[openstack-dev] [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] SFC andOVN
Amitabha Biswas
azbiswas at gmail.com
Wed Jun 8 06:36:34 UTC 2016
Hi John,
Looking at the code with Srilatha, it seems like the https://github.com/doonhammer/networking <https://github.com/doonhammer/networking>-ovn repo has gone down the path of having a sfc_ovn.py file in the networking-ovn/ovsdb directory. This file deals with the SFC specific OVSDB transactions in OVN. So to answer your question of invoking OVS-IDL, we can import the src_ovn.py file from networking_sfc/services/src/drivers/ovn/driver.py and invoke calls into IDL.
Another aspect from a networking-sfc point of view is the duplication of code between networking_sfc/services/src/drivers/ovn/driver.py and networking_sfc/services/src/drivers/ovs/driver.py in the https://github.com/doonhammer/networking-sfc <https://github.com/doonhammer/networking-sfc> repo. There should be a mechanism to coalesce the common code and invoke the OVS and OVN specific parts separately.
Regards
Amitabha
> On Jun 7, 2016, at 9:54 PM, John McDowall <jmcdowall at paloaltonetworks.com> wrote:
>
> Juno, Srilatha,
>
> I need some help – I have fixed most of the obvious typo’s in the three repos and merged them with mainline. There is still a problem with the build I think in mech_driver.py but I will fix it asap in the am.
>
> However I am not sure of the best way to interface between sfc and ovn.
>
> In networking_sfc/services/src/drivers/ovn/driver.py there is a function that creates a deep copy of the port-chain dict, create_port_chain(self,contact,port_chain).
>
> Looking at networking-ovn I think it should use mech_driver.py so we can call the OVS-IDL to send the parameters to ovn. However I am not sure of the best way to do it. Could you make some suggestions or send me some sample code showing the best approach?
>
> I will get the ovs/ovn cleaned up and ready. Also Louis from the networking-sfc has posted a draft blueprint.
>
> Regards
>
> John
>
> From: Na Zhu <nazhu at cn.ibm.com <mailto:nazhu at cn.ibm.com>>
> Date: Monday, June 6, 2016 at 7:54 PM
> To: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>, Ryan Moats <rmoats at us.ibm.com <mailto:rmoats at us.ibm.com>>
> Cc: "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>, Srilatha Tangirala <srilatta at us.ibm.com <mailto:srilatta at us.ibm.com>>
> Subject: Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] SFC andOVN
>
> Hi John,
>
> I do not know any better approach, I think it is good to write all the parameters in the creation of a port chain, this can avoid saving many data in northbound db which are not used. We can do it in that way currently, if the community has opposite ideas, we can change, what do you think?
>
> Hi Ryan,
>
> Do you agree with that?
>
>
>
> Regards,
> Juno Zhu
> IBM China Development Labs (CDL) Cloud IaaS Lab
> Email: nazhu at cn.ibm.com <mailto:nazhu at cn.ibm.com>
> 5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New District, Shanghai, China (201203)
>
>
>
> From: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> To: Na Zhu/China/IBM at IBMCN
> Cc: "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, Ryan Moats <rmoats at us.ibm.com <mailto:rmoats at us.ibm.com>>, Srilatha Tangirala <srilatta at us.ibm.com <mailto:srilatta at us.ibm.com>>, "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>
> Date: 2016/06/06 23:36
> Subject: Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] SFC andOVN
>
>
>
> Juno,
>
> Let me check – my intention was that the networking-sfc OVNB driver would configure all aspects of the port-chain and add the parameters to the networking-sfc db. Once all the parameters were in the creation of a port-chain would call networking-ovn (passing a deep copy of the port-chain dict). Here I see networking-ovn acting only as a bridge into ovs/ovn (I did not add anything in the ovn plugin – not sure if that is the right approach). Networking-ovn calls into ovs/ovn and inserts the entire port-chain.
>
> Thoughts?
