[ovs-dev,3/3] ovn-sb: Describe the pipeline stages generated by ovn-northd.
diff mbox

Message ID 1441153303-86713-3-git-send-email-jpettit@nicira.com
State Accepted
Headers show

Commit Message

Justin Pettit Sept. 2, 2015, 12:21 a.m. UTC
Signed-off-by: Justin Pettit <jpettit@nicira.com>
---
 ovn/ovn-sb.xml |   43 +++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 43 insertions(+), 0 deletions(-)

Comments

Russell Bryant Sept. 2, 2015, 12:37 a.m. UTC | #1
On 09/01/2015 08:21 PM, Justin Pettit wrote:
> Signed-off-by: Justin Pettit <jpettit@nicira.com>

some wording suggestions inline, but otherwise:

Acked-by: Russell Bryant <rbryant@redhat.com>

> ---
>  ovn/ovn-sb.xml |   43 +++++++++++++++++++++++++++++++++++++++++++
>  1 files changed, 43 insertions(+), 0 deletions(-)
> 
> diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml
> index 38837c1..cbae2e9 100644
> --- a/ovn/ovn-sb.xml
> +++ b/ovn/ovn-sb.xml
> @@ -321,6 +321,49 @@
>        the logical output port replaced by the group member.
>      </p>
>  
> +    <p><em>Pipeline Stages</em></p>
> +
> +    <p>
> +      <code>ovn-northd</code> is responsible for populating the
> +      <ref table="Logical_Flow"/>, so the stages are an implementation

Should you add "table" here?

  the <ref table="Logical_Flow"/> table

> +      detail and subject to change.  This section describes the current
> +      logical flow table.
> +    </p>
> +
> +    <p>
> +      The ingress pipeline consists of the following stages:
> +    </p>
> +    <ul>
> +      <li>
> +        Port Security (Table 0): Validates the source address, drops
> +        packets with a VLAN tag, and, if configured, verifies that the
> +        logical port is allowed to send with the source address.
> +      </li>
> +
> +      <li>
> +        L2 Destination Lookup (Table 1): Forwards known unicast
> +        addresses to the appropriate logical port.  Unicast packets to
> +        unknown hosts are forwarded to logical ports configured to have
> +        an <code>unknown</code> addresses.  Broadcast, and multicast are

"an unknown addresses" would read better as "an unknown set of
addresses" or just "unknown addresses".

> +        flooded to all ports in the logical switch.
> +      </li>
> +    </ul>
> +
> +    <p>
> +      The egress pipeline consists of the following stages:
> +    </p>
> +    <ul>
> +      <li>
> +        ACL (Table 0): Applies any specified access control lists.
> +      </li>
> +
> +      <li>
> +        Port Security (Table 1): If configured, verifies that the
> +        logical port is allowed to receive packets with the destination
> +        address.
> +      </li>
> +    </ul>
> +
>      <column name="logical_datapath">
>        The logical datapath to which the logical flow belongs.
>      </column>
>
Justin Pettit Sept. 2, 2015, 1:02 a.m. UTC | #2
> On Sep 1, 2015, at 5:37 PM, Russell Bryant <rbryant@redhat.com> wrote:
> 
> On 09/01/2015 08:21 PM, Justin Pettit wrote:
>> Signed-off-by: Justin Pettit <jpettit@nicira.com>
>> 
>> +      <code>ovn-northd</code> is responsible for populating the
>> +      <ref table="Logical_Flow"/>, so the stages are an implementation
> 
> Should you add "table" here?
> 
>  the <ref table="Logical_Flow"/> table

Done.  Thanks.

>> +        L2 Destination Lookup (Table 1): Forwards known unicast
>> +        addresses to the appropriate logical port.  Unicast packets to
>> +        unknown hosts are forwarded to logical ports configured to have
>> +        an <code>unknown</code> addresses.  Broadcast, and multicast are
> 
> "an unknown addresses" would read better as "an unknown set of
> addresses" or just "unknown addresses".

The <code> block was trying to indicate the special value "unknown" in the "mac" column, not emphasize it.  How about this instead?

        Unicast packets to unknown hosts are forwarded to
        logical ports configured with the special <code>unknown</code> 
        mac address. 

