<html><body><p><tt>John McDowall <jmcdowall@paloaltonetworks.com> wrote on 05/24/2016 06:33:05 PM:<br><br>> From: John McDowall <jmcdowall@paloaltonetworks.com></tt><br><tt>> To: Ryan Moats/Omaha/IBM@IBMUS</tt><br><tt>> Cc: "discuss@openvswitch.org" <discuss@openvswitch.org>, "OpenStack <br>> Development Mailing List" <openstack-dev@lists.openstack.org></tt><br><tt>> Date: 05/24/2016 06:33 PM</tt><br><tt>> Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN</tt><br><tt>> <br>> Ryan,</tt><br><tt>> <br>> Thanks for getting back to me and pointing me in a more OVS like <br>> direction. What you say makes sense, let me hack something together.<br>> I have been a little distracted getting some use cases together. The<br>> other area is how to better map the flow-classifier I have been <br>> thinking about it a little, but I will leave it till after we get <br>> the chains done.</tt><br><tt>> <br>> Your load-balancing comment was very interesting – I saw some <br>> patches for load-balancing a few months ago but nothing since. It <br>> would be great if we could align with load-balancing as that would <br>> make a really powerful solution.</tt><br><tt>> <br>> Regards</tt><br><tt>> <br>> John</tt><br><br><tt>John-</tt><br><br><tt>For the load balancing, I believe that you'll want to look at</tt><br><tt>openvswitch's select group, as that should let you set up multiple</tt><br><tt>buckets for each egress port in the port pairs that make up a port</tt><br><tt>group.</tt><br><br><tt>As I understand it, Table 0 identifies the logical port and logical</tt><br><tt>flow. I'm worried that this means we'll end up with separate bucket</tt><br><tt>rules for each ingress port of the port pairs that make up a port</tt><br><tt>group, leading to a cardinality product in the number of rules.</tt><br><tt>I'm trying to think of a way where Table 0 could identify the packet</tt><br><tt>as being part of a particular port group, and then I'd only need one</tt><br><tt>set of bucket rules to figure out the egress side. However, the</tt><br><tt>amount of free metadata space is limited and so before we go down</tt><br><tt>this path, I'm going to pull Justin, Ben and Russell in to see if</tt><br><tt>they buy into this idea or if they can think of an alternative.</tt><br><br><tt>Ryan</tt><br><br><tt>> <br>> From: Ryan Moats <rmoats@us.ibm.com><br>> Date: Monday, May 23, 2016 at 9:06 PM<br>> To: John McDowall <jmcdowall@paloaltonetworks.com><br>> Cc: "discuss@openvswitch.org" <discuss@openvswitch.org>, OpenStack <br>> Development Mailing List <openstack-dev@lists.openstack.org><br>> Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN</tt><br><tt>> <br>> John McDowall <jmcdowall@paloaltonetworks.com> wrote on 05/18/2016 <br>> 03:55:14 PM:<br>> <br>> > From: John McDowall <jmcdowall@paloaltonetworks.com><br>> > To: Ryan Moats/Omaha/IBM@IBMUS<br>> > Cc: "discuss@openvswitch.org" <discuss@openvswitch.org>, "OpenStack <br>> > Development Mailing List" <openstack-dev@lists.openstack.org><br>> > Date: 05/18/2016 03:55 PM<br>> > Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN<br>> > <br>> > Ryan,<br>> > <br>> > OK all three repos and now aligned with their masters. I have done <br>> > some simple level system tests and I can steer traffic to a single <br>> > VNF. Note: some additional changes to networking-sfc to catch-up <br>> > with their changes.<br>> > <br>> > <a href="https://github.com/doonhammer/networking-sfc">https://github.com/doonhammer/networking-sfc</a> <br>> > <a href="https://github.com/doonhammer/networking-ovn">https://github.com/doonhammer/networking-ovn</a><br>> > <a href="https://github.com/doonhammer/ovs">https://github.com/doonhammer/ovs</a> <br>> > <br>> > The next tasks I see are:<br>> > <br>> > 1. Decouple networking-sfc and networking-ovn. I am thinking that I <br>> > will pass a nested port-chain dictionary holding port-pairs/port-<br>> > pair-groups/flow-classifiers from networking-sfc to networking-ovn.<br>> > 2. Align the interface between networking-ovn and ovs/ovn to match <br>> > the nested dictionary in 1.<br>> > 3. Modify the ovn-nb schema and ovn-northd.c to march the port-chain model.<br>> > 4. Add ability to support chain of port-pairs<br>> > 5. Think about flow-classifiers and how best to map them, today I <br>> > just map the logical-port and ignore everything else.<br>> > <br>> > Any other suggestions/feedback?<br>> > <br>> > Regards<br>> > <br>> > John<br>> <br>> John-<br>> <br>> (Sorry for sending this twice, but I forgot that text/html is not liked<br>> by the mailing lists ...)<br>> <br>> My apologies for not answering this sooner - I was giving a two day<br>> training on Tues/Wed last week and came back to my son graduating<br>> from HS the next day, so things have been a bit of a whirlwind here.<br>> <br>> Looking at the github repos, I like the idea of passing a dictionary<br>> from networking-sfc to networking-ovn. The flow classifiers should<br>> be relatively straightforward to map to ovs match rules (famous last<br>> words)...<br>> <br>> I've probably missed an orbit here, but in the ovn-northd implementation,<br>> I was expecting to find service chains in the egress and router pipelines<br>> in addition to the ingress pipeline (see below for why I think a service<br>> chain stage in the egress pipeline makes sense ...)<br>> <br>> Also, in the ovn-northd implementation, I'm a little disturbed to see the<br>> ingress side of the service chain sending packets to output ports - I<br>> think that a more scalable (and more "ovs-like" approach) would be to<br>> match the egress side of a port pair in the chaining stage of the<br>> ingress pipeline, with an action that set the input port register.<br>> Then the egress pipeline would have a chaining stage where the output<br>> port register would be set based on the ingress port of the next port<br>> pair in the chain and the packet being punted to the proper output port<br>> in the last table. That should automagically build your function chain<br>> and provide the basis for bucketizing multiple ingress ports for the<br>> next port group to support hash based load balancing.<br>> <br>> Does that make sense?<br>> <br>> Ryan</tt><BR>
</body></html>