>
> j
>
> From: Na Zhu <nazhu at cn.ibm.com <mailto:nazhu at cn.ibm.com>>
> Date: Monday, June 6, 2016 at 5:49 AM
> To: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> Cc: "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, Ryan Moats <rmoats at us.ibm.com <mailto:rmoats at us.ibm.com>>, Srilatha Tangirala <srilatta at us.ibm.com <mailto:srilatta at us.ibm.com>>, "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>
> Subject: Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] SFC andOVN
>
> Hi John,
>
> One question need confirm with you, I think the ovn flow classifier driver and ovn port chain driver should call the APIs which you add to networking-ovn to configure the northbound db sfc tables, right? I see your networking-sfc ovn drivers, they does not call the APIs you add to networking-ovn, do you miss that?
>
>
>
> Regards,
> Juno Zhu
> IBM China Development Labs (CDL) Cloud IaaS Lab
> Email: nazhu at cn.ibm.com <mailto:nazhu at cn.ibm.com>
> 5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New District, Shanghai, China (201203)
>
>
>
> From: Na Zhu/China/IBM at IBMCN
> To: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> Cc: Srilatha Tangirala <srilatta at us.ibm.com <mailto:srilatta at us.ibm.com>>, OpenStack Development Mailing List <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>, Ryan Moats <rmoats at us.ibm.com <mailto:rmoats at us.ibm.com>>, "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>
> Date: 2016/06/06 14:28
> Subject: Re: [openstack-dev] [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] SFC andOVN
>
>
>
> John,
>
> Thanks your working overtime in last weekend, now we have the following works to do:
> 1, submit design spec to networking-sfc
> 2, submit the RFC to ovs community
> 3, debug end-to-end about your code changes.
> 4, submit the initial patch to networking-sfc
> 5, submit the initial patch to ovs community
> 6, submit the initial patch to networking-ovn
>
> Do you have plan to start #1 and #2 now? I think it can be done in parallel with the other tasks.
> Srilatha and I can start #4 and #6, we need to look at your code changes and write the unit test scripts for your code changes and then submit to community, what do you think?
>
>
>
>
> Regards,
> Juno Zhu
> IBM China Development Labs (CDL) Cloud IaaS Lab
> Email: nazhu at cn.ibm.com <mailto:nazhu at cn.ibm.com>
> 5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New District, Shanghai, China (201203)
>
>
>
> From: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> To: Na Zhu/China/IBM at IBMCN
> Cc: "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, "OpenStack Development Mailing List" <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>, Ryan Moats <rmoats at us.ibm.com <mailto:rmoats at us.ibm.com>>, Srilatha Tangirala <srilatta at us.ibm.com <mailto:srilatta at us.ibm.com>>
> Date: 2016/06/06 11:35
> Subject: Re: [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] SFC andOVN
>
>
>
> Juno and team,
>
> I have written and compiled (but not tested ) the ovs/ovn interface to networking-ovn and similarly I have written but not tested the IDL interfaces on the networking-ovn side. I will put it all together tomorrow and start debugging end to end. I know I am going to find a lot of issues as it is a major rewrite from my original interface to networking-sfc – it is the right path (IMHO) just a little more work than I expected.
>
> I have merged my repos with the upstream masters and I will keep them sync’ed so if you want to take a look and start thinking where you can help it would be really appreciated.
>
> Regards
>
> John
>
> From: Na Zhu <nazhu at cn.ibm.com <mailto:nazhu at cn.ibm.com>>
> Date: Saturday, June 4, 2016 at 6:30 AM
> To: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> Cc: "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, OpenStack Development Mailing List <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>, Ryan Moats <rmoats at us.ibm.com <mailto:rmoats at us.ibm.com>>, Srilatha Tangirala <srilatta at us.ibm.com <mailto:srilatta at us.ibm.com>>
> Subject: Re: [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] SFC andOVN
>
> Hi John,
>
> OK, please keep me posted once you done, thanks very much.
