[openstack-dev] [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] SFC andOVN

Na Zhu nazhu at cn.ibm.com
Fri Jun 17 01:38:40 UTC 2016


Hi John,

What about this, in the first phase, we support the basic functionality, 
we do not consider the VF type, we change the packet dst mac to the next 
hop VF ingress port mac.
If we need some extension for special use case, we do it in next phase.

So, let's nail down the schema first. 
As Cathy points, the flow classifier of port chain can be zero, one or 
multiple, so i will change "flow_classifier" in table "Logical_Port_Chain" 
to "flow_classifiers",
And do you really think "port-pairs" in table "Logical_Switch" is 
necessary, you said it was for reusable VNF, what do you mean?

I plan to add the code about port chain delete and update to 
networking-sfc and debug the code changes.



Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:   John McDowall <jmcdowall at paloaltonetworks.com>
To:     Na Zhu/China/IBM at IBMCN
Cc:     discuss <discuss at openvswitch.org>, Srilatha Tangirala 
<srilatta at us.ibm.com>, "OpenStack Development Mailing List (not for usage 
questions)" <openstack-dev at lists.openstack.org>
Date:   2016/06/17 08:15
Subject:        Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN



Juno,

At a high level I agree with you, however if the OVN rules expect the 
return flows from the VNF to be a particular ¡°type L2/L3/Tunnel¡± that is 
modified  ¡°VLAN/IP/Encap¡± as the flow progresses there should be a 
control channel to enable the infrastructure SFC/OVN to communicate the 
requirements to the VNF or vice versa. 

I am just not sure a solution will scale if it requires manual setting of 
the system, but I may be over thinking the problem.

Regards

John

From: Na Zhu <nazhu at cn.ibm.com>
Date: Thursday, June 16, 2016 at 6:47 AM
To: John McDowall <jmcdowall at paloaltonetworks.com>
Cc: discuss <discuss at openvswitch.org>, Srilatha Tangirala <
srilatta at us.ibm.com>, "OpenStack Development Mailing List (not for usage 
questions)" <openstack-dev at lists.openstack.org>
Subject: Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN

Hi John,

I think for SFC, no need to care about the type of VNF. OVN should focus 
on how to send the traffic to right VNF, for example, the flow can match 
egress port of port-pair and then change the dst MAC to the next VNF 
ingress port MAC, the subsequent flow forward pkts based on the dst MAC.

Pls take a look at the following link section "Data Path Encapsulation 
Flow"
https://wiki.openstack.org/wiki/Neutron/ServiceInsertionAndChaining  

In fact, current SFC ovs driver does not care about the VNF type, but SFC 
provide framework to do special handle for some special use case, the 
driver can add its own port pair parameters and port chain parameters.

Pls correct me if I am wrong.


Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:        Na Zhu/China/IBM at IBMCN
To:        John McDowall <jmcdowall at paloaltonetworks.com>
Cc:        Srilatha Tangirala <srilatta at us.ibm.com>, "OpenStack 
Development Mailing List \(not for usage questions\)" <
openstack-dev at lists.openstack.org>, discuss <discuss at openvswitch.org>
Date:        2016/06/16 10:58
Subject:        Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN



Hi John,

You teach me a lesson, you have a good insight on SFC. I think you are 
right, there are several models of VNF, can we figure out a common way for 
the different models, like ovs driver?

To make the SFC work, the admin need to know what's the VNF and how to 
configure it, we can do enhancement to meet some special cases, the 
networking-sfc provide
a good framework to do it, the driver can add its own port pair parameters 
and port chain parameters.


Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:        John McDowall <jmcdowall at paloaltonetworks.com>
To:        Na Zhu/China/IBM at IBMCN
Cc:        discuss <discuss at openvswitch.org>, "OpenStack Development 
Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org
>, "Srilatha Tangirala" <srilatta at us.ibm.com>
Date:        2016/06/16 06:51
Subject:        Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN



Juno,

Apologies ¨C I see your issue now, also I have got nothing done today ¨C got 
sucked into an all day meeting. I was thinking very much from a  ovs/ovn 
perspective and also my first prototype was very simple. 

So while in networking=sfc/ovn the port-cahin does not have a switch I 
think port-chain needs a lswitch context as that is where the port-chain 
table is created. Let me try and lay this out. I am not sure if I am 
getting this right but it is a starting point for discussion and comment 
by the community.

The first thing is that there could be three different types of VNF¡¯s, 
L3, L2, and Bump in the Wire (BITW). I am not sure if it would be possible 
to mix and match these different types in a series of port-pair-groups. 
Also as a first phase I have been trying to remove the need for the VNF to 
participate in the service chain (or be aware of it). In addition I also 
wanted to remove the need for any ¡°proxy¡± as documented in the NSH 
model, by moving a lot of the functionality to the ovn-northd.

Mode 1: BITW
1.        Port-Pairs: The logical ports need to be on the same logical 
switch
2.        Port-pair-groups: They are made up of sets of port-pairs, until 
we see the load-balancing proposal for ovs/ovn not sure if port-pairs can 
be on different logical switches or not. This translates to a set of rules 
in the port-chain table that chains output ports of one VNF to the input 
port of the next VNF, until the last VNF when the traffic is forwarded to 
the final destination of the packet. If the port-chain is bi-directional 
then the rule set has to be implemented in reverse (many VNF¡¯s Firewalls, 
Load Balancers etc need to see both legs of the traffic).
3.        Flow-classifier: Is a set of rules that are set as an ACL rule 
with first logical port of the first pair in the first port-pair-group. 
Likewise if the port-chain is bi-directional then the rules have to be 
symmetric to steer the traffic in both directions.
4.        Port-chain: defined on the same logical switch as the first 
logical-source-port of the flow-classifier, as this is where the 
port-chain table is created and the rules for traffic steering are 
inserted.
Mode 2: L2

I think this would be similar to the BITH case but instead of steering by 
logical ports the steering would be done by VLAN tags. This would also 
mean that the VNFs would have to be aware of the steering rules and be 
able to manipulate VLAN tags.

