Re: [ovs-discuss] fix ports in vSwitch

Thu, 15 Jul 2010 16:07:54 -0700 

Hi Justin,
you are right. Port isolation is what we are trying to implement. We want to 
run two VMs on one vSwitch where VM1 is not able to see any traffic from VM2. 
It is very important to me because if this works we will implement up to 2000 
XS installations with this solution.

Two questions more where you can support me:

        - you mentioned the VIF script to set up the flows. Can you point me to 
the script you are talking about?
        - designing native support for port isolation: Will this be a feature 
of the openvswitch and is there a estimate when this could be available?

Gruß/regards, Jens




-----Original Message-----
From: Justin Pettit [mailto:[email protected]] 
Sent: Donnerstag, 15. Juli 2010 22:04
To: Jens Brunsen
Cc: [email protected]
Subject: Re: [ovs-discuss] fix ports in vSwitch

On Jul 14, 2010, at 11:27 AM, Jens Brunsen wrote:

> What we now need is something to define a fix VIF to port relation or 
> anything similar. Also persistent ports could be something possible. I cannot 
> believe that this is not possible. Can you deliver or show me a function that 
> can resolve this issue?

We don't have any way to maintain state about ports across reboots, since 
XenServer expects to completely destroy and recreate these ports from scratch.  
This sort of state would have to be stored in the XAPI database, which we can't 
query at port creation time due to timing constraints in XenServer's networking 
scripts.  I believe these same sorts of issues would even be present with the 
bridge, since XenServer isn't consistent with the VIF names it uses across 
reboots.

Regardless of the practical limitations, OpenFlow is really designed to be used 
with a controller, which would have enough context to push the kinds of flows 
that you are trying to generate statically.  You could script a program to 
monitor changes to the "Interface" table in ovsdb-server and have it rewrite 
your flows.  Another alternative would be to modify the XenServer "vif" script 
to setup the flows, since it has enough context and is called on port creation 
and destruction.

Looking at the flows you are generating, it appears that you are attempting to 
do some sort of port isolation.  We are currently designing native support for 
this and hope to have it added before long.  If you'd be interested in taking 
part in the design discussion, please let us know.

--Justin



_______________________________________________
discuss mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/discuss_openvswitch.org

Reply via email to