>
>
>
>
> Regards,
> Juno Zhu
> IBM China Development Labs (CDL) Cloud IaaS Lab
> Email: nazhu at cn.ibm.com <mailto:nazhu at cn.ibm.com>
> 5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New District, Shanghai, China (201203)
>
>
>
> From: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> To: Na Zhu/China/IBM at IBMCN
> Cc: "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, "OpenStack Development Mailing List" <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>, Ryan Moats <rmoats at us.ibm.com <mailto:rmoats at us.ibm.com>>, Srilatha Tangirala <srilatta at us.ibm.com <mailto:srilatta at us.ibm.com>>
> Date: 2016/06/03 13:15
> Subject: Re: [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] SFC andOVN
>
>
>
> Juno
>
> Whatever gets it done faster- let me get the three repos aligned. I need to get the ovs/ovn work done so networking-ovn can call it, and the networking-sfc can call networking-ovn.
>
> Hopefully I will have it done tomorrow or over the weekend - let's touch base Monday or Sunday night.
>
> Regards
>
> John
>
> Sent from my iPhone
>
> On Jun 2, 2016, at 6:30 PM, Na Zhu <nazhu at cn.ibm.com <mailto:nazhu at cn.ibm.com>> wrote:
>
> Hi John,
>
> I agree with submitting WIP patches to community, because you already did many works on networking-sfc and networking-ovn, it is better that you submit the initial patches about networking-sfc and networking-ovn, then me and Srilatha take over the patches. Do you have time to do it? if not, me and Srilatha can help to do it and you are always the co-author.
>
>
>
>
> Regards,
> Juno Zhu
> IBM China Development Labs (CDL) Cloud IaaS Lab
> Email: nazhu at cn.ibm.com <mailto:nazhu at cn.ibm.com>
> 5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New District, Shanghai, China (201203)
>
>
>
> From: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> To: Na Zhu/China/IBM at IBMCN
> Cc: "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, "OpenStack Development Mailing List" <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>, Ryan Moats <rmoats at us.ibm.com <mailto:rmoats at us.ibm.com>>, Srilatha Tangirala <srilatta at us.ibm.com <mailto:srilatta at us.ibm.com>>
> Date: 2016/06/03 00:08
> Subject: Re: [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] SFC andOVN
>
>
>
> Juno,
>
> Sure make sense. I will have ovs/ovn in rough shape by end of week (hopefully) that will allow you to call the interfaces from networking-ovn. Ryan has asked that we submit WIP patches etc so hopefully that will kickstart the review process.
> Also, hopefully some of the networking-sfc team will also be able to help – I will let them speak for themselves.
>
> Regards
>
> John
>
> From: Na Zhu <nazhu at cn.ibm.com <mailto:nazhu at cn.ibm.com>>
> Date: Wednesday, June 1, 2016 at 7:02 PM
> To: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> Cc: "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, OpenStack Development Mailing List <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>, Ryan Moats <rmoats at us.ibm.com <mailto:rmoats at us.ibm.com>>, Srilatha Tangirala <srilatta at us.ibm.com <mailto:srilatta at us.ibm.com>>
> Subject: Re: [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] SFC andOVN
>
> Hi John,
>
> Thanks your reply.
>
> Seems you have covered everything :)
> The development work can be broken down in 3 parts:
> 1, add ovn driver to networking-sfc
> 2, provide APIs in networking-ovn for networking-sfc
> 3, implement the sfc in ovn
>
> So what about we take part 1 and part 2, and you take part 3? because we are familiar with networking-sfc and networking-ovn and we can do it faster:)
>
>
>
>
>
> Regards,
> Juno Zhu
> IBM China Development Labs (CDL) Cloud IaaS Lab
> Email: nazhu at cn.ibm.com <mailto:nazhu at cn.ibm.com>
> 5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New District, Shanghai, China (201203)
>
>
>
> From: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> To: Na Zhu/China/IBM at IBMCN
> Cc: Ryan Moats <rmoats at us.ibm.com <mailto:rmoats at us.ibm.com>>, OpenStack Development Mailing List <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>, "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, Srilatha Tangirala <srilatta at us.ibm.com <mailto:srilatta at us.ibm.com>>
> Date: 2016/06/01 23:26
> Subject: Re: [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] SFC andOVN
