[Openstack] [neutron] - vlan-aware-vms
Farhad Sunavala
fsbiz at yahoo.com
Wed Jul 13 15:55:49 UTC 2016
Below is the latest spec for vlan-aware-vms
https://specs.openstack.org/openstack/neutron-specs/specs/newton/vlan-aware-vms.html
I have a quick question on the above. (multi-tenancy).
Assume the case of nested containers in a VM.
Yes, the containers can be in different networks of the same tenant and the above blue-print will handle the case very well. How does it work when the containers are in different networks in different tenants ?
The trick is to create neutron ports (for the subports) and then link them to the trunk port using
neutron trunk-subport-add TRUNK \ PORT[,SEGMENTATION-TYPE,SEGMENTATION-ID] \ [PORT,...]
In the above command all the neutron ports (trunk ports and subports) must be in the same tenant.As far as I know, a tenant will not see neutron ports from another tenant. Or will this command allow
neutron ports from different tenants to be attached ?
Solution1:
C1(ten1) C2(ten2)| |--------------------------------OVS bridge inside VM--------------------------------|| Trunk port|------------------------br-trunk (vlan-aware-vms spec)--------------------------------------------
E.g. VM "X" consists of containers C1 in Tenant 1 with portID = C10000 (network dn1)container C2 in Tenant 2 with portID = C20000 (network dn2)The trunk port of VM "X" is in tenant 100 with portID = T10000 (network dt)
Will the above command allow a neutron trunk to have neutron sub-ports in different tenants ?
neutron trunk-subport-add T10000 \ A vlan 10000 \ B vlan 20000
Solution2:Have a separate trunk port for each tenant connected to the vM
C1(Ten1) C2(Ten2)| || |-------------------------------OVS bridge inside VM--------------------------------| ||Trunk(Ten1) | (Trunk(Ten2)| |---------------------------------br-trunk (vlan-aware-vms spec)---------------------------------------
If the approach is solution2, then the issue is that Nova will notallow a neutron port to be attached to a VM (if the neutron portbelongs to another tenant).
Any pointers will be highly appreciated.
thanks,Farhad.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160713/a23f1e2e/attachment.html>
More information about the Openstack
mailing list