<html><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div tabindex="0" style="outline: none 0px; display: table; width: 503px; box-sizing: border-box; padding-top: 12px; padding-left: 0px; background-color: inherit;" id="yui_3_16_0_ym19_1_1468418438438_58133"><div style="display: table-cell; width: auto; word-wrap: break-word; word-break: break-word;" id="yui_3_16_0_ym19_1_1468418438438_58134"><div id="yui_3_16_0_ym19_1_1468418438438_58135"><div id="yui_3_16_0_ym19_1_1468418438438_58136"><div id="yui_3_16_0_ym19_1_1468418438438_58137"><div id="yui_3_16_0_ym19_1_1468418438438_58158"><br id="yui_3_16_0_ym19_1_1468418438438_58159"></div><div id="yui_3_16_0_ym19_1_1468418438438_58160">Below is the latest spec for vlan-aware-vms</div><div id="yui_3_16_0_ym19_1_1468418438438_58161"><span style="font-size: 13px;" id="yui_3_16_0_ym19_1_1468418438438_58162"><br id="yui_3_16_0_ym19_1_1468418438438_58163"></span></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58164"><font face="Helvetica Neue, Segoe UI, Helvetica, Arial, Lucida Grande, sans-serif" id="yui_3_16_0_ym19_1_1468418438438_58165"><span style="font-size: 13px;" id="yui_3_16_0_ym19_1_1468418438438_58166"><a rel="nofollow" target="_blank" href="https://specs.openstack.org/openstack/neutron-specs/specs/liberty/vlan-aware-vms.html" style="color: rgb(25, 106, 212);" id="yui_3_16_0_ym19_1_1468418438438_58167">https://specs.openstack.org/openstack/neutron-specs/specs/newton/vlan-aware-vms.html</a></span></font><br id="yui_3_16_0_ym19_1_1468418438438_58168"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58164"><font face="Helvetica Neue, Segoe UI, Helvetica, Arial, Lucida Grande, sans-serif"><br></font></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58164"><font face="Helvetica Neue, Segoe UI, Helvetica, Arial, Lucida Grande, sans-serif"><br></font></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58164"><div tabindex="0" style="outline: none 0px; display: table; width: 503px; box-sizing: border-box; padding-top: 12px; padding-left: 0px; background-color: inherit;" id="yui_3_16_0_ym19_1_1468418438438_58371"><div style="display: table-cell; width: auto; word-wrap: break-word; word-break: break-word;" id="yui_3_16_0_ym19_1_1468418438438_58372"><div id="yui_3_16_0_ym19_1_1468418438438_58373"><div id="yui_3_16_0_ym19_1_1468418438438_58374"><div id="yui_3_16_0_ym19_1_1468418438438_58375"><div id="yui_3_16_0_ym19_1_1468418438438_58376"><span style="font-size: 13px;" id="yui_3_16_0_ym19_1_1468418438438_58377"><br id="yui_3_16_0_ym19_1_1468418438438_58378"></span></div><div id="yui_3_16_0_ym19_1_1468418438438_58379">I have a quick question on the above. (multi-tenancy).</div><div id="yui_3_16_0_ym19_1_1468418438438_58380"><br></div><div id="yui_3_16_0_ym19_1_1468418438438_58380">Assume the case of nested containers in a VM.</div><div id="yui_3_16_0_ym19_1_1468418438438_58380"><br></div><div id="yui_3_16_0_ym19_1_1468418438438_58380">Yes, the containers can be in different networks of the same tenant and the above blue-print will handle the case very well. </div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58381">How does it work when the containers are in different networks in different tenants ?</div></div></div></div></div></div></div><div id="yui_3_16_0_ym19_1_1468418438438_58169"><br id="yui_3_16_0_ym19_1_1468418438438_58170"></div><div id="yui_3_16_0_ym19_1_1468418438438_58171">The trick is to create neutron ports (for the subports) and then link them to the trunk port using</div><div id="yui_3_16_0_ym19_1_1468418438438_58172"><br id="yui_3_16_0_ym19_1_1468418438438_58173"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58174">neutron trunk-subport-add TRUNK \</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58175"> PORT[,SEGMENTATION-TYPE,SEGMENTATION-ID] \</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58176"> [PORT,...]</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58177"><br id="yui_3_16_0_ym19_1_1468418438438_58178"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58179"><br id="yui_3_16_0_ym19_1_1468418438438_58180"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58181">In the above command all the neutron ports (trunk ports and subports) must be in the same tenant.</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58182">As far as I know, a tenant will not see neutron ports from another tenant. Or will this command allow<br id="yui_3_16_0_ym19_1_1468418438438_58183"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58184">neutron ports from different tenants to be attached ?</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58185"><br id="yui_3_16_0_ym19_1_1468418438438_58186"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58185">Solution1:</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58185"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58185"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58185">C1(ten1) C2(ten2)</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58185">| |</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58185">--------------------------------</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58185">OVS bridge inside VM</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58185">--------------------------------</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58185">|</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58185">| Trunk port</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58185">|</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58185">------------------------</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58185">br-trunk (vlan-aware-vms spec)</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58185">--------------------------------------------</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58185"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58187">E.g. VM "X" consists of containers C1 in Tenant 1 with portID = C10000 (network dn1)</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58188">container C2 in Tenant 2 with portID = C20000 (network dn2)</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58189">The trunk port of VM "X" is in tenant 100 with portID = T10000 (network dt)</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58190"><br id="yui_3_16_0_ym19_1_1468418438438_58191"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58192">Will the above command allow a neutron trunk to have neutron sub-ports in different tenants ?</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58193"><br id="yui_3_16_0_ym19_1_1468418438438_58194"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58195">neutron trunk-subport-add T10000 \</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58196"> A vlan 10000 \</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197"> B vlan 20000</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">Solution2:</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">Have a separate trunk port for each tenant connected to the vM</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">C1(Ten1) C2(Ten2)</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">| |</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">| |</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">-------------------------------</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">OVS bridge inside VM</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">--------------------------------</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">| |</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">|Trunk(Ten1) | (Trunk(Ten2)</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">| |</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">---------------------------------</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">br-trunk (vlan-aware-vms spec)</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">---------------------------------------</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">If the approach is solution2, then the issue is that Nova will not</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">allow a neutron port to be attached to a VM (if the neutron port</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">belongs to another tenant). </div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">Any pointers will be highly appreciated.</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">thanks,</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197">Farhad.</div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58197"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58198"><br id="yui_3_16_0_ym19_1_1468418438438_58199"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58200"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1468418438438_58205"><br id="yui_3_16_0_ym19_1_1468418438438_58206"></div></div></div></div></div></div></div></body></html>