|
|
(2 intermediate revisions by the same user not shown) |
Line 1: |
Line 1: |
| OpenFlow1.3 flow table for OFAgent | | OpenFlow1.3 flow table for OFAgent |
| | | |
− | WIP implementation: https://github.com/yamt/neutron/tree/ofagent-merge-bridges
| + | moved to: http://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ofagent/agent/flows.py |
− | | |
− | * requirements
| |
− | ** plain OpenFlow 1.3. no vendor extensions.
| |
− | | |
− | * todo: VXLAN (same as GRE?)
| |
− | * todo: what to do for mpnet?
| |
− | | |
− | * legends
| |
− | xxx: network id (agent internal use)
| |
− | yyy: segment id (vlan id, gre key, ...)
| |
− | a,b,c: tunnel port (tun_ofports, map[net_id].tun_ofports)
| |
− | i,j,k: vm port (map[net_id].vif_ports[vif_id].ofport)
| |
− | x,y,z: physical port (int_ofports)
| |
− | N: tunnel type (0 for TYPE_GRE, 1 for TYPE_xxx, ...)
| |
− | uuu: unicast l2 address
| |
− | | |
− | * tables (in order)
| |
− | CHECK_IN_PORT
| |
− | TUNNEL_IN+N
| |
− | PHYS_IN
| |
− | LOCAL_IN
| |
− | TUNNEL_OUT
| |
− | LOCAL_OUT
| |
− | PHYS_OUT
| |
− | TUNNEL_FLOOD+N
| |
− | PHYS_FLOOD
| |
− | LOCAL_FLOOD
| |
− | | |
− | * CHECK_IN_PORT
| |
− | | |
− | for each vm ports:
| |
− | in_port=i, write_metadata(xxx),goto(LOCAL_IN) // port_bound
| |
− | TYPE_GRE
| |
− | for each tunnel ports:
| |
− | in_port=a, goto(TUNNEL_IN+N) // setup_tunnel_port
| |
− | TYPE_VLAN
| |
− | for each networks ports:
| |
− | // _provision_local_vlan_vlan
| |
− | in_port=x,vlan_vid=present|yyy, write_metadata(xxx),goto(PHYS_IN)
| |
− | TYPE_FLAT
| |
− | // _provision_local_vlan_vlan
| |
− | in_port=x, write_metadata(xxx),goto(PHYS_IN)
| |
− | default drop
| |
− | | |
− | * TUNNEL_IN+N (per tunnel types) tunnel -> network
| |
− | | |
− | TYPE_GRE
| |
− | for each networks: // _provision_local_vlan_tunnel
| |
− | // don't goto(TUNNEL_OUT) as it can create a loop with meshed tunnels
| |
− | // what to do when using multiple tunnel types?
| |
− | tun_id=yyy, write_metadata(xxx),goto(PHYS_OUT)
| |
− | | |
− | default drop
| |
− | | |
− | * PHYS_IN
| |
− | default goto(TUNNEL_OUT)
| |
− | | |
− | * LOCAL_IN
| |
− | ** todo: local arp responder
| |
− | | |
− | default goto(next_table)
| |
− | | |
− | * TUNNEL_OUT
| |
− | TYPE_GRE
| |
− | // _add_fdb_flow (!FLOODING_ENTRY)
| |
− | metadata=xxx,eth_dst=uuu set_tunnel(yyy),output:a
| |
− | | |
− | default goto(next table)
| |
− | | |
− | * LOCAL_OUT
| |
− | ** todo: probably make get_device_details to return vm mac address?
| |
− | | |
− | for each known destinations:
| |
− | // port_bound
| |
− | metadata=xxx,eth_dst=uuu output:i
| |
− | default goto(next table)
| |
− | | |
− | * PHYS_OUT
| |
− | ** todo: learning and/or l2 pop
| |
− | | |
− | for each known destinations: (is this even possible for VLAN???)
| |
− | TYPE_VLAN
| |
− | metadata=xxx,eth_dst=uuu push_vlan,set_field:present|yyy->vlan_vid,output:a
| |
− | default goto(next table)
| |
− | | |
− | * TUNNEL_FLOOD+N. (per tunnel types)
| |
− | | |
− | network -> tunnel/vlan
| |
− | output to tunnel/physical ports
| |
− | "next table" might be LOCAL_OUT
| |
− | TYPE_GRE
| |
− | for each networks: // _add_fdb_flow (FLOODING_ENTRY)
| |
− | metadata=xxx, set_tunnel(yyy),output:a,b,c,goto(next table)
| |
− | | |
− | default goto(next table)
| |
− | | |
− | * PHYS_FLOOD
| |
− | | |
− | TYPE_VLAN
| |
− | for each networks:
| |
− | // _provision_local_vlan_vlan
| |
− | metadata=xxx, push_vlan:0x8100,set_field:present|yyy->vlan_vid,output:x,pop_vlan,goto(next table)
| |
− | TYPE_FLAT
| |
− | for each networks:
| |
− | // _provision_local_vlan_vlan
| |
− | metadata=xxx, output:x,goto(next table)
| |
− | | |
− | default goto(next table)
| |
− | | |
− | * LOCAL_FLOOD
| |
− | ** todo: learning and/or l2 pop
| |
− | | |
− | for each networks:
| |
− | // port_bound
| |
− | metadata=xxx, output:i,j,k
| |
− | or
| |
− | metadata=xxx,eth_dst=broadcast, output:i,j,k
| |
− | | |
− | default drop
| |
− | | |
− | * references
| |
− | ** similar attempts for OVS agent https://wiki.openstack.org/wiki/Ovs-flow-logic
| |
− | *** we use metadata instead of "internal" VLANs
| |
− | *** we don't want to use NX learn action
| |