Re: [openstack-dev] [Neutron]Relationship between physical networks and segment

[Miguel Lavalle]

Bob,

Thanks for your detailed response. In it you "strongly recommend that any
functionality trying to make decisions based on connectivity do so by
calling into the registered mechanism drivers, so they can decide whether
whatever they manage has connectivity". After eading this I went through
the mechanism driver API definition (currently at
http://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/driver_api.py#n549).
The only method and the API that seems to be useful to implement your
recommendation is  filter_hosts_with_segment_access (currently at line
914). Is this method the right way to go?

Thanks

Miguel

On Tue, Mar 29, 2016 at 4:47 PM, Robert Kukura 
wrote:

> My answers below are from the perspective of normal (non-routed) networks
> implemented in ML2. The support for routed networks should build on this
> without breaking it.
>
> On 3/29/16 3:38 PM, Miguel Lavalle wrote:
>
> Hi,
>
> I am writing a patchset to build a mapping between hosts and network
> segments. The goal of this mapping is to be able to say whether a host has
> access to a given network segment. I am building this mapping assuming that
> if a host A has a bridges mapping containing 'physnet 1' and a segment has
> 'physnet 1' in its 'physical_network' attribute, then the host has access
> to that segment.
>
> 1) Is this assumption correct? Looking at method check_segment_for_agent
> in
> http://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/drivers/mech_agent.py#n180
> seems to me to suggest that my assumption is correct?
>
> This is true for certain agent-based mechanism drivers, but cannot be
> assumed to be the case for all mechanism drivers (even all those that use
> agents. Any use of mapping info (i.e. from agents_db or elsewhere) is
> specific to an individual mechanism driver. I'd strongly recommend that any
> functionality trying to make decisions based on connectivity do so by
> calling into the registered mechanism drivers, so they can decide whether
> whatever they manage has connectivity.
>
> Also note that connectivity may involve hierarchical port binding, in
> which case you really need to try to bind a port to determine if you have
> connectivity. I'm not suggesting that there is a requirement to mix HPB and
> routed networks, but please try not to build assumptions into ML2 plugin
> code that don't work with HPB or that are only valid for a subset of
> mechanism drivers.
>
>
> 2) Furthermore, when a segment is mapped to a physical network, is there a
> one to one relationship between segments and physical nets?
>
> Certainly different virtual networks can map to different segments (i.e.
> VLANs) on the same physical network. It is even possible for the same
> virtual network to have multiple segments on the same physical network.
>
> -Bob
>
>
> Thanks
>
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: 
> openstack-dev-requ...@lists.openstack.org?subject:unsubscribehttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Neutron]Relationship between physical networks and segment

[Neil Jerram]

On 29/03/16 20:42, Miguel Lavalle wrote:
> Hi,

Hi Miguel,

> I am writing a patchset to build a mapping between hosts and network
> segments. The goal of this mapping is to be able to say whether a host
> has access to a given network segment. I am building this mapping
> assuming that if a host A has a bridges mapping containing 'physnet 1'
> and a segment has 'physnet 1' in its 'physical_network' attribute, then
> the host has access to that segment.
>
> 1) Is this assumption correct? Looking at method check_segment_for_agent
> in
> http://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/drivers/mech_agent.py#n180
> seems to me to suggest that my assumption is correct?

Yes, I would say so.  In other words: if a host can access a particular 
physical network, it can access all segments that use that physical network.

>
> 2) Furthermore, when a segment is mapped to a physical network, is there
> a one to one relationship between segments and physical nets?

No; I would say that segments are N:1 with physical networks, with VLANs 
being the most obvious example.

Neil



__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Neutron]Relationship between physical networks and segment

[Robert Kukura]

My answers below are from the perspective of normal (non-routed) 
networks implemented in ML2. The support for routed networks should 
build on this without breaking it.


On 3/29/16 3:38 PM, Miguel Lavalle wrote:

Hi,

I am writing a patchset to build a mapping between hosts and network 
segments. The goal of this mapping is to be able to say whether a host 
has access to a given network segment. I am building this mapping 
assuming that if a host A has a bridges mapping containing 'physnet 1' 
and a segment has 'physnet 1' in its 'physical_network' attribute, 
then the host has access to that segment.


