Neutron/OFAgent/FlowTable
OpenFlow1.3 flow table for OFAgent
WIP implementation: https://github.com/yamt/neutron/tree/ofagent-merge-bridges
- requirements
- plain OpenFlow 1.3. no vendor extensions.
- todo: VXLAN (same as GRE?)
- legends
xxx: network id (agent internal use) yyy: segment id (vlan id, gre key, ...) a,b,c: tunnel port (tun_ofports, map[net_id].tun_ofports) i,j,k: vm port (map[net_id].vif_ports[vif_id].ofport) x,y,z: physical port (int_ofports) N: tunnel type (0 for TYPE_GRE, 1 for TYPE_xxx, ...) uuu: unicast l2 address
- tables (in order)
CHECK_IN_PORT TUNNEL_IN+N PHYS_IN LOCAL_IN TUNNEL_OUT PHYS_OUT LOCAL_OUT TUNNEL_FLOOD+N PHYS_FLOOD LOCAL_FLOOD
- CHECK_IN_PORT
for each vm ports: in_port=i, write_metadata(xxx),goto(ARP_PROXY) // port_bound TYPE_GRE for each tunnel ports: in_port=a, goto(TUNNEL_IN+N) // setup_tunnel_port TYPE_VLAN for each physical ports: in_port=x, goto(PHYS_IN) TYPE_FLAT in_port=x, goto(PHYS_IN) default drop
- TUNNEL_IN+N (per tunnel types) tunnel -> network
TYPE_GRE for each networks: // _provision_local_vlan_tunnel // don't goto(TUNNEL_OUT) as it can create a loop with meshed tunnels // what to do when using multiple tunnel types? tun_id=yyy, write_metadata(xxx),goto(PHYS_OUT)
default drop
- PHYS_IN // for vlan and flat
TYPE_VLAN for each networks: vlan_vid=present|yyy, write_metadata(xxx),pop_vlan,goto(TUNNEL_OUT)
TYPE_FLAT // XXX vlan_vid=none check necessary?? it's what OVS agent does. vlan_vid=none, write_metadata(xxx),pop_vlan,goto(TUNNEL_OUT)
default drop
- LOCAL_IN
- todo: local arp responder
default goto(next_table)
- TUNNEL_OUT
TYPE_GRE // _add_fdb_flow (!FLOODING_ENTRY) metadata=xxx,eth_dst=uuu set_tunnel(yyy),output:a
default goto(next table)
- PHYS_OUT
- todo: learning and/or l2 pop
for each known destinations: TYPE_VLAN metadata=xxx,eth_dst=uuu push_vlan,set_field:present|yyy->vlan_vid,output:a default goto(next table)
- LOCAL_OUT
- todo: learning and/or l2 pop
for each known destinations: metadata=xxx,eth_dst=uuu output:i default goto(next table)
- TUNNEL_FLOOD+N. (per tunnel types)
network -> tunnel/vlan output to tunnel/physical ports "next table" might be LOCAL_OUT TYPE_GRE for each networks: // _add_fdb_flow (FLOODING_ENTRY) metadata=xxx, set_tunnel(yyy),output:a,b,c,goto(next table)
default goto(next table)
- PHYS_FLOOD
TYPE_VLAN for each networks: metadata=xxx, push_vlan:0x8100,set_field:present|yyy->vlan_vid,output:x,y,z,goto(next table) TYPE_FLAT for each networks: metadata=xxx, output:x,y,z,goto(next table) default goto(next table)
- LOCAL_FLOOD
- todo: learning and/or l2 pop
for each networks: metadata=xxx, output:i,j,k // port_bound default drop
- references
- similar attempts for OVS agent https://wiki.openstack.org/wiki/Ovs-flow-logic
- we use metadata instead of "internal" VLANs
- we don't want to use NX learn action
- similar attempts for OVS agent https://wiki.openstack.org/wiki/Ovs-flow-logic