Mode 3: L3

This would require the VNF¡¯s to be aware of the routing rules and set 
static routes/net hop rules for each step in the service chain. 

Modes 2 & 3 would require a much more sophisticated control plane to 
program both OVN and the VNFs.

Thoughts?

John
From: Na Zhu <nazhu at cn.ibm.com>
Date: Tuesday, June 14, 2016 at 9:41 PM
To: John McDowall <jmcdowall at paloaltonetworks.com>
Cc: discuss <discuss at openvswitch.org>, "OpenStack Development Mailing List 
(not for usage questions)" <openstack-dev at lists.openstack.org>, Srilatha 
Tangirala <srilatta at us.ibm.com>
Subject: Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN

John,

I am not taking about your script.
I am talking about the SFC configuration in neutron, the steps are 
1, create flow-classifer
2, create port-pairs
3, create port-pair-group with port-pairs
4, create port-chain with flow-classifer and port-pair-groups

So when create port-chain in neutron, the networking-sfc ovn driver call 
networking-ovn idl APIs to write port-chain parameters to northbound db,
you can see that the port-chain is not related with network, so how to get 
the lswitch in ovn driver and then write port-chain to lswitch table?




Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:        John McDowall <jmcdowall at paloaltonetworks.com>
To:        Na Zhu/China/IBM at IBMCN
Cc:        discuss <discuss at openvswitch.org>, "OpenStack Development 
Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org
>, "Srilatha Tangirala" <srilatta at us.ibm.com>
Date:        2016/06/15 11:53
Subject:        Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN



Juno,

Little different - the script I sent:

Create port-chain attached to a switch
Create a port-pair in a switch
Create a port-pair-chain attached to port-chain
Add a port-pair to port-pair-group
Create a flow-classifier added to a port-chain 
Should have a fully functional port-chain

I will add the code to steer traffic tomorrow 

Regards

John



Sent from my iPhone

On Jun 14, 2016, at 8:41 PM, Na Zhu <nazhu at cn.ibm.com> wrote:

John,

Here is the steps to configure sfc,
1, create flow-classifer
2, create port-pairs
3, create port-pair-group with port-pairs
4, create port-chain with flow-classifer and port-pair-groups

You can see that the port-chain is not related to network, my question is 
how to get the lswitch for networking-sfc and write it to database? 



Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:        John McDowall <jmcdowall at paloaltonetworks.com>
To:        Na Zhu/China/IBM at IBMCN
Cc:        discuss <discuss at openvswitch.org>, "OpenStack Development 
Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org
>, "Srilatha Tangirala" <srilatta at us.ibm.com>
Date:        2016/06/15 11:31
Subject:        Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN



Juno,

It is a container for port-pair-groups and flow-classifier. I imagine 
there could be more the than one port-chain per switch. Also we may want 
to extend the model beyond a single lswitch 

Regards

John

Sent from my iPhone

On Jun 14, 2016, at 8:09 PM, Na Zhu <nazhu at cn.ibm.com> wrote:

Hi John,

Another question, I think port-chain is irrelevant with lswitch, one 
port-chain includes multiple port-pair-groups and one flow-classifier, how 
to get the lswitch by port-chain?




Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:        John McDowall <jmcdowall at paloaltonetworks.com>
To:        Na Zhu/China/IBM at IBMCN
Cc:        discuss <discuss at openvswitch.org>, "OpenStack Development 
Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org
>, "Srilatha Tangirala" <srilatta at us.ibm.com>
Date:        2016/06/15 11:04
Subject:        Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN



The reason I did that was to be able to create reusable VNF's

Regards

John

Sent from my iPhone

On Jun 14, 2016, at 7:15 PM, Na Zhu <nazhu at cn.ibm.com> wrote:

John,

Since you have port-chain as child of lswitch, do you need port-pairs as 
child of lswitch any more?





Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:        Na Zhu/China/IBM
To:        John McDowall <jmcdowall at paloaltonetworks.com>
Cc:        discuss <discuss at openvswitch.org>, "OpenStack Development 
Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org
>, "Srilatha Tangirala" <srilatta at us.ibm.com>
Date:        2016/06/15 09:11
Subject:        Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN


John,

OK, I will change networking-ovn IDL to align with the new schema.




Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)




From:        John McDowall <jmcdowall at paloaltonetworks.com>
To:        Na Zhu/China/IBM at IBMCN
Cc:        discuss <discuss at openvswitch.org>, "OpenStack Development 
Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org
>, "Srilatha Tangirala" <srilatta at us.ibm.com>
Date:        2016/06/15 08:30
Subject:        Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN



Juno,

I worked on ovs/ovn today and re-structured the schema. I could not figure 
out how to make this work without have lport-chains as a child of lswitch. 
So I have got the basics working ¨C attached a simple shell script that 
creates and shows the port-chains. I tried to merge with the upstream 
master but there are a bunch of changes that while minor would have taken 
sometime to merge in, so I skipped it for now.

The new schema will break the networking-ovn IDL, apologies.  The areas I 
can think of are:

Port-chain is now a child of lswitch so needs that as a parameter.
Flow-classifier is now a child of port-chain only so need to change from 
lswitch to lport-chain

If you can work on the changes to networking-ovn great (I promise not to 
change the schema again until we have had a wider review). If not I will 
get to it tomorrow. 

