, but I had to make some pretty big assumptions, so
> I wanted to clarify the intent of the API.
> First, does it assume that all of the neutron ports in a chain are on the
> same Neutron network?  That keeps things simple.  If its intended to allow a
> chain of ports on different networks, is it just required that you pick
> ports that all have addresses routable from one port to the next in the
> chain?
> Cathy> It can allow a chain of ports on different networks as along it
> belongs to the same tenant. Yes, it is required that you pick ports that all
> have addresses routable from one port to the next in the chain.

Thanks.  I think it would be good to clarify this in the API doc, so it's clear what makes a valid set of ports in a chain.

> An arbitrary set of ports can't always work, so there has to be some bounds
> around what set of ports are valid to be in a chain.
> Second, where is it expected that the match is applied?  The API for creating
> a port chain doesn't associate the chain with a network, but just matching
> "globally" doesn't make any sense.  If all ports are expected to be on the
> same network, is the match applied for any traffic entering that network
> from any port?
> Cathy> As long as the ports are routable, they do not need to associated with
> the same network.

Let me rephrase the question ... where is the flow classifier applied?  What traffic exactly?  "All traffic on all networks accessible to the tenant who created the port chain" doesn't seem right to me, but the API doesn't seem to specify it.


More information about the OpenStack-dev mailing list