[Openstack] [neutron] - vlan-aware-vms

Kevin Benton kevin at benton.pub
Fri Jul 22 08:45:40 UTC 2016 

Since they are essentially regular ports in the neutron data model, the
regular rules for attaching to networks would apply. So you can should be
able to create a sub-port on another network if that network is shared with
you (either globally shared or via RBAC).

On Wed, Jul 13, 2016 at 8:55 AM, Farhad Sunavala <fsbiz at yahoo.com> wrote:

>
> Below is the latest spec for vlan-aware-vms
>
>
> https://specs.openstack.org/openstack/neutron-specs/specs/newton/vlan-aware-vms.html
> <https://specs.openstack.org/openstack/neutron-specs/specs/liberty/vlan-aware-vms.html>
>
>
>
> I have a quick question on the above. (multi-tenancy).
>
> Assume the case of nested containers in a VM.
>
> Yes, the containers can be in different networks of the same tenant and
> the above blue-print will handle the case very well.
> How does it work when the containers are in different networks in
> different tenants ?
>
> The trick is to create neutron ports (for the subports) and then link them
> to the trunk port using
>
> neutron trunk-subport-add TRUNK \
>    PORT[,SEGMENTATION-TYPE,SEGMENTATION-ID] \
>    [PORT,...]
>
>
> In the above command all the neutron ports (trunk  ports and subports)
> must be in the same tenant.
> As far as I know, a tenant will not see neutron ports from another tenant.
>    Or will this command allow
> neutron ports from different tenants to be attached ?
>
> Solution1:
>
>
> C1(ten1)   C2(ten2)
> |                   |
> --------------------------------
> OVS bridge inside VM
> --------------------------------
> |
> | Trunk port
> |
> ------------------------
> br-trunk (vlan-aware-vms spec)
> --------------------------------------------
>
> E.g.  VM "X" consists of containers C1 in Tenant 1 with portID = C10000
> (network dn1)
> container C2 in Tenant 2 with portID = C20000 (network dn2)
> The trunk port of VM "X" is in tenant 100 with portID = T10000 (network dt)
>
> Will the above command allow a neutron trunk to have neutron sub-ports in
> different tenants ?
>
> neutron trunk-subport-add T10000 \
>    A  vlan 10000 \
>    B vlan 20000
>
>
> Solution2:
> Have a separate trunk port for each tenant connected to the vM
>
> C1(Ten1)    C2(Ten2)
> |                    |
> |                    |
> -------------------------------
> OVS bridge inside VM
> --------------------------------
> |                              |
> |Trunk(Ten1)          | (Trunk(Ten2)
> |                              |
> ---------------------------------
> br-trunk (vlan-aware-vms spec)
> ---------------------------------------
>
> If the approach is solution2, then the issue is that Nova will not
> allow a neutron port to be attached to a VM (if the neutron port
> belongs to another tenant).
>
>
> Any pointers will be highly appreciated.
>
> thanks,
> Farhad.
>
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160722/84aa23ce/attachment.html>

More information about the Openstack mailing list