Regards

John

From: Na Zhu <nazhu at cn.ibm.com>
Date: Monday, June 13, 2016 at 9:57 PM
To: John McDowall <jmcdowall at paloaltonetworks.com>
Cc: discuss <discuss at openvswitch.org>, "OpenStack Development Mailing List 
(not for usage questions)" <openstack-dev at lists.openstack.org>, Srilatha 
Tangirala <srilatta at us.ibm.com>
Subject: Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN

Hi John,

OK, I also find the column "port_pairs" and "flow_classifiers" can not be 
wrote by idl APIs, I will try to fix it.
If any update, i will send you email.



Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:        John McDowall <jmcdowall at paloaltonetworks.com>
To:        Na Zhu/China/IBM at IBMCN
Cc:        "OpenStack Development Mailing List (not for usage questions)" 
<openstack-dev at lists.openstack.org>, discuss <discuss at openvswitch.org>, 
Srilatha Tangirala <srilatta at us.ibm.com>
Date:        2016/06/14 12:17
Subject:        Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN



Juno,

Trying to implement this today showed that this will not work for OVN. I 
am going back to RussellB 's original model with port-chain as a child of 
lswitch. 

I can make this work and then we can evolve from there. It will require 
some re-write of the idl code - hopefully I will get it done tomorrow.

Regards

John

Sent from my iPhone

On Jun 13, 2016, at 8:41 PM, Na Zhu <nazhu at cn.ibm.com> wrote:

Hi John,

I see you add column "port_pairs" and "flow_classifiers" to table 
Logical_Switch, I am not clear about it, the port-pair ingress port and 
egress port can be the same, they also can be different and in 
same/different network, and the flow classifier is not per network 
neither, can you explain why you do that?




Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:        Na Zhu/China/IBM at IBMCN
To:        John McDowall <jmcdowall at paloaltonetworks.com>
Cc:        Srilatha Tangirala <srilatta at us.ibm.com>, "OpenStack 
Development Mailing List \(not for usage questions\)" <
openstack-dev at lists.openstack.org>, discuss <discuss at openvswitch.org>
Date:        2016/06/14 10:44
Subject:        Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN



Hi John,

My github account is JunoZhu, pls add me as member of your private repo.
If you submit WIP patch today, then i can update your WIP patch, no need 
to update your private repo.
If not, i will update your private repo.

Thanks.



Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:        John McDowall <jmcdowall at paloaltonetworks.com>
To:        Na Zhu/China/IBM at IBMCN
Cc:        discuss <discuss at openvswitch.org>, Srilatha Tangirala <
srilatta at us.ibm.com>, "OpenStack Development Mailing List (not for usage 
questions)" <openstack-dev at lists.openstack.org>
Date:        2016/06/13 23:55
Subject:        Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN



Juno,

What ever is easiest for you ¨C I can submit WIP patches today for 
networking-ovn and networking-ovs. If you send me your github login I will 
add you as a collaborator to my private repo. 

I am currently working on getting the changes into ovs/ovn ovn-northd.c to 
support the new schema ¨C hopefully today or tomorrow. Most of the IDL is 
in and I can get info from networking-sfc to ovs/ovn northd.

Regards

John
From: Na Zhu <nazhu at cn.ibm.com>
Date: Monday, June 13, 2016 at 6:25 AM
To: John McDowall <jmcdowall at paloaltonetworks.com>
Cc: discuss <discuss at openvswitch.org>, Srilatha Tangirala <
srilatta at us.ibm.com>, "OpenStack Development Mailing List (not for usage 
questions)" <openstack-dev at lists.openstack.org>
Subject: Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN

Hi John,

I know you are busy recently, sorry to disturb you. I want to ask you 
whether I can submit patch to your private repo, I test your code changes 
and find some minor errors, I think we can work together to make the debug 
work done faster, then you can submit the WIP patch.

What do you think? 




Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:        Na Zhu/China/IBM at IBMCN
To:        John McDowall <jmcdowall at paloaltonetworks.com>
Cc:        Srilatha Tangirala <srilatta at us.ibm.com>, "OpenStack 
Development Mailing List \(not for usage questions\)" <
openstack-dev at lists.openstack.org>, discuss <discuss at openvswitch.org>
Date:        2016/06/09 16:18
Subject:        Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN



Hi John,

I know most of the OVN driver codes are copied from OVS driver, OVN driver 
is different from OVS driver. For OVS driver, it should build the sfc 
flows and send to ovs agent, while OVN controller does not need to do it, 
OVN controller only need send the sfc parameters to OVN northbound DB, 
then ovn-controller can build the sfc flow.

networking-sfc defines some common APIs for each driver, see 
networking_sfc/services/sfc/drivers/base.py, I think for OVN, we only need 
write the methods about port-chain create/update/delete, and leave other 
method empty, What do you think? 
If you agree with me, you have to refactor the OVN sfc driver, do you want 
me to do it?



Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:        John McDowall <jmcdowall at paloaltonetworks.com>
To:        Amitabha Biswas <azbiswas at gmail.com>
Cc:        Na Zhu/China/IBM at IBMCN, Srilatha Tangirala <srilatta at us.ibm.com
>, "OpenStack Development Mailing List (not for usage questions)" <
openstack-dev at lists.openstack.org>, discuss <discuss at openvswitch.org>
Date:        2016/06/09 00:53
Subject:        Re: [ovs-discuss] [openstack-dev] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN



Amitabha,

Thanks for looking at it . I took the suggestion from Juno and implemented 
it. I think it is a good solution as it minimizes impact on both 
networking-ovn and networking-sfc. I have updated my repos, if you have 
suggestions for improvements let me know.