>
>
>
> Na/Srilatha,
>
> Great, I am working from three repos:
>
> https://github.com/doonhammer/networking-sfc <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_doonhammer_networking-2Dsfc&d=CwMFoQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=vZ6VUDaavDpfOdPQrz1ED54jEjvAE36A8TVJroVlrOQ&m=lb7sZo6o-vFSQLHy4n1Z15SjFlZHXBjYRDDXk9di20M&s=-ddZLbnKqv3LwRqTTveuebbVLL9e2A1xRCQBQO--nc0&e=>
> https://github.com/doonhammer/networking-ovn <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_doonhammer_networking-2Dovn&d=CwMFoQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=vZ6VUDaavDpfOdPQrz1ED54jEjvAE36A8TVJroVlrOQ&m=lb7sZo6o-vFSQLHy4n1Z15SjFlZHXBjYRDDXk9di20M&s=4XnntcfVxo4fQdni-WOsfqIeRA0x8jagW77y_XgPyUQ&e=>
> https://github.com/doonhammer/ovs <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_doonhammer_ovs&d=CwMFoQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=vZ6VUDaavDpfOdPQrz1ED54jEjvAE36A8TVJroVlrOQ&m=lb7sZo6o-vFSQLHy4n1Z15SjFlZHXBjYRDDXk9di20M&s=vPrUbDdQZ1mIswNv5U8VorIkCU_J5Aze8xGz5DLn_s8&e=>
>
> I had an original prototype working that used an API I created. Since then, based on feedback from everyone I have been moving the API to the networking-sfc model and then supporting that API in networking-ovn and ovs/ovn. I have created a new driver in networking-sfc for ovn.
>
> I am in the process of moving networking-ovn and ovs to support the sfc model. Basically I am intending to pass a deep copy of the port-chain (sample attached, sfc_dict.py) from the ovn driver in networking-sfc to networking-ovn. This , as Ryan pointed out will minimize the dependancies between networking-sfc and networking-ovn. I have created additional schema for ovs/ovn (attached) that will provide the linkage between networking-ovn and ovs/ovn. I have the schema in ovs/ovn and I am in the process of updating my code to support it.
>
> Not sure where you guys want to jump in – but I can help in any way you need.
>
> Regards
>
> John
>
> From: Na Zhu <nazhu at cn.ibm.com <mailto:nazhu at cn.ibm.com>>
> Date: Tuesday, May 31, 2016 at 9:02 PM
> To: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> Cc: Ryan Moats <rmoats at us.ibm.com <mailto:rmoats at us.ibm.com>>, OpenStack Development Mailing List <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>, "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, Srilatha Tangirala <srilatta at us.ibm.com <mailto:srilatta at us.ibm.com>>
> Subject: Re: [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] SFC andOVN
>
> + Add Srilatha.
>
>
>
> Regards,
> Juno Zhu
> IBM China Development Labs (CDL) Cloud IaaS Lab
> Email: nazhu at cn.ibm.com <mailto:nazhu at cn.ibm.com>
> 5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New District, Shanghai, China (201203)
>
>
>
> From: Na Zhu/China/IBM
> To: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> Cc: Ryan Moats <rmoats at us.ibm.com <mailto:rmoats at us.ibm.com>>, OpenStack Development Mailing List <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>, "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>
> Date: 2016/06/01 12:01
> Subject: Re: [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] SFC and OVN
>
>
> John,
>
> Thanks.
>
> Me and Srilatha (srilatta at us.ibm.com <mailto:srilatta at us.ibm.com>) want to working together with you, I know you already did some development works.
> Can you tell me what you have done and put the latest code in your private repo?
> Can we work out a plan and the remaining work?
>
>
>
>
> Regards,
> Juno Zhu
> IBM China Development Labs (CDL) Cloud IaaS Lab
> Email: nazhu at cn.ibm.com <mailto:nazhu at cn.ibm.com>
> 5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New District, Shanghai, China (201203)
>
>
>
>
> From: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> To: Ryan Moats <rmoats at us.ibm.com <mailto:rmoats at us.ibm.com>>
> Cc: OpenStack Development Mailing List <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>, "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>
> Date: 2016/06/01 08:58
> Subject: Re: [ovs-discuss] [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> Sent by: "discuss" <discuss-bounces at openvswitch.org <mailto:discuss-bounces at openvswitch.org>>
>
>
>
> Ryan,
>
> More help is always great :-). As far as who to collaborate, what ever Is easiest for everyone – I am pretty flexible.
