OVS doesn't "ensure" isolation. You have to configure it to do what you want.
Which may include isolation. But that's up to your configuration.
What makes you think h1 and h4 should be isolated here? In what way are any of
the hosts "configured at different tunnels"?
What is shown here is not sufficient to make any pings work at all, so I'm
guessing you're using this in conjunction with some POX-based controller. But
which one? In such a scenario, what the controller does is vitally important
in determining what happens.
If you're using one of the "edge" components from my experimental branch, I'll
say... first off, they don't attempt to do any isolation. As they say in their
documentation, these are meant to edges act like "one big switch". They could
be modified to do isolation, but as they are, they're just simple
demonstrations of using tunnels. How is the controller (or anyone) supposed to
know which hosts should be isolated from others? In general, this involves
being tied into a cloud management system or something. In addition, the
topology shown makes no sense for these components -- they expect no links
between switches, because inter-switch communication is done via the tunnels,
which exist "outside" of Mininet.
-- Murphy
On Dec 2, 2014, at 6:20 PM, Sadia Bashir <11msccssbas...@seecs.edu.pk> wrote:
> Hi everyone,
>
> I am working with ovs 2.3.0, mininet 2.1.0, all set-up at ubuntu 14.04. I
> created mininet topology as given below:
>
> s1 = self.addSwitch('s1')
> s2 = self.addSwitch('s2')
> s3 = self.addSwitch('s3')
>
> h1 = self.addHost('h1')
> h2 = self.addHost('h2')
> h3 = self.addHost('h3')
> h4 = self.addHost('h4')
> self.addLink(h1, s1)
> self.addLink(h2, s1)
> self.addLink(h3, s2)
> self.addLink(h4, s2)
> self.addLink(s1, s3)
> self.addLink(s2, s3)
>
> and configured two vxlan tunnels on s1 and and s2 with the following commands:
> ovs-vsctl add-port s1 tun0 -- set interface tun0 type=vxlan
> options:remote_ip=193.168.10.11 options:key=111 options:local_ip=193.168.10.10
> ovs-vsctl add-port s2 tun1 -- set interface tun1 type=vxlan
> options:remote_ip=193.168.10.10 options:key=111 options:local_ip=193.168.10.11
>
> ovs-vsctl add-port s1 tun2 -- set interface tun2 type=vxlan
> options:remote_ip=172.168.10.11 options:key=222 options:local_ip=172.168.10.10
> ovs-vsctl add-port s2 tun3 -- set interface tun3 type=vxlan
> options:remote_ip=172.168.10.10 options:key=222 options:local_ip=172.168.10.11
>
> But when I ping h4 from h1, they do ping each other. According to my
> knowledge of multi-tenant data centers and network virtualization, hosts
> configured at different tunnels should not ping each other.
>
> Does ovs ensure isolation? If yes, then how? OR Do I need to ensure this
> isolation in controller manually?
>
> Please clear me at this point. Any help/suggestion would be highly
> appreciated.
>
> Thanks and Regards,
> --
> Sadia Bashir
>
