Jump to: navigation, search

Difference between revisions of "Tacker/neutron-port-attributes"

(summary: added the link to l2-gateway spec)
(summary)
Line 33: Line 33:
 
|
 
|
 
|
 
|
|
+
|a FW that deployed in the pump-in-the-wire mode or tap mode
 
|-
 
|-
 
| sharing mac/IP addres
 
| sharing mac/IP addres

Revision as of 05:56, 17 June 2014

Neutron port attribute enhancement

NFV and ServiceVM need extensions/enhancements for neutron port. With this page, use cases/requirements are collected and then they will be broken down to actual blueprints and implemtations. For non-port related stuff, please refer to https://wiki.openstack.org/wiki/ServiceVM/neutron-and-other-project-items

summary

Requirement Description Priority Blueprint Link design link Patch Link Use Case
VLAN trunkport/l2-gateway High https://blueprints.launchpad.net/neutron/+spec/vlan-aware-vms, https://blueprints.launchpad.net/neutron/+spec/l2-gateway https://review.openstack.org/97714 https://review.openstack.org/#/c/94612/ https://review.openstack.org/#/c/100278/ https://review.openstack.org/#/c/92541/
unfirewalled port disable security group/anti-spoofing etc. Fix Security Groups to disable anti-spoofing mechanism to allow non VM IP/mac addresses in traffic from the Service VMs.

security group should be more flexible that allows the service VMs to spoof ip or MAC. Ability to disable security groups on service VM port, at least ML2 OVS mechanism driver (e.g., by implementing the "port-security" extension

High https://blueprints.launchpad.net/neutron/+spec/nfv-unaddressed-interfaces https://blueprints.launchpad.net/neutron/+spec/ml2-ovs-portsecurity https://review.openstack.org/97715 https://review.openstack.org/#/c/99873/ router/vpm vm
unaddressed port allow port creation without IP/MAC address. Middle? a FW that deployed in the pump-in-the-wire mode or tap mode
sharing mac/IP addres share a (virtual) mac/IP address by multiple service VM instances or even the two ports on the same VM redundant port to back up each other and both them have the same MAC and IP
port without subnet port that isn't attached to any subnet. It Thus port without IP address
Unplugged port allow port creation without associating any network/subnetwork. Allow VM creation with such port. And later those port will be pluged into network/subnet and given IP address

routing/VPM VM

Use case

Service VM implements some service, e.g., routing or VPN. That VM will then be connected to a number of Neutron Networks/Subnets in some tenant. To provide its service the VM must be able to FORWARD traffic (i.e., packets come in on one VM interface and same packets leave on another one).

Requirement

It must be possible to disable security groups on Neutron Ports used by a service VM. There exists an extension for this: https://github.com/openstack/neutron/blob/master/neutron/extensions/portsecurity.py However it is not implemented by the free plugins like ML2, Openvswitch etc.

Use Case Name

Use case

Requirement