>
> Regards
>
> John
>
> From: Ryan Moats <rmoats at us.ibm.com <mailto:rmoats at us.ibm.com>>
> Date: Tuesday, May 31, 2016 at 1:59 PM
> To: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> Cc: Ben Pfaff <blp at ovn.org <mailto:blp at ovn.org>>, "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, Justin Pettit <jpettit at ovn.org <mailto:jpettit at ovn.org>>, OpenStack Development Mailing List <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>, Russell Bryant <russell at ovn.org <mailto:russell at ovn.org>>
> Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>> wrote on 05/31/2016 03:21:30 PM:
>
> > From: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> > To: Ryan Moats/Omaha/IBM at IBMUS
> > Cc: Ben Pfaff <blp at ovn.org <mailto:blp at ovn.org>>, "discuss at openvswitch.org <mailto:discuss at openvswitch.org>"
> > <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, Justin Pettit <jpettit at ovn.org <mailto:jpettit at ovn.org>>,
> > "OpenStack Development Mailing List" <openstack-
> > dev at lists.openstack.org <mailto:dev at lists.openstack.org>>, Russell Bryant <russell at ovn.org <mailto:russell at ovn.org>>
> > Date: 05/31/2016 03:22 PM
> > Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> >
> > Ryan,
> >
> > Let me add the tables to OVN for SFC. That will give us a working
> > system to prototype the flow classifier approach on. Hopefully I can
> > get something done by end of week.
> >
> > Regards
> >
> > John
>
> I've got some internal folks that are willing to help with writing code (as
> I will be once I clear my current firefights) so the question of how to
> collaborate with code now arises...
>
> Are you comfortable with putting the changes on r.o.o as WiP and patchworks
> as RFC and work through the review process or would you rather work via
> forks and pull requests in github?
>
> Ryan
>
> > From: Ryan Moats <rmoats at us.ibm.com <mailto:rmoats at us.ibm.com>>
> > Date: Tuesday, May 31, 2016 at 10:17 AM
> > To: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> > Cc: Ben Pfaff <blp at ovn.org <mailto:blp at ovn.org>>, "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <
> > discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, Justin Pettit <jpettit at ovn.org <mailto:jpettit at ovn.org>>, OpenStack
> > Development Mailing List <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>, Russell Bryant <
> > russell at ovn.org <mailto:russell at ovn.org>>
> > Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> >
> > John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>> wrote on 05/26/2016
> > 11:08:43 AM:
> >
> > > From: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> > > To: Ryan Moats/Omaha/IBM at IBMUS
> > > Cc: Ben Pfaff <blp at ovn.org <mailto:blp at ovn.org>>, "discuss at openvswitch.org <mailto:discuss at openvswitch.org>"
> > > <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, Justin Pettit <jpettit at ovn.org <mailto:jpettit at ovn.org>>,
> > > "OpenStack Development Mailing List" <openstack-
> > > dev at lists.openstack.org <mailto:dev at lists.openstack.org>>, Russell Bryant <russell at ovn.org <mailto:russell at ovn.org>>
> > > Date: 05/26/2016 11:09 AM
> > > Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> > >
> > > Ryan,
> > >
> > > My (incomplete) throughts about the flow-classifier are:
> > >
> > > 1) ACL’s are more about denying access, while the flow classifier
> > > is more about steering selected traffic to a path, so we would need
> > > to deny-all except allowed flows.
> > > 2) The networking-sfc team has done a nice job with the drivers so
> > > ovn has its own flow-classifier driver which allows us to align the
> > > flow-classifier with the matches supported in ovs/ovn, which could
> > > be an advantage.
> >
> > The ACL table has a very simple flow-classifier structure and I'd
> > like to see if that can be re-used for the purpose of the SFC classifier
> > (read that I feel the Logical_Flow_Classifier table is too complex).
> > My initial thoughts were to look at extending the action column and
> > using the external-ids field to differentiate between legacy ACLs and
> > those that are used to intercept traffic and route it to an SFC.
> >
> > >
> > > What were your thoughts on the schema it adds a lot of tables and a
> > > lot of commands – cannot think of anyway around it
> >
> > In this case, I think that the other tables are reasonable and I'm
> > uncomfortable trying to stretch the existing tables to cover that
> > information...
> >
> > Ryan
> >
> > >
> > > Regards
> > >
> > > John
> > >
> > > From: Ryan Moats <rmoats at us.ibm.com <mailto:rmoats at us.ibm.com>>
> > > Date: Wednesday, May 25, 2016 at 9:12 PM
> > > To: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> > > Cc: Ben Pfaff <blp at ovn.org <mailto:blp at ovn.org>>, "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <
> > > discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, Justin Pettit <jpettit at ovn.org <mailto:jpettit at ovn.org>>, OpenStack
> > > Development Mailing List <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>,
> > Russell Bryant <
> > > russell at ovn.org <mailto:russell at ovn.org>>
> > > Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> > >
> > > John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>> wrote on 05/25/2016
> > > 07:27:46 PM:
> > >
> > > > From: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> > > > To: Ryan Moats/Omaha/IBM at IBMUS
> > > > Cc: "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, "OpenStack
> > > > Development Mailing List" <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>, Ben
> > > > Pfaff <blp at ovn.org <mailto:blp at ovn.org>>, Justin Pettit <jpettit at ovn.org <mailto:jpettit at ovn.org>>, Russell Bryant
> > > > <russell at ovn.org <mailto:russell at ovn.org>>
> > > > Date: 05/25/2016 07:28 PM
> > > > Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> > > >
> > > > Ryan,
> > > >
> > > > Ok – I will let the experts weigh in on load balancing.
> > > >
> > > > In the meantime I have attached a couple of files to show where I am
> > > > going. The first is sfc_dict.py and is a representation of the dict
> > > > I am passing from SFC to OVN. This will then translate to the
> > > > attached ovn-nb schema file.
> > > >
> > > > One of my concerns is that SFC almost doubles the size of the ovn-nb
> > > > schema but I could not think of any other way of doing it.
> > > >
> > > > Thoughts?
> > > >
> > > > John
> > >
> > > The dictionary looks fine for a starting point, and the more I look
> > > at the classifier, the more I wonder if we can't do something with
> > > the current ACL table to avoid duplication in the NB database
> > > definition...
> > >
> > > Ryan
> > >
> > > > From: Ryan Moats <rmoats at us.ibm.com <mailto:rmoats at us.ibm.com>>
> > > > Date: Wednesday, May 25, 2016 at 7:27 AM
> > > > To: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> > > > Cc: "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, OpenStack
> > > > Development Mailing List <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>, Ben Pfaff <
> > > > blp at ovn.org <mailto:blp at ovn.org>>, Justin Pettit <jpettit at ovn.org <mailto:jpettit at ovn.org>>, Russell Bryant <
> > > russell at ovn.org <mailto:russell at ovn.org>
> > > > >
> > > > Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> > > >
> > > > John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>> wrote on 05/24/2016
> > > > 06:33:05 PM:
> > > >
> > > > > From: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> > > > > To: Ryan Moats/Omaha/IBM at IBMUS
> > > > > Cc: "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, "OpenStack
> > > > > Development Mailing List" <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>
> > > > > Date: 05/24/2016 06:33 PM
> > > > > Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> > > > >
> > > > > Ryan,
> > > > >
> > > > > Thanks for getting back to me and pointing me in a more OVS like
> > > > > direction. What you say makes sense, let me hack something together.
> > > > > I have been a little distracted getting some use cases together. The
> > > > > other area is how to better map the flow-classifier I have been
> > > > > thinking about it a little, but I will leave it till after we get
> > > > > the chains done.
> > > > >
> > > > > Your load-balancing comment was very interesting – I saw some
> > > > > patches for load-balancing a few months ago but nothing since. It
> > > > > would be great if we could align with load-balancing as that would
> > > > > make a really powerful solution.
