Hi, Thanks Brady for the slides.
I have included some comments inside the slides specially to clarify a bit more about avoiding re-classification and obtention of destination (or originating depending of the option) br-int Best regards, Juanma From: [email protected] [mailto:[email protected]] On Behalf Of Andre Fredette Sent: miércoles, 08 de marzo de 2017 2:31 To: Brady Allen Johnson <[email protected]> Cc: [email protected]; [email protected]; [email protected]; [email protected]; Dayavanti Gopal Kamath <[email protected]>; Vishal Thapar <[email protected]> Subject: Re: [sfc-dev] Slides detailing new Netvirt classifier and Genius/SFC/Netvirt integration Thanks Brady for putting this together. I wanted to add a few more comments on: 1. Need for packet handoffs NetVirt <-> SFC 2. Priority ordering of SFC pipelines. 3. Non-NSH service chaining. Brady discussed some of the packet flows on his slides 5-6. Slides 4-6 in [2] may be useful for understanding why we need to be able to hand packets off both from NetVirt -> SFC, and from SFC -> NetVirt. It seems this would require either resubmitting packets from egress back to ingress, or sending packets from a lower priority pipeline to a higher priority pipeline. In either case, we'd need to think about preventing loops. E.g., we could have a "recirc" flag in the packet metadata, and make sure this happens at most once. Re: Order of [P1, P2, P3]: I'd like to highlight the point that the pipeline needs to handle both service chained and non-service chained (regular packets. e.g., management of the service function). Slide 6 in [2]. It seems that the service chained traffic should bypass the ingress security group rules. This is why I suggested putting SFC above Ingress ACL in [3]. Also, if we use the preferred SFC chain egress alternative, we'll never go from SFC classifer directly to SFC, so there's no need to have SFC classifier run before SFC. For these reasons, I proposed the order in [3]. I think we should also consider how to handle non-NSH service chaining, and I've added some thoughts in [2] on how to deal with this case. [2] https://docs.google.com/presentation/d/1BeSynV9trxq8q0Reh-cA-8PghXwbPiJq8pQgCYE8Wog/edit?usp=sharing [3] https://docs.google.com/presentation/d/1LCdBzWWWvS5usZQUyg8JuHWK4ccxSkZZwIf7RzE310Y/edit?usp=sharing Thanks, Andre On Tue, Mar 7, 2017 at 8:41 AM, Brady Allen Johnson <[email protected]<mailto:[email protected]>> wrote: Right, only in Netvirt. As I understood it, the only thing we needed from Genius was a new Id/Priority for the classifier, but the classifier would be implemented in the new Netvirt. Thanks, Brady -----Original Message----- From: David Suarez Fuentes <[email protected]<mailto:david%20suarez%20fuentes%20%[email protected]%3e>> To: Brady Allen Johnson <[email protected]<mailto:brady%20allen%20johnson%20%[email protected]%3e>>, [email protected]<mailto:[email protected]> <[email protected]<mailto:%[email protected]%22%20%[email protected]%3e>>, [email protected]<mailto:[email protected]> <[email protected]<mailto:%[email protected]%22%20%[email protected]%3e>>, [email protected]<mailto:[email protected]> <[email protected]<mailto:%[email protected]%22%20%[email protected]%3e>>, [email protected]<mailto:[email protected]> <[email protected]<mailto:%[email protected]%22%20%[email protected]%3e>> Cc: [email protected]<mailto:[email protected]> <[email protected]<mailto:%[email protected]%22%20%[email protected]%3e>>, Dayavanti Gopal Kamath <[email protected]<mailto:dayavanti%20gopal%20kamath%20%[email protected]%3e>>, Vishal Thapar <[email protected]<mailto:vishal%20thapar%20%[email protected]%3e>>, [email protected]<mailto:[email protected]> <[email protected]<mailto:%[email protected]%22%20%[email protected]%3e>> Subject: Re: [sfc-dev] Slides detailing new Netvirt classifier and Genius/SFC/Netvirt integration Date: Tue, 7 Mar 2017 13:40:03 +0000 Hi Brady, I like the Alternative 1 as you describe in the presentation, I think it is clear. I guess this means that we are not going to implement the "generic classifier" in Genius, but just in Netvirt, right? Best regards, David Suárez. ________________________________ De: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> en nombre de Brady Allen Johnson <[email protected]<mailto:[email protected]>> Enviado: martes, 7 de marzo de 2017 13:44:30 Para: [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]> Cc: [email protected]<mailto:[email protected]>; Dayavanti Gopal Kamath; Vishal Thapar; [email protected]<mailto:[email protected]> Asunto: Re: [sfc-dev] Slides detailing new Netvirt classifier and Genius/SFC/Netvirt integration Alon, Answers to your questions: I already added permissions for comments. I'll look into setting the TunIpv4Dst/VNID, but we're able to set it today, so it shouldnt be too problematic. As for when the packets go through the classifier: The classifier will call the push_nsh OpenFlow action, which does nothing more than set some