I agree that there needs to be some refactoring of the networking-sfc 
driver code. I think the team did a good job with it as it was easy for me 
to create the OVN driver ( copy and paste). As more drivers are created I 
think the model will get polished and refactored.

Regards

John

From: Amitabha Biswas <azbiswas at gmail.com>
Date: Tuesday, June 7, 2016 at 11:36 PM
To: John McDowall <jmcdowall at paloaltonetworks.com>
Cc: Na Zhu <nazhu at cn.ibm.com>, Srilatha Tangirala <srilatta at us.ibm.com>, 
"OpenStack Development Mailing List (not for usage questions)" <
openstack-dev at lists.openstack.org>, discuss <discuss at openvswitch.org>
Subject: Re: [ovs-discuss] [openstack-dev] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN

Hi John, 

Looking at the code with Srilatha, it seems like the 
https://github.com/doonhammer/networking-ovnrepo has gone down the path of 
having a sfc_ovn.py file in the networking-ovn/ovsdb directory. This file 
deals with the SFC specific OVSDB transactions in OVN. So to answer your 
question of invoking OVS-IDL, we can import the src_ovn.py file from 
networking_sfc/services/src/drivers/ovn/driver.py and invoke calls into 
IDL.

Another aspect from a networking-sfc point of view is the duplication of 
code between networking_sfc/services/src/drivers/ovn/driver.py and 
networking_sfc/services/src/drivers/ovs/driver.py in the 
https://github.com/doonhammer/networking-sfcrepo. There should be a 
mechanism to coalesce the common code and invoke the OVS and OVN specific 
parts separately.

Regards
Amitabha

On Jun 7, 2016, at 9:54 PM, John McDowall <jmcdowall at paloaltonetworks.com> 
wrote:

Juno, Srilatha,

I need some help ¨C I have fixed most of the obvious typo¡¯s in the three 
repos and merged them with mainline. There is still a problem with the 
build I think in mech_driver.py but I will fix it asap in the am.

However I am not sure of the best way to interface between sfc and ovn.

In networking_sfc/services/src/drivers/ovn/driver.py there is a function 
that creates a deep copy of the port-chain dict, 
create_port_chain(self,contact,port_chain). 

Looking at networking-ovn I think it should use mech_driver.py so we can 
call the OVS-IDL to send the parameters to ovn. However I am not sure of 
the best way to do it. Could you make some suggestions or send me some 
sample code showing the best approach?

I will get the ovs/ovn cleaned up and ready. Also Louis from the 
networking-sfc has posted a draft blueprint.

Regards

John

From: Na Zhu <nazhu at cn.ibm.com>
Date: Monday, June 6, 2016 at 7:54 PM
To: John McDowall <jmcdowall at paloaltonetworks.com>, Ryan Moats <
rmoats at us.ibm.com>
Cc: "discuss at openvswitch.org" <discuss at openvswitch.org>, "OpenStack 
Development Mailing List (not for usage questions)" <
openstack-dev at lists.openstack.org>, Srilatha Tangirala <
srilatta at us.ibm.com>
Subject: Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN

Hi John,

I do not know any better approach, I think it is good to write all the 
parameters in the creation of a port chain, this can avoid saving many 
data in northbound db which are not used. We can do it in that way 
currently, if the community has opposite ideas, we can change, what do you 
think?

Hi Ryan,

Do you agree with that?



Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:        John McDowall <jmcdowall at paloaltonetworks.com>
To:        Na Zhu/China/IBM at IBMCN
Cc:        "discuss at openvswitch.org" <discuss at openvswitch.org>, Ryan Moats 
<rmoats at us.ibm.com>, Srilatha Tangirala <srilatta at us.ibm.com>, "OpenStack 
Development Mailing List (not for usage questions)" <
openstack-dev at lists.openstack.org>
Date:        2016/06/06 23:36
Subject:        Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN



Juno,

Let me check ¨C my intention was that the networking-sfc OVNB driver would 
configure all aspects of the port-chain and add the parameters to the 
networking-sfc db. Once all the parameters were in the creation of a 
port-chain would call networking-ovn (passing a deep copy of the 
port-chain dict). Here I see networking-ovn acting only as a bridge into 
ovs/ovn (I did not add anything in the ovn plugin ¨C not sure if that is 
the right approach). Networking-ovn calls into ovs/ovn and inserts the 
entire port-chain.

Thoughts?

j

From: Na Zhu <nazhu at cn.ibm.com>
Date: Monday, June 6, 2016 at 5:49 AM
To: John McDowall <jmcdowall at paloaltonetworks.com>
Cc: "discuss at openvswitch.org" <discuss at openvswitch.org>, Ryan Moats <
rmoats at us.ibm.com>, Srilatha Tangirala <srilatta at us.ibm.com>, "OpenStack 
Development Mailing List (not for usage questions)" <
openstack-dev at lists.openstack.org>
Subject: Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] 
[networking-sfc] SFC andOVN

Hi John,

One question need confirm with you, I think the ovn flow classifier driver 
and ovn port chain driver should call the APIs which you add to 
networking-ovn to configure the northbound db sfc tables, right? I see 
your networking-sfc ovn drivers, they does not call the APIs you add to 
networking-ovn, do you miss that?



Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:        Na Zhu/China/IBM at IBMCN
To:        John McDowall <jmcdowall at paloaltonetworks.com>
Cc:        Srilatha Tangirala <srilatta at us.ibm.com>, OpenStack Development 
Mailing List <openstack-dev at lists.openstack.org>, Ryan Moats <
rmoats at us.ibm.com>, "discuss at openvswitch.org" <discuss at openvswitch.org>
Date:        2016/06/06 14:28
Subject:        Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn]   
  [networking-sfc] SFC andOVN



John,

Thanks your working overtime in last weekend, now we have the following 
works to do:
1, submit design spec to networking-sfc
2, submit the RFC to ovs community
3, debug end-to-end about your code changes.
4, submit the initial patch to networking-sfc
5, submit the initial patch to ovs community
6, submit the initial patch to networking-ovn 

Do you have plan to start #1 and #2 now? I think it can be done in 
parallel with the other tasks.
Srilatha and I can start #4 and #6, we need to look at your code changes 
and write the unit test scripts for your code changes and then submit to 
community, what do you think?




Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:        John McDowall <jmcdowall at paloaltonetworks.com>
To:        Na Zhu/China/IBM at IBMCN
Cc:        "discuss at openvswitch.org" <discuss at openvswitch.org>, "OpenStack 
Development Mailing List" <openstack-dev at lists.openstack.org>, Ryan Moats 
<rmoats at us.ibm.com>, Srilatha Tangirala <srilatta at us.ibm.com>
Date:        2016/06/06 11:35
Subject:        Re: [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] 
SFC andOVN



Juno and team,

I have written and compiled (but not tested ) the ovs/ovn interface to 
networking-ovn and similarly I have written but not tested the IDL 
interfaces on the networking-ovn side. I will put it all together tomorrow 
and start debugging end to end. I know I am going to find a lot of issues 
as it is a major rewrite from my original interface to networking-sfc ¨C it 
is the right path (IMHO) just a little more work than I expected.

I have merged my repos with the upstream masters and I will keep them sync
¡¯ed so if you want to take a look and start thinking where you can help 
it would be really appreciated.

Regards

John

From: Na Zhu <nazhu at cn.ibm.com>
Date: Saturday, June 4, 2016 at 6:30 AM
To: John McDowall <jmcdowall at paloaltonetworks.com>
Cc: "discuss at openvswitch.org" <discuss at openvswitch.org>, OpenStack 
Development Mailing List <openstack-dev at lists.openstack.org>, Ryan Moats <
rmoats at us.ibm.com>, Srilatha Tangirala <srilatta at us.ibm.com>
Subject: Re: [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] SFC 
andOVN

Hi John,

OK, please keep me posted once you done, thanks very much.




Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:        John McDowall <jmcdowall at paloaltonetworks.com>
To:        Na Zhu/China/IBM at IBMCN
Cc:        "discuss at openvswitch.org" <discuss at openvswitch.org>, "OpenStack 
Development Mailing List" <openstack-dev at lists.openstack.org>, Ryan Moats 
<rmoats at us.ibm.com>, Srilatha Tangirala <srilatta at us.ibm.com>
Date:        2016/06/03 13:15
Subject:        Re: [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] 
SFC andOVN



Juno 

Whatever gets it done faster- let me get the three repos aligned. I need 
to get the ovs/ovn work done so networking-ovn can call it, and the 
networking-sfc can call networking-ovn.

Hopefully I will have it done tomorrow or over the weekend - let's touch 
base Monday or Sunday night.

Regards 

John

Sent from my iPhone

On Jun 2, 2016, at 6:30 PM, Na Zhu <nazhu at cn.ibm.com> wrote:

Hi John,

I agree with submitting WIP patches to community, because you already did 
many works on networking-sfc and networking-ovn, it is better that you 
submit the initial patches about networking-sfc and networking-ovn, then 
me and Srilatha take over the patches. Do you have time to do it? if not, 
me and Srilatha can help to do it and you are always the co-author.




Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:        John McDowall <jmcdowall at paloaltonetworks.com>
To:        Na Zhu/China/IBM at IBMCN
Cc:        "discuss at openvswitch.org" <discuss at openvswitch.org>, "OpenStack 
Development Mailing List" <openstack-dev at lists.openstack.org>, Ryan Moats 
<rmoats at us.ibm.com>, Srilatha Tangirala <srilatta at us.ibm.com>
Date:        2016/06/03 00:08
Subject:        Re: [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] 
SFC andOVN



Juno,

Sure make sense. I will have ovs/ovn in rough shape by end of week 
(hopefully) that will allow you to call the interfaces from 
networking-ovn. Ryan has asked that we submit WIP patches etc so hopefully 
that will kickstart the review process.
Also, hopefully some of the networking-sfc team will also be able to help 
¨C I will let them speak for themselves.

Regards

John

From: Na Zhu <nazhu at cn.ibm.com>
Date: Wednesday, June 1, 2016 at 7:02 PM
To: John McDowall <jmcdowall at paloaltonetworks.com>
Cc: "discuss at openvswitch.org" <discuss at openvswitch.org>, OpenStack 
Development Mailing List <openstack-dev at lists.openstack.org>, Ryan Moats <
rmoats at us.ibm.com>, Srilatha Tangirala <srilatta at us.ibm.com>
Subject: Re: [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] SFC 
andOVN

Hi John,

Thanks your reply.