> > > > >
> > > > > Regards
> > > > >
> > > > > John
> > > >
> > > > John-
> > > >
> > > > For the load balancing, I believe that you'll want to look at
> > > > openvswitch's select group, as that should let you set up multiple
> > > > buckets for each egress port in the port pairs that make up a port
> > > > group.
> > > >
> > > > As I understand it, Table 0 identifies the logical port and logical
> > > > flow. I'm worried that this means we'll end up with separate bucket
> > > > rules for each ingress port of the port pairs that make up a port
> > > > group, leading to a cardinality product in the number of rules.
> > > > I'm trying to think of a way where Table 0 could identify the packet
> > > > as being part of a particular port group, and then I'd only need one
> > > > set of bucket rules to figure out the egress side. However, the
> > > > amount of free metadata space is limited and so before we go down
> > > > this path, I'm going to pull Justin, Ben and Russell in to see if
> > > > they buy into this idea or if they can think of an alternative.
> > > >
> > > > Ryan
> > > >
> > > > >
> > > > > From: Ryan Moats <rmoats at us.ibm.com <mailto:rmoats at us.ibm.com>>
> > > > > Date: Monday, May 23, 2016 at 9:06 PM
> > > > > To: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> > > > > Cc: "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, OpenStack
> > > > > Development Mailing List <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>
> > > > > Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> > > > >
> > > > > John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>> wrote on 05/18/2016
> > > > > 03:55:14 PM:
> > > > >
> > > > > > From: John McDowall <jmcdowall at paloaltonetworks.com <mailto:jmcdowall at paloaltonetworks.com>>
> > > > > > To: Ryan Moats/Omaha/IBM at IBMUS
> > > > > > Cc: "discuss at openvswitch.org <mailto:discuss at openvswitch.org>" <discuss at openvswitch.org <mailto:discuss at openvswitch.org>>, "OpenStack
> > > > > > Development Mailing List" <openstack-dev at lists.openstack.org <mailto:openstack-dev at lists.openstack.org>>
> > > > > > Date: 05/18/2016 03:55 PM
> > > > > > Subject: Re: [OVN] [networking-ovn] [networking-sfc] SFC and OVN
> > > > > >
> > > > > > Ryan,
> > > > > >
> > > > > > OK all three repos and now aligned with their masters. I have done
> > > > > > some simple level system tests and I can steer traffic to a single
> > > > > > VNF. Note: some additional changes to networking-sfc to catch-up
> > > > > > with their changes.
> > > > > >
> > > > > > https://github.com/doonhammer/networking-sfc <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_doonhammer_networking-2Dsfc&d=CwMGaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=vZ6VUDaavDpfOdPQrz1ED54jEjvAE36A8TVJroVlrOQ&m=mLaxHI6XiGcUfgsL5Egu3aC0QR-xI7L_QuffCoTwtz8&s=8QaDNJ9iUOwW-TDDioAlHYpO-WM2a7-bMuP7qJTezaw&e=>
> > > > > > https://github.com/doonhammer/networking-ovn <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_doonhammer_networking-2Dovn&d=CwMGaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=vZ6VUDaavDpfOdPQrz1ED54jEjvAE36A8TVJroVlrOQ&m=mLaxHI6XiGcUfgsL5Egu3aC0QR-xI7L_QuffCoTwtz8&s=ITWWb5V3L60kdiwK5QIbo-YEcIvGkdKDW4xl6uNj_3g&e=>
> > > > > > https://github.com/doonhammer/ovs <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_doonhammer_ovs&d=CwMGaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=vZ6VUDaavDpfOdPQrz1ED54jEjvAE36A8TVJroVlrOQ&m=mLaxHI6XiGcUfgsL5Egu3aC0QR-xI7L_QuffCoTwtz8&s=bBOpCVRnF1ntciYqKMTLupX4eagWaWVXoKRWAwAio2I&e=>
> > > > > >
> > > > > > The next tasks I see are:
> > > > > >
> > > > > > 1. Decouple networking-sfc and networking-ovn. I am thinking that I
> > > > > > will pass a nested port-chain dictionary holding port-pairs/port-
> > > > > > pair-groups/flow-classifiers from networking-sfc to networking-ovn.