fields in the OVS metadata. The rest of the pipeline will still be able to access the original pipeline as if there was nothing NSH associated. The actual NSH header is encapsulated when the packet egresses the Vxgpe port. That is, if we did an OpenFlow push_nsh, but then just sent the packet out a normal TAP port, nothing NSH would be added to the packet. We would reach SFC with C1/C2 set once the packet has egressed the br-int where the classifier is located: which would be when the packets return from an SF, when they are received in an SFF by the classifier on a different br-int, or when they are sent SFF-SFF. SFF-SFF is for when an SF is on one SFF, and the next SF is on another SFF. Regards, Brady -----Original Message----- From: Brady Johnson <[email protected]<mailto:brady%20johnson%20%[email protected]%3e>> To: "Kochba, Alon" <[email protected]<mailto:%22Kochba,%20alon%22%20%[email protected]%3e>>, Brady Allen Johnson <[email protected]<mailto:brady%20allen%20johnson%20%[email protected]%3e>>, [email protected]<mailto:[email protected]> <[email protected]<mailto:%[email protected]%22%20%[email protected]%3e>>, [email protected]<mailto:[email protected]> <[email protected]<mailto:%[email protected]%22%20%[email protected]%3e>> Cc: Vishal Thapar <[email protected]<mailto:vishal%20thapar%20%[email protected]%3e>>, "Ben-Meir, Tali" <[email protected]<mailto:%22Ben-Meir,%20tali%22%20%[email protected]%3e>>, Dayavanti Gopal Kamath <[email protected]<mailto:dayavanti%20gopal%20kamath%20%[email protected]%3e>>, [email protected]<mailto:[email protected]> <[email protected]<mailto:%[email protected]%22%20%[email protected]%3e>> Subject: Re: [sfc-dev] Slides detailing new Netvirt classifier and Genius/SFC/Netvirt integration Date: Tue, 7 Mar 2017 12:21:00 +0000 Here's the correct link: https://docs.google.com/presentation/d/1gN8GnpVGwku4mp1on7EBZiE41RI7lZ-FFmFS2QlUTKk/edit?usp=drivesdk On Tue, Mar 7, 2017, 12:48 Kochba, Alon <[email protected]<mailto:[email protected]>> wrote: Thanks Brady! I think you forgot the link [0], added below ☺ Could you open comment permissions for everyone so we can comment on the doc itself? Looks much clearer now.. I think you might run into some trouble copying the tunnel destination IP and VNI into the NSH in the egress dispatcher. There is ongoing work in Genius to have tunnels go through the egress dispatcher - need to sync with Faseela on how this would work together, here's the spec [1]. You also mentioned tunnel destination IP, today it's not openflow based yet but that's being worked on for Carbon as well. Another point for thought is the case where you go through the classifier, add the NSH (but don't set C1/C2). You then plan to go to the SFC service, and send it to the rest of the pipeline since C1/C2 isn't set - I'm not sure how the netvirt pipeline would react to this packet (or is the NSH header not pushed until the actual output?) Also when would we reach SFC with C1/C2 actually set? [0] https://docs.google.com/presentation/d/1gN8GnpVGwku4mp1on7EBZiE41RI7lZ-FFmFS2QlUTK [1] http://docs.opendaylight.org/en/latest/submodules/genius/docs/specs/service-binding-on-tunnels.html --alon From: Brady Allen Johnson [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, 7 March 2017 13:02 To: [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]> Cc: Ben-Meir, Tali <[email protected]<mailto:[email protected]>>; Vinayak Joshi <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]>; Dayavanti Gopal Kamath <[email protected]<mailto:[email protected]>>; David Suarez Fuentes <[email protected]<mailto:[email protected]>>; Vivek Srivastava V <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]>; Vishal Thapar <[email protected]<mailto:[email protected]>>; Diego Jesus Granados Lopez <[email protected]<mailto:[email protected]>>; Miguel Duarte DE MORA BARROSO <[email protected]<mailto:[email protected]>>; Kochba, Alon <[email protected]<mailto:[email protected]>> Subject: Slides detailing new Netvirt classifier and Genius/SFC/Netvirt integration Hello all, We have been discussing how to create the new Netvirt classifier and how to integrate Netvirt, SFC, and Genius together, and I tried to capture what's been discussed so far and create a solution. Here [0] are the slides. We can discuss this further in tomorrow's ODL SFC weekly meeting. Or if necessary, we can create a dedicated meeting today, just let me know. Implementation will start on this very soon (as in this week). Regards, Brady _______________________________________________ sfc-dev mailing list [email protected]<mailto:[email protected]> https://lists.opendaylight.org/mailman/listinfo/sfc-dev _______________________________________________ sfc-dev mailing list [email protected]<mailto:[email protected]> https://lists.opendaylight.org/mailman/listinfo/sfc-dev
_______________________________________________ sfc-dev mailing list [email protected] https://lists.opendaylight.org/mailman/listinfo/sfc-dev