Seems you have covered everything :)
The development work can be broken down in 3 parts:
1, add ovn driver to networking-sfc
2, provide APIs in networking-ovn for networking-sfc 
3, implement the sfc in ovn

So what about we take part 1 and part 2, and you take part 3? because we 
are familiar with networking-sfc and networking-ovn and we can do it 
faster:)





Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:        John McDowall <jmcdowall at paloaltonetworks.com>
To:        Na Zhu/China/IBM at IBMCN
Cc:        Ryan Moats <rmoats at us.ibm.com>, OpenStack Development Mailing 
List <openstack-dev at lists.openstack.org>, "discuss at openvswitch.org" <
discuss at openvswitch.org>, Srilatha Tangirala <srilatta at us.ibm.com>
Date:        2016/06/01 23:26
Subject:        Re: [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] 
SFC andOVN



Na/Srilatha,

Great, I am working from three repos:

https://github.com/doonhammer/networking-sfc
https://github.com/doonhammer/networking-ovn
https://github.com/doonhammer/ovs

I had an original prototype working that used an API I created. Since 
then, based on feedback from everyone I have been moving the API to the 
networking-sfc model and then supporting that API in networking-ovn and 
ovs/ovn. I have created a new driver in networking-sfc for ovn.

I am in the process of moving networking-ovn and ovs to support the sfc 
model. Basically I am intending to pass a deep copy of the port-chain 
(sample attached, sfc_dict.py) from the ovn driver in networking-sfc to 
networking-ovn.  This , as Ryan pointed out will minimize the dependancies 
between networking-sfc and networking-ovn. I have created additional 
schema for ovs/ovn (attached) that will provide the linkage between 
networking-ovn and ovs/ovn. I have the schema in ovs/ovn and I am in the 
process of  updating my code to support it.

Not sure where you guys want to jump in ¨C but I can help in any way you 
need.

Regards

John

From: Na Zhu <nazhu at cn.ibm.com>
Date: Tuesday, May 31, 2016 at 9:02 PM
To: John McDowall <jmcdowall at paloaltonetworks.com>
Cc: Ryan Moats <rmoats at us.ibm.com>, OpenStack Development Mailing List <
openstack-dev at lists.openstack.org>, "discuss at openvswitch.org" <
discuss at openvswitch.org>, Srilatha Tangirala <srilatta at us.ibm.com>
Subject: Re: [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] SFC 
andOVN

+ Add Srilatha.



Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)



From:        Na Zhu/China/IBM
To:        John McDowall <jmcdowall at paloaltonetworks.com>
Cc:        Ryan Moats <rmoats at us.ibm.com>, OpenStack Development Mailing 
List <openstack-dev at lists.openstack.org>, "discuss at openvswitch.org" <
discuss at openvswitch.org>
Date:        2016/06/01 12:01
Subject:        Re: [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] 
SFC and        OVN


John,

Thanks.

Me and Srilatha (srilatta at us.ibm.com) want to working together with you, I 
know you already did some development works.
Can you tell me what you have done and put the latest code in your private 
repo?
Can we work out a plan and the remaining work?




Regards,
Juno Zhu
IBM China Development Labs (CDL) Cloud IaaS Lab
Email: nazhu at cn.ibm.com
5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New 
District, Shanghai, China (201203)




From:        John McDowall <jmcdowall at paloaltonetworks.com>
To:        Ryan Moats <rmoats at us.ibm.com>
Cc:        OpenStack Development Mailing List <
openstack-dev at lists.openstack.org>, "discuss at openvswitch.org" <
discuss at openvswitch.org>
Date:        2016/06/01 08:58
Subject:        Re: [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] 
SFC and        OVN
Sent by:        "discuss" <discuss-bounces at openvswitch.org>



Ryan,

More help is always great :-). As far as who to collaborate, what ever Is 
easiest for everyone ¨C I am pretty flexible.

Regards

John

From: Ryan Moats <rmoats at us.ibm.com>
Date: Tuesday, May 31, 2016 at 1:59 PM
To: John McDowall <jmcdowall at paloaltonetworks.com>
Cc: Ben Pfaff <blp at ovn.org>, "discuss at openvswitch.org" <
discuss at openvswitch.org>, Justin Pettit <jpettit at ovn.org>, OpenStack 
Development Mailing List <openstack-dev at lists.openstack.org>, Russell 
Bryant <russell at ovn.org>
Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN 
John McDowall <jmcdowall at paloaltonetworks.com> wrote on 05/31/2016 
03:21:30 PM:

> From: John McDowall <jmcdowall at paloaltonetworks.com>
> To: Ryan Moats/Omaha/IBM at IBMUS
> Cc: Ben Pfaff <blp at ovn.org>, "discuss at openvswitch.org" 
> <discuss at openvswitch.org>, Justin Pettit <jpettit at ovn.org>, 
> "OpenStack Development Mailing List" <openstack-
> dev at lists.openstack.org>, Russell Bryant <russell at ovn.org>
> Date: 05/31/2016 03:22 PM
> Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> 
> Ryan,
> 
> Let me add the tables to OVN for SFC. That will give us a working 
> system to prototype the flow classifier approach on. Hopefully I can
> get something done by end of week.
> 
> Regards
> 
> John

I've got some internal folks that are willing to help with writing code 
(as
I will be once I clear my current firefights) so the question of how to
collaborate with code now arises...

Are you comfortable with putting the changes on r.o.o as WiP and 
patchworks
as RFC and work through the review process or would you rather work via
forks and pull requests in github?

