Versions Compared

Old Version 20

changes.mady.by.user Venkata Siva Vijayendra Bhamidipati

Saved on

compared with

New Version Current

changes.mady.by.user Sheng Yang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

  • For OVS, flow table need following modifications:
    • 1. For each VM:
        Outgoing tag with pvlan:
        • <a> Tagged isolated vlan and go through flow-table again(for DHCP server specify handling):
          • priority=50,dl_vlan=0xffff,dl_src=
        <VM MAC>
          • $vm_mac,actions=mod_vlan_vid:
        <secondary isolated vlan>,output:<trunk port>2. For each VM in the same host as DHCP server:
        <a> Allow communitcation with DHCP server(e.g. DNS): priority=120,dl_src=<VM MAC>,dl_dst=<DHCP MAC> actions=NORMAL
        <b> Allow DHCP request: priority=80,udp
          • $sec_iso_vlan,resubmit:$trunk_port
        • <b> If there is no other process in the flow table, then output to trunk port:
          • priority=60,dl_vlan=$sec_iso_vlan,dl_src=
        <VM MAC>,nw_dst=255.255.255.255,tp_dst=67 actions=NORMAL
          • $vm_mac,actions=output:$trunk_port
      • 2
        • It's less ideal to have different type of configuration for VM in the different host, but the reason we need this is the supported version of OpenFlow is current 1.0 on OVS, which doesn't have multiple flowtables. All the operation must be processed by only one table. If we can use multiple flowtables in the future, we can simply put rule 1 processed before rule 3, thus achieve the same effort, since the second flowtable can get the revert the tagged isolated VLAN and send the traffic to DHCP server.
        3. For each host has DHCP server:
        • <a> ARP for DHCP server from
        outside
        • other hosts:
          • priority=200,arp,dl_vlan=
        <secondary isolated vlan>
          • $sec_iso_vlan,nw_dst=
        <DHCP IP>
          • $dhcp_ip,actions=
        mod
          • strip_vlan
        _vid:<primary vlan>,NORMAL
        <b> ARP for DHCP server: priority=180,arp,nw_dst=<DHCP IP> actions=NORMAL
        <c>
          • ,output:$dhcp_port
        • <b> Accept packets from outside(e.g. DNS):
          • priority=150,dl_vlan=
        <secondary isolated vlan>
          • $sec_iso_vlan,dl_dst=
        <DHCP MAC>
          • $dhcp_mac,actions=
        mod
          • strip_vlan
        _vid:<primary vlan>,NORMAL
        <d>
          • ,output:$dhcp_port
        • <c> Accept DHCP request from
        outside
        • other hosts:
          • priority=100,udp,dl_vlan=
        <secondary isolated vlan>
          • $sec_iso_vlan,nw_dst=255.255.255.255,tp_dst=67,actions=
        mod
          • strip_vlan
        _vid:<primary vlan>,NORMAL
          • ,output:$dhcp_port
    • The VM migration and host restart would affect the rules, need to be reprogrammed.

    ...

    PVLAN can be enabled on shared networks. Shared networks are created by admin users, end user vms are allowed to have nics on shared networks.
    Modify createNetworkCmd (for shared networks)

    • Add a new parameter: secondary_isolated_vlanisolatedpvlan:
      • Not a required paramter. if the parameter is not null, then PVLAN would be enabled.
      • When the parameter is set, it must be advance shared network.

    DB changes

    ...

    Cisco Nexus 1000v specific changes

    ...