--Justin
Russell Bryant Sept. 2, 2015, 1:09 a.m. UTC | #3
On 09/01/2015 09:02 PM, Justin Pettit wrote:
> 
>> On Sep 1, 2015, at 5:37 PM, Russell Bryant <rbryant@redhat.com> wrote:
>>
>> On 09/01/2015 08:21 PM, Justin Pettit wrote:
>>> Signed-off-by: Justin Pettit <jpettit@nicira.com>
>>>
>>> +      <code>ovn-northd</code> is responsible for populating the
>>> +      <ref table="Logical_Flow"/>, so the stages are an implementation
>>
>> Should you add "table" here?
>>
>>  the <ref table="Logical_Flow"/> table
> 
> Done.  Thanks.
> 
>>> +        L2 Destination Lookup (Table 1): Forwards known unicast
>>> +        addresses to the appropriate logical port.  Unicast packets to
>>> +        unknown hosts are forwarded to logical ports configured to have
>>> +        an <code>unknown</code> addresses.  Broadcast, and multicast are
>>
>> "an unknown addresses" would read better as "an unknown set of
>> addresses" or just "unknown addresses".
> 
> The <code> block was trying to indicate the special value "unknown" in the "mac" column, not emphasize it.  How about this instead?

Right, I was just lazy and didn't re-type it.  I meant for it to still
be there.

>         Unicast packets to unknown hosts are forwarded to
>         logical ports configured with the special <code>unknown</code> 
>         mac address. 

Perfect, thanks.
Justin Pettit Sept. 2, 2015, 1:12 a.m. UTC | #4
> On Sep 1, 2015, at 6:09 PM, Russell Bryant <rbryant@redhat.com> wrote:
> 
> On 09/01/2015 09:02 PM, Justin Pettit wrote:
>> 
>>> On Sep 1, 2015, at 5:37 PM, Russell Bryant <rbryant@redhat.com> wrote:
>>> 
>>> On 09/01/2015 08:21 PM, Justin Pettit wrote:
>>>> Signed-off-by: Justin Pettit <jpettit@nicira.com>
>>>> 
>>>> +      <code>ovn-northd</code> is responsible for populating the
>>>> +      <ref table="Logical_Flow"/>, so the stages are an implementation
>>> 
>>> Should you add "table" here?
>>> 
>>> the <ref table="Logical_Flow"/> table
>> 
>> Done.  Thanks.
>> 
>>>> +        L2 Destination Lookup (Table 1): Forwards known unicast
>>>> +        addresses to the appropriate logical port.  Unicast packets to
>>>> +        unknown hosts are forwarded to logical ports configured to have
>>>> +        an <code>unknown</code> addresses.  Broadcast, and multicast are
>>> 
>>> "an unknown addresses" would read better as "an unknown set of
>>> addresses" or just "unknown addresses".
>> 
>> The <code> block was trying to indicate the special value "unknown" in the "mac" column, not emphasize it.  How about this instead?
> 
> Right, I was just lazy and didn't re-type it.  I meant for it to still
> be there.
> 
>>        Unicast packets to unknown hosts are forwarded to
>>        logical ports configured with the special <code>unknown</code> 
>>        mac address. 
> 
> Perfect, thanks.

Thanks for the reviews.  I pushed the series.

--Justin

Patch
diff mbox

diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml
index 38837c1..cbae2e9 100644
--- a/ovn/ovn-sb.xml
+++ b/ovn/ovn-sb.xml
@@ -321,6 +321,49 @@ 
       the logical output port replaced by the group member.
     </p>
 
+    <p><em>Pipeline Stages</em></p>
+
+    <p>
+      <code>ovn-northd</code> is responsible for populating the
+      <ref table="Logical_Flow"/>, so the stages are an implementation
+      detail and subject to change.  This section describes the current
+      logical flow table.
+    </p>
+
+    <p>
+      The ingress pipeline consists of the following stages:
+    </p>
+    <ul>
+      <li>
+        Port Security (Table 0): Validates the source address, drops
+        packets with a VLAN tag, and, if configured, verifies that the
+        logical port is allowed to send with the source address.
+      </li>
+
+      <li>
+        L2 Destination Lookup (Table 1): Forwards known unicast
+        addresses to the appropriate logical port.  Unicast packets to
+        unknown hosts are forwarded to logical ports configured to have
+        an <code>unknown</code> addresses.  Broadcast, and multicast are
+        flooded to all ports in the logical switch.
+      </li>
+    </ul>
+
+    <p>
+      The egress pipeline consists of the following stages:
+    </p>
+    <ul>
+      <li>
+        ACL (Table 0): Applies any specified access control lists.
+      </li>
+
+      <li>
+        Port Security (Table 1): If configured, verifies that the
+        logical port is allowed to receive packets with the destination
+        address.
+      </li>
+    </ul>
+
     <column name="logical_datapath">
       The logical datapath to which the logical flow belongs.
     </column>