Certainly, let’s talk next week in Paris. On Oct 29, 2014, at 12:11 PM, Cory Benfield <[email protected]> wrote:
>> Some of us are looking at a different model. I’d be interested in your >> thoughts. > > Fred, > > Thanks for the link to the drafts. They look extremely similar to the > approach we've been pursuing for Project Calico, and it's good to see > that we're not the only people thinking in this direction. > > It looks like the main differences between our approach and yours are > that we've tried to come up with a model that works both for IPv4 and > IPv6 (although we agree that moving the data center fabric to IPv6 has a > lot of advantages - e.g. we are planning on using 464XLAT as the > mechanism to handle IPv4 overlap). Given this, we've focused our > policy/security model on ACLs rather than flow labels. An interesting > derivative effect of that choice is that any policy or security model > can be enforced (such as intra-tenant controls, extra-cloud controls, > etc). > > As a side note, we have been interested in using flow labels as > namespace identifiers and for SFC. Recently, we have moved away from > that thinking given the guidance that the flow label should be not be > modified in flight. If you believe that such modifications will be > acceptable, we would love to discuss that with you, and see where we can > collaborate. > > As it is, I believe our proposed changes to Nova and Neutron should be > generic enough to provide a basis for implementing your approach as well > as supporting our Project Calico ML2 driver. If they aren't, we should > work together to make whatever changes we have to make to achieve that > generality. > > It might also be worth checking out our agent code[0]. It's in the > middle of a rewrite at the minute so the code is unfinished, but it > handles a lot of what you'd be doing with your proposed drafts. > Hopefully it'd be a useful jumping off point. > > Cory > > [0]: https://github.com/Metaswitch/calico/tree/master/calico/felix > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