Ryan

> From: Ryan Moats <rmoats at us.ibm.com>
> Date: Tuesday, May 31, 2016 at 10:17 AM
> To: John McDowall <jmcdowall at paloaltonetworks.com>
> Cc: Ben Pfaff <blp at ovn.org>, "discuss at openvswitch.org" <
> discuss at openvswitch.org>, Justin Pettit <jpettit at ovn.org>, OpenStack
> Development Mailing List <openstack-dev at lists.openstack.org>, Russell 
Bryant <
> russell at ovn.org>
> Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> 
> John McDowall <jmcdowall at paloaltonetworks.com> wrote on 05/26/2016 
> 11:08:43 AM:
> 
> > From: John McDowall <jmcdowall at paloaltonetworks.com>
> > To: Ryan Moats/Omaha/IBM at IBMUS
> > Cc: Ben Pfaff <blp at ovn.org>, "discuss at openvswitch.org" 
> > <discuss at openvswitch.org>, Justin Pettit <jpettit at ovn.org>, 
> > "OpenStack Development Mailing List" <openstack-
> > dev at lists.openstack.org>, Russell Bryant <russell at ovn.org>
> > Date: 05/26/2016 11:09 AM
> > Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> > 
> > Ryan,
> > 
> > My (incomplete) throughts about the flow-classifier are:
> > 
> > 1)  ACL¡¯s are more about denying access, while the flow classifier 
> > is more about steering selected traffic to a path, so we would need 
> > to deny-all except allowed flows.
> > 2)  The networking-sfc team has done a nice job with the drivers so 
> > ovn has its own flow-classifier driver which allows us to align the 
> > flow-classifier with the matches supported in ovs/ovn, which could 
> > be an advantage.
> 
> The ACL table has a very simple flow-classifier structure and I'd
> like to see if that can be re-used for the purpose of the SFC classifier
> (read that I feel the Logical_Flow_Classifier table is too complex).
> My initial thoughts were to look at extending the action column and
> using the external-ids field to differentiate between legacy ACLs and
> those that are used to intercept traffic and route it to an SFC.
> 
> > 
> > What were your thoughts on the schema it adds a lot of tables and a 
> > lot of commands ¨C cannot think of anyway around it
> 
> In this case, I think that the other tables are reasonable and I'm 
> uncomfortable trying to stretch the existing tables to cover that
> information...
> 
> Ryan
> 
> > 
> > Regards
> > 
> > John
> > 
> > From: Ryan Moats <rmoats at us.ibm.com>
> > Date: Wednesday, May 25, 2016 at 9:12 PM
> > To: John McDowall <jmcdowall at paloaltonetworks.com>
> > Cc: Ben Pfaff <blp at ovn.org>, "discuss at openvswitch.org" <
> > discuss at openvswitch.org>, Justin Pettit <jpettit at ovn.org>, OpenStack
> > Development Mailing List <openstack-dev at lists.openstack.org>, 
> Russell Bryant <
> > russell at ovn.org>
> > Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> > 
> > John McDowall <jmcdowall at paloaltonetworks.com> wrote on 05/25/2016 
> > 07:27:46 PM:
> > 
> > > From: John McDowall <jmcdowall at paloaltonetworks.com>
> > > To: Ryan Moats/Omaha/IBM at IBMUS
> > > Cc: "discuss at openvswitch.org" <discuss at openvswitch.org>, "OpenStack 
> > > Development Mailing List" <openstack-dev at lists.openstack.org>, Ben 
> > > Pfaff <blp at ovn.org>, Justin Pettit <jpettit at ovn.org>, Russell Bryant
> > > <russell at ovn.org>
> > > Date: 05/25/2016 07:28 PM
> > > Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> > > 
> > > Ryan,
> > > 
> > > Ok ¨C I will let the experts weigh in on load balancing.
> > > 
> > > In the meantime I have attached a couple of files to show where I am
> > > going. The first is sfc_dict.py and is a representation of the dict 
> > > I am passing from SFC to OVN. This will then translate to the 
> > > attached ovn-nb schema file.
> > > 
> > > One of my concerns is that SFC almost doubles the size of the ovn-nb
> > > schema but I could not think of any other way of doing it.
> > > 
> > > Thoughts?
> > > 
> > > John
> > 
> > The dictionary looks fine for a starting point, and the more I look
> > at the classifier, the more I wonder if we can't do something with
> > the current ACL table to avoid duplication in the NB database
> > definition...
> > 
> > Ryan
> > 
> > > From: Ryan Moats <rmoats at us.ibm.com>
> > > Date: Wednesday, May 25, 2016 at 7:27 AM
> > > To: John McDowall <jmcdowall at paloaltonetworks.com>
> > > Cc: "discuss at openvswitch.org" <discuss at openvswitch.org>, OpenStack 
> > > Development Mailing List <openstack-dev at lists.openstack.org>, Ben 
Pfaff <
> > > blp at ovn.org>, Justin Pettit <jpettit at ovn.org>, Russell Bryant <
> > russell at ovn.org
> > > >
> > > Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> > > 
> > > John McDowall <jmcdowall at paloaltonetworks.com> wrote on 05/24/2016 
> > > 06:33:05 PM:
> > > 
> > > > From: John McDowall <jmcdowall at paloaltonetworks.com>
> > > > To: Ryan Moats/Omaha/IBM at IBMUS
> > > > Cc: "discuss at openvswitch.org" <discuss at openvswitch.org>, 
"OpenStack 
> > > > Development Mailing List" <openstack-dev at lists.openstack.org>
> > > > Date: 05/24/2016 06:33 PM
> > > > Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> > > > 
> > > > Ryan,
> > > > 
> > > > Thanks for getting back to me and pointing me in a more OVS like 
> > > > direction. What you say makes sense, let me hack something 
together.
> > > > I have been a little distracted getting some use cases together. 
The
> > > > other area is how to better map the flow-classifier I have been 
> > > > thinking about it a little, but I will leave it till after we get 
> > > > the chains done.
> > > > 
> > > > Your load-balancing comment was very interesting ¨C I saw some 
> > > > patches for load-balancing a few months ago but nothing since. It 
> > > > would be great if we could align with load-balancing as that would 

