Open Stack

Hi, 
last week I started discussing an extension to the existing neutron
openvswitch agent to support network adapters that are not in
promiscuous mode. Now I would like to enhance the round to get feedback
from a broader audience via the mailing list.


The Problem
When driving vlan or flat networking, openvswitch requires an network
adapter in promiscuous mode. 


Why not having promiscuous mode in your adapter?
- Admins like to have full control over their environment and which
network packets enter the system.
- The network adapter just does not have support for it.


What to do?
Linux net-dev driver offer an interface to manually register additional
mac addresses (also called secondary unicast addresses). Exploiting this
one can register additional mac addresses to the network adapter. This
also works via a well known ip user space tool. 

`bridge fdb add aa:aa:aa:aa:aa:aa dev eth0`


What to do in openstack?
As neutron is aware of all the mac addresses that are in use it's the
perfect candidate for doing the mac registrations. The idea is to modify
the neutron openvswitch agent that it does the registration on "port
add" and "port remove" via the bridge command.
There would be a new optional configuration parameter, something like
'non-promisc-mode' that is by default set to false. Only when set to
true, macs get manually registered. Otherwise the agent behaves like it
does today. So I guess only very little changes to the agent code are
required. From my current point of view we do not need any changes to
the ml2 plug-in.


Blueprint or a bug?
I guess it's a blueprint.

What's the timeframe?
K would be great.



I would be thankful for any feedback on this! Feel free to contact me
anytime. Thanks in advance!

Regards, 
Andreas

(irc: scheuran)