> > > > > > 2. Align the interface between networking-ovn and ovs/ovn to match
> > > > > > the nested dictionary in 1.
> > > > > > 3. Modify the ovn-nb schema and ovn-northd.c to march the port-
> > > > chain model.
> > > > > > 4. Add ability to support chain of port-pairs
> > > > > > 5. Think about flow-classifiers and how best to map them, today I
> > > > > > just map the logical-port and ignore everything else.
> > > > > >
> > > > > > Any other suggestions/feedback?
> > > > > >
> > > > > > Regards
> > > > > >
> > > > > > John
> > > > >
> > > > > John-
> > > > >
> > > > > (Sorry for sending this twice, but I forgot that text/html is not liked
> > > > > by the mailing lists ...)
> > > > >
> > > > > My apologies for not answering this sooner - I was giving a two day
> > > > > training on Tues/Wed last week and came back to my son graduating
> > > > > from HS the next day, so things have been a bit of a whirlwind here.
> > > > >
> > > > > Looking at the github repos, I like the idea of passing a dictionary
> > > > > from networking-sfc to networking-ovn. The flow classifiers should
> > > > > be relatively straightforward to map to ovs match rules (famous last
> > > > > words)...
> > > > >
> > > > > I've probably missed an orbit here, but in the ovn-northd
> > implementation,
> > > > > I was expecting to find service chains in the egress and
> > router pipelines
> > > > > in addition to the ingress pipeline (see below for why I thinka service
> > > > > chain stage in the egress pipeline makes sense ...)
> > > > >
> > > > > Also, in the ovn-northd implementation, I'm a little disturbedto see the
> > > > > ingress side of the service chain sending packets to output ports - I
> > > > > think that a more scalable (and more "ovs-like" approach) would be to
> > > > > match the egress side of a port pair in the chaining stage of the
> > > > > ingress pipeline, with an action that set the input port register.
> > > > > Then the egress pipeline would have a chaining stage where the output
> > > > > port register would be set based on the ingress port of the next port
> > > > > pair in the chain and the packet being punted to the proper output port
> > > > > in the last table. That should automagically build your function chain
> > > > > and provide the basis for bucketizing multiple ingress ports for the
> > > > > next port group to support hash based load balancing.
> > > > >
> > > > > Does that make sense?
> > > > >
> > > > > Ryan[attachment "ovn-nb.ovsschema.sfc" deleted by Ryan Moats/
> > > > Omaha/IBM] [attachment "sfc_dict.py" deleted by Ryan Moats/Omaha/IBM] _______________________________________________
> discuss mailing list
> discuss at openvswitch.org <mailto:discuss at openvswitch.org>
> http://openvswitch.org/mailman/listinfo/discuss <https://urldefense.proofpoint.com/v2/url?u=http-3A__openvswitch.org_mailman_listinfo_discuss&d=CwMFoQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=vZ6VUDaavDpfOdPQrz1ED54jEjvAE36A8TVJroVlrOQ&m=VCIo4C63txe7y9jwS2U5ebuYWzlLk4MF1mIa2Hx1A2s&s=9J7cT2z1rc3u2I2LIa-2Hk-qWyVf-Kwd8ge5ywYK-nE&e=>
> [attachment "ovn-nb.ovsschema.sfc" deleted by Na Zhu/China/IBM] [attachment "sfc_dict.py" deleted by Na Zhu/China/IBM]
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org <mailto:OpenStack-dev-request at lists.openstack.org>?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev <https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openstack.org_cgi-2Dbin_mailman_listinfo_openstack-2Ddev&d=CwMFoQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=vZ6VUDaavDpfOdPQrz1ED54jEjvAE36A8TVJroVlrOQ&m=c9Cv10tAvrDMW-7Gf0goix5DshTwU3BPzzcwvecG8Oo&s=vnjb0Z6Etx1g6q7qYqzwFtmSNU_sKxehcOuHDJ-UZFo&e=>
>
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160607/e39bbce1/attachment.html>
More information about the OpenStack-dev
mailing list