> > > > make a really powerful solution.
> > > > 
> > > > Regards
> > > > 
> > > > John
> > > 
> > > John-
> > > 
> > > For the load balancing, I believe that you'll want to look at
> > > openvswitch's select group, as that should let you set up multiple
> > > buckets for each egress port in the port pairs that make up a port
> > > group.
> > > 
> > > As I understand it, Table 0 identifies the logical port and logical
> > > flow. I'm worried that this means we'll end up with separate bucket
> > > rules for each ingress port of the port pairs that make up a port
> > > group, leading to a cardinality product in the number of rules.
> > > I'm trying to think of a way where Table 0 could identify the packet
> > > as being part of a particular port group, and then I'd only need one
> > > set of bucket rules to figure out the egress side.  However, the
> > > amount of free metadata space is limited and so before we go down
> > > this path, I'm going to pull Justin, Ben and Russell in to see if
> > > they buy into this idea or if they can think of an alternative.
> > > 
> > > Ryan
> > > 
> > > > 
> > > > From: Ryan Moats <rmoats at us.ibm.com>
> > > > Date: Monday, May 23, 2016 at 9:06 PM
> > > > To: John McDowall <jmcdowall at paloaltonetworks.com>
> > > > Cc: "discuss at openvswitch.org" <discuss at openvswitch.org>, OpenStack 

> > > > Development Mailing List <openstack-dev at lists.openstack.org>
> > > > Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> > > > 
> > > > John McDowall <jmcdowall at paloaltonetworks.com> wrote on 05/18/2016 

> > > > 03:55:14 PM:
> > > > 
> > > > > From: John McDowall <jmcdowall at paloaltonetworks.com>
> > > > > To: Ryan Moats/Omaha/IBM at IBMUS
> > > > > Cc: "discuss at openvswitch.org" <discuss at openvswitch.org>, 
"OpenStack 
> > > > > Development Mailing List" <openstack-dev at lists.openstack.org>
> > > > > Date: 05/18/2016 03:55 PM
> > > > > Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> > > > > 
> > > > > Ryan,
> > > > > 
> > > > > OK all three repos and now aligned with their masters. I have 
done 
> > > > > some simple level system tests and I can steer traffic to a 
single 
> > > > > VNF.  Note: some additional changes to networking-sfc to 
catch-up 
> > > > > with their changes.
> > > > > 
> > > > > https://github.com/doonhammer/networking-sfc
> > > > > https://github.com/doonhammer/networking-ovn
> > > > > https://github.com/doonhammer/ovs
> > > > > 
> > > > > The next tasks I see are:
> > > > > 
> > > > > 1. Decouple networking-sfc and networking-ovn. I am thinking 
that I 
> > > > > will pass a nested port-chain dictionary holding 
port-pairs/port-
> > > > > pair-groups/flow-classifiers from networking-sfc to 
networking-ovn.
> > > > > 2. Align the interface between networking-ovn and ovs/ovn to 
match 
> > > > > the nested dictionary in 1.
> > > > > 3. Modify the ovn-nb schema and ovn-northd.c to march the port-
> > > chain model.
> > > > > 4. Add ability to support chain of port-pairs
> > > > > 5. Think about flow-classifiers and how best to map them, today 
I 
> > > > > just map the logical-port and ignore everything else.
> > > > > 
> > > > > Any other suggestions/feedback?
> > > > > 
> > > > > Regards
> > > > > 
> > > > > John
> > > > 
> > > > John-
> > > > 
> > > > (Sorry for sending this twice, but I forgot that text/html is not 
liked
> > > > by the mailing lists ...)
> > > > 
> > > > My apologies for not answering this sooner - I was giving a two 
day
> > > > training on Tues/Wed last week and came back to my son graduating
> > > > from HS the next day, so things have been a bit of a whirlwind 
here.
> > > > 
> > > > Looking at the github repos, I like the idea of passing a 
dictionary
> > > > from networking-sfc to networking-ovn. The flow classifiers should
> > > > be relatively straightforward to map to ovs match rules (famous 
last
> > > > words)...
> > > > 
> > > > I've probably missed an orbit here, but in the ovn-northd 
> implementation,
> > > > I was expecting to find service chains in the egress and 
> router pipelines
> > > > in addition to the ingress pipeline (see below for why I thinka 
service
> > > > chain stage in the egress pipeline makes sense ...)
> > > > 
> > > > Also, in the ovn-northd implementation, I'm a little disturbedto 
see the
> > > > ingress side of the service chain sending packets to output ports 
- I
> > > > think that a more scalable (and more "ovs-like" approach) would be 
to
> > > > match the egress side of a port pair in the chaining stage of the
> > > > ingress pipeline, with an action that  set the input port 
register.
> > > > Then the egress pipeline would have a chaining stage where the 
output
> > > > port register would be set based on the ingress port of the next 
port
> > > > pair in the chain and the packet being punted to the proper output 
port
> > > > in the last table.  That should automagically build your function 
chain
> > > > and provide the basis for bucketizing multiple ingress ports for 
the
> > > > next port group to support hash based load balancing.
> > > > 
> > > > Does that make sense?
> > > > 
> > > > Ryan[attachment "ovn-nb.ovsschema.sfc" deleted by Ryan Moats/
> > > Omaha/IBM] [attachment "sfc_dict.py" deleted by Ryan 
Moats/Omaha/IBM] _______________________________________________
discuss mailing list
discuss at openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
[attachment "ovn-nb.ovsschema.sfc" deleted by Na Zhu/China/IBM] 
[attachment "sfc_dict.py" deleted by Na Zhu/China/IBM] 
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
discuss mailing list
discuss at openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[attachment "ovn_config.sh" deleted by Na Zhu/China/IBM] 
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160617/b0f0442e/attachment-0001.html>


More information about the OpenStack-dev mailing list