Difference between revisions of "Tacker/neutron-port-attributes"
(→summary) |
(→summary) |
||
| Line 7: | Line 7: | ||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
|- | |- | ||
| − | ! Requirement !! class="unsortable" | Description !! Priority !! class="unsorable" | Blueprint Link !! class="unsortable" | design link !! class="unsortable"|Patch Link | + | ! Requirement !! class="unsortable" | Description !! Priority !! class="unsorable" | Blueprint Link !! class="unsortable" | design link !! class="unsortable"|Patch Link !! class="unsorable"|Use Case |
|- | |- | ||
| VLAN trunkport/l2-gateway | | VLAN trunkport/l2-gateway | ||
| Line 15: | Line 15: | ||
| https://review.openstack.org/97714 https://review.openstack.org/#/c/94612/ | | https://review.openstack.org/97714 https://review.openstack.org/#/c/94612/ | ||
| https://review.openstack.org/#/c/92541/ | | https://review.openstack.org/#/c/92541/ | ||
| + | | | ||
|- | |- | ||
| unfirewalled port | | unfirewalled port | ||
| − | | disable security group/anti-spoofing etc | + | | disable security group/anti-spoofing etc. Fix Security Groups to disable anti-spoofing mechanism to allow non VM IP/mac addresses in traffic from the Service VMs. |
| + | security group should be more flexible that allows the service VMs to spoof ip or MAC. Ability to disable security groups on service VM port, at least ML2 OVS mechanism driver (e.g., by implementing the "port-security" extension | ||
| High | | High | ||
| https://blueprints.launchpad.net/neutron/+spec/nfv-unaddressed-interfaces | | https://blueprints.launchpad.net/neutron/+spec/nfv-unaddressed-interfaces | ||
| https://review.openstack.org/97715 | | https://review.openstack.org/97715 | ||
| | | | ||
| + | | router/vpm vm | ||
|- | |- | ||
| unaddressed port | | unaddressed port | ||
| − | | allow port creation without IP/MAC address | + | | allow port creation without IP/MAC address. |
| − | | | + | | Middle? |
| + | | | ||
| | | | ||
| | | | ||
| Line 34: | Line 38: | ||
| | | | ||
| | | | ||
| + | | | ||
| | | | ||
| + | | redundant port to back up each other and both them have the same MAC and IP | ||
| + | |- | ||
| + | | port without subnet | ||
| + | | port that isn't attached to any subnet. It Thus port without IP address | ||
| + | | | ||
| + | | | ||
| + | | | ||
| + | | | ||
| + | | | ||
| + | |- | ||
| + | | Unplugged port | ||
| + | | allow port creation without associating any network/subnetwork. Allow VM creation with such port. And later those port will be pluged into network/subnet and given IP address | ||
| + | | | ||
| + | | | ||
| + | | | ||
| + | | | ||
| | | | ||
|} | |} | ||
Revision as of 06:21, 11 June 2014
Contents
Neutron port attribute enhancement
NFV and ServiceVM need extensions/enhancements for neutron port. With this page, use cases/requirements are collected and then they will be broken down to actual blueprints and implemtations.
summary
| Requirement | Description | Priority | Blueprint Link | design link | Patch Link | Use Case |
|---|---|---|---|---|---|---|
| VLAN trunkport/l2-gateway | High | https://blueprints.launchpad.net/neutron/+spec/vlan-aware-vms, https://blueprints.launchpad.net/neutron/+spec/l2-gateway | https://review.openstack.org/97714 https://review.openstack.org/#/c/94612/ | https://review.openstack.org/#/c/92541/ | ||
| unfirewalled port | disable security group/anti-spoofing etc. Fix Security Groups to disable anti-spoofing mechanism to allow non VM IP/mac addresses in traffic from the Service VMs.
security group should be more flexible that allows the service VMs to spoof ip or MAC. Ability to disable security groups on service VM port, at least ML2 OVS mechanism driver (e.g., by implementing the "port-security" extension |
High | https://blueprints.launchpad.net/neutron/+spec/nfv-unaddressed-interfaces | https://review.openstack.org/97715 | router/vpm vm | |
| unaddressed port | allow port creation without IP/MAC address. | Middle? | ||||
| sharing mac/IP addres | share a (virtual) mac/IP address by multiple service VM instances or even the two ports on the same VM | redundant port to back up each other and both them have the same MAC and IP | ||||
| port without subnet | port that isn't attached to any subnet. It Thus port without IP address | |||||
| Unplugged port | allow port creation without associating any network/subnetwork. Allow VM creation with such port. And later those port will be pluged into network/subnet and given IP address |
routing/VPM VM
Use case
Service VM implements some service, e.g., routing or VPN. That VM will then be connected to a number of Neutron Networks/Subnets in some tenant. To provide its service the VM must be able to FORWARD traffic (i.e., packets come in on one VM interface and same packets leave on another one).
Requirement
It must be possible to disable security groups on Neutron Ports used by a service VM. There exists an extension for this: https://github.com/openstack/neutron/blob/master/neutron/extensions/portsecurity.py However it is not implemented by the free plugins like ML2, Openvswitch etc.
