<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 29 July 2016 at 12:59, Martinx - ジェームズ <span dir="ltr"><<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr">Quick question:<div><br></div><div>Can I start testing Newton VLAN Aware VMs now (Beta 2)?</div><div><br></div><div>Thanks,</div><div>Thiago</div></div><div class="gmail_extra"><br></div></blockquote><div><br></div><div>If you're paying close attention the LinuxBridge version is almost functional, and the OVS one is coming along. I'd advise to wait a tad longer. I am trying to keep [1] up to date, so you might want to check that out before pulling down the code. </div><div><br></div><div>[1] <a href="https://blueprints.launchpad.net/neutron/+spec/vlan-aware-vms">https://blueprints.launchpad.net/neutron/+spec/vlan-aware-vms</a></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div class="gmail_extra"><div class="gmail_quote"><div><div class="gmail-h5">On 22 July 2016 at 04:45, Kevin Benton <span dir="ltr"><<a href="mailto:kevin@benton.pub" target="_blank">kevin@benton.pub</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div><div class="gmail-h5"><div dir="ltr">Since they are essentially regular ports in the neutron data model, the regular rules for attaching to networks would apply. So you can should be able to create a sub-port on another network if that network is shared with you (either globally shared or via RBAC).</div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jul 13, 2016 at 8:55 AM, Farhad Sunavala <span dir="ltr"><<a href="mailto:fsbiz@yahoo.com" target="_blank">fsbiz@yahoo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div><div style="color:rgb(0,0,0);font-family:helveticaneue,"helvetica neue",helvetica,arial,"lucida grande",sans-serif;font-size:16px;background-color:rgb(255,255,255)"><div style="outline:none 0px;display:table;width:503px;padding-top:12px;padding-left:0px;background-color:inherit"><div style="display:table-cell;width:auto;word-wrap:break-word;word-break:break-word"><div><div><div><div><br></div><div>Below is the latest spec for vlan-aware-vms</div><div><span style="font-size:13px"><br></span></div><div dir="ltr"><font face="Helvetica Neue, Segoe UI, Helvetica, Arial, Lucida Grande, sans-serif"><span style="font-size:13px"><a rel="nofollow" href="https://specs.openstack.org/openstack/neutron-specs/specs/liberty/vlan-aware-vms.html" style="color:rgb(25,106,212)" target="_blank">https://specs.openstack.org/openstack/neutron-specs/specs/newton/vlan-aware-vms.html</a></span></font><br></div><div dir="ltr"><font face="Helvetica Neue, Segoe UI, Helvetica, Arial, Lucida Grande, sans-serif"><br></font></div><div dir="ltr"><font face="Helvetica Neue, Segoe UI, Helvetica, Arial, Lucida Grande, sans-serif"><br></font></div><div dir="ltr"><div style="outline:none 0px;display:table;width:503px;padding-top:12px;padding-left:0px;background-color:inherit"><div style="display:table-cell;width:auto;word-wrap:break-word;word-break:break-word"><div><div><div><div><span style="font-size:13px"><br></span></div><div>I have a quick question on the above. (multi-tenancy).</div><div><br></div><div>Assume the case of nested containers in a VM.</div><div><br></div><div>Yes, the containers can be in different networks of the same tenant and the above blue-print will handle the case very well. </div><div dir="ltr">How does it work when the containers are in different networks in different tenants ?</div></div></div></div></div></div></div><div><br></div><div>The trick is to create neutron ports (for the subports) and then link them to the trunk port using</div><div><br></div><div dir="ltr">neutron trunk-subport-add TRUNK \</div><div dir="ltr"> PORT[,SEGMENTATION-TYPE,SEGMENTATION-ID] \</div><div dir="ltr"> [PORT,...]</div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr">In the above command all the neutron ports (trunk ports and subports) must be in the same tenant.</div><div dir="ltr">As far as I know, a tenant will not see neutron ports from another tenant. Or will this command allow<br></div><div dir="ltr">neutron ports from different tenants to be attached ?</div><div dir="ltr"><br></div><div dir="ltr">Solution1:</div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr">C1(ten1) C2(ten2)</div><div dir="ltr">| |</div><div dir="ltr">--------------------------------</div><div dir="ltr">OVS bridge inside VM</div><div dir="ltr">--------------------------------</div><div dir="ltr">|</div><div dir="ltr">| Trunk port</div><div dir="ltr">|</div><div dir="ltr">------------------------</div><div dir="ltr">br-trunk (vlan-aware-vms spec)</div><div dir="ltr">--------------------------------------------</div><div dir="ltr"><br></div><div dir="ltr">E.g. VM "X" consists of containers C1 in Tenant 1 with portID = C10000 (network dn1)</div><div dir="ltr">container C2 in Tenant 2 with portID = C20000 (network dn2)</div><div dir="ltr">The trunk port of VM "X" is in tenant 100 with portID = T10000 (network dt)</div><div dir="ltr"><br></div><div dir="ltr">Will the above command allow a neutron trunk to have neutron sub-ports in different tenants ?</div><div dir="ltr"><br></div><div dir="ltr">neutron trunk-subport-add T10000 \</div><div dir="ltr"> A vlan 10000 \</div><div dir="ltr"> B vlan 20000</div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr">Solution2:</div><div dir="ltr">Have a separate trunk port for each tenant connected to the vM</div><div dir="ltr"><br></div><div dir="ltr">C1(Ten1) C2(Ten2)</div><div dir="ltr">| |</div><div dir="ltr">| |</div><div dir="ltr">-------------------------------</div><div dir="ltr">OVS bridge inside VM</div><div dir="ltr">--------------------------------</div><div dir="ltr">| |</div><div dir="ltr">|Trunk(Ten1) | (Trunk(Ten2)</div><div dir="ltr">| |</div><div dir="ltr">---------------------------------</div><div dir="ltr">br-trunk (vlan-aware-vms spec)</div><div dir="ltr">---------------------------------------</div><div dir="ltr"><br></div><div dir="ltr">If the approach is solution2, then the issue is that Nova will not</div><div dir="ltr">allow a neutron port to be attached to a VM (if the neutron port</div><div dir="ltr">belongs to another tenant). </div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr">Any pointers will be highly appreciated.</div><div dir="ltr"><br></div><div dir="ltr">thanks,</div><div dir="ltr">Farhad.</div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr"><br></div></div></div></div></div></div></div></div></blockquote></div><br></div>
<br></div></div>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br></div>
<br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br></div></div>