1) Is this assumption correct? Looking at method 
check_segment_for_agent in 
http://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/drivers/mech_agent.py#n180 
seems to me to suggest that my assumption is correct?
This is true for certain agent-based mechanism drivers, but cannot be 
assumed to be the case for all mechanism drivers (even all those that 
use agents. Any use of mapping info (i.e. from agents_db or elsewhere) 
is specific to an individual mechanism driver. I'd strongly recommend 
that any functionality trying to make decisions based on connectivity do 
so by calling into the registered mechanism drivers, so they can decide 
whether whatever they manage has connectivity.


Also note that connectivity may involve hierarchical port binding, in 
which case you really need to try to bind a port to determine if you 
have connectivity. I'm not suggesting that there is a requirement to mix 
HPB and routed networks, but please try not to build assumptions into 
ML2 plugin code that don't work with HPB or that are only valid for a 
subset of mechanism drivers.


2) Furthermore, when a segment is mapped to a physical network, is 
there a one to one relationship between segments and physical nets?
Certainly different virtual networks can map to different segments (i.e. 
VLANs) on the same physical network. It is even possible for the same 
virtual network to have multiple segments on the same physical network.


-Bob


Thanks


__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Neutron]Relationship between physical networks and segment

[Carl Baldwin]

On Tue, Mar 29, 2016 at 1:38 PM, Miguel Lavalle  wrote:
> I am writing a patchset to build a mapping between hosts and network
> segments. The goal of this mapping is to be able to say whether a host has
> access to a given network segment. I am building this mapping assuming that
> if a host A has a bridges mapping containing 'physnet 1' and a segment has
> 'physnet 1' in its 'physical_network' attribute, then the host has access to
> that segment.

Miguel, thanks for starting this.  I don't have the answer but here
are some thoughts.

First, a segment in the model is defined by the combination of network
type, physical network, and segmentation id [1].  In theory, the same
physical network name could be used with different network types and
segmentation ids.  For example, it might be natural to express
different VLANS on the same physical switch using the same physical
network name.

But, the method you linked to [2] does seem to make the same
assumption.  So, in practice it seems to be a valid assumption.  A
patch that recently merged [3] to make DHCP physnet aware also seems
consistent with the assumption.

> 1) Is this assumption correct? Looking at method check_segment_for_agent in
> http://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/drivers/mech_agent.py#n180

Careful, this reference can change as master updates this file.  :)

> seems to me to suggest that my assumption is correct?
>
> 2) Furthermore, when a segment is mapped to a physical network, is there a
> one to one relationship between segments and physical nets?

The routed networks use case can go either way.  We can easily live
with using a different physical network for each segment.  It might be
a bit awkward in a some situations (e.g. same router/switch serving
multiple segments) but I imagine that it might be more important to be
able to reuse VLAN ids across segments because VLAN ids can be scarce.
That would require that the physical network be unique for each.

I think this discussion is about what is the right thing to do
regardless of what the routed networks use case might or might not
need.  What are other use cases that might be relevant to this
discussion?

Carl

[1] 
https://github.com/openstack/neutron/blob/4a6d05e410/neutron/extensions/providernet.py#L33
[2] 
https://github.com/openstack/neutron/blob/4a6d05e410/neutron/plugins/ml2/drivers/mech_agent.py#L180
[3] https://review.openstack.org/#/c/205631/

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [Neutron]Relationship between physical networks and segment

[Miguel Lavalle]

Hi,

I am writing a patchset to build a mapping between hosts and network
segments. The goal of this mapping is to be able to say whether a host has
access to a given network segment. I am building this mapping assuming that
if a host A has a bridges mapping containing 'physnet 1' and a segment has
'physnet 1' in its 'physical_network' attribute, then the host has access
to that segment.

1) Is this assumption correct? Looking at method check_segment_for_agent in
http://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/drivers/mech_agent.py#n180
seems to me to suggest that my assumption is correct?

2) Furthermore, when a segment is mapped to a physical network, is there a
one to one relationship between segments and physical nets?

Thanks
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev