Hi Russell, Please see inline.
Regards, Cathy -----Original Message----- From: Russell Bryant [mailto:rbry...@redhat.com] Sent: Wednesday, October 28, 2015 5:27 PM To: Cathy Zhang Cc: OpenStack Development Mailing List; Henry Fourie Subject: Re: [neutron][networking-sfc] API clarification questions > > First, does it assume that all of the neutron ports in a chain are on > the same Neutron network? That keeps things simple. If its intended > to allow a chain of ports on different networks, is it just required > that you pick ports that all have addresses routable from one port to > the next in the chain? > > Cathy> It can allow a chain of ports on different networks as along it > belongs to the same tenant. Yes, it is required that you pick ports > that all have addresses routable from one port to the next in the chain. Thanks. I think it would be good to clarify this in the API doc, so it's clear what makes a valid set of ports in a chain. Cathy> Sure, will do. > An arbitrary set of ports can't always work, so there has to be some > bounds around what set of ports are valid to be in a chain. > > Second, where is it expected that the match is applied? The API for > creating a port chain doesn't associate the chain with a network, but > just matching "globally" doesn't make any sense. If all ports are > expected to be on the same network, is the match applied for any > traffic entering that network from any port? > > Cathy> As long as the ports are routable, they do not need to > Cathy> associated with > the same network. Let me rephrase the question ... where is the flow classifier applied? What traffic exactly? "All traffic on all networks accessible to the tenant who created the port chain" doesn't seem right to me, but the API doesn't seem to specify it. Cathy> What traffic will go through the chain is specified in the flow classifier API. As I presented in the Neutron SFC session of the Summit, there are two ways to specify the type of flows. One is through specification of the source neutron port that a tenant's flow will originate and/or the destination neutron port that a tenant's flow will exit which means all traffic that originates from that port and/or terminates at that port needs to go through the chain. The other is through specification of the n-tuple of a tenant's flow. If it is the first specification, the flow classifier will locate at the host of the neutron port and the flow classifier can either run on the host or the vSwitch or a VM depending on implementation. If it is the second specification, then if the flow's IP or mac is specified, we can locate the host and program the host to do the flow classification, but if there is no information available to locate the host, then all hosts that could originate traffic into the network will be programmed for classification of the flow. So to have better performance, we recommend the first way of specification. Thanks, Cathy -- Russell __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
