From patchwork Sat Oct 10 04:20:37 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ben Pfaff
- The logical port name. -
++ The logical port name. +
-- For entities (VMs or containers) that are spawned in the hypervisor, - the name used here must match those used in the in the - database's table, because hypervisors use as a lookup - key to identify the network interface of that entity. -
++ For entities (VMs or containers) that are spawned in the hypervisor, + the name used here must match those used in the in the + database's table, because hypervisors use as a lookup + key to identify the network interface of that entity. +
-- For containers that are spawned inside a VM, the name can be - any unique identifier. In such a case, - must be populated. -
-
+ For containers that share a VIF within a VM, the name can be any
+ unique identifier. See Containers
, below, for more
+ information.
+
- Specify a type for this logical port. Logical ports can be used to model - other types of connectivity into an OVN logical switch. Leaving this - column blank maintains the default logical port behavior, which is - for a VM (or VIF) interface. The following other types are defined: -
++ Specify a type for this logical port. Logical ports can be used to + model other types of connectivity into an OVN logical switch. The + following types are defined: +
-localnet
ovn-controller
instance. A logical switch can only
- have a single localnet
port attached and at most one
- regular logical port. This is used to model direct connectivity
- to an existing network.localnet
ovn-controller
instance. A logical switch can only
+ have a single localnet
port attached and at most one
+ regular logical port. This is used to model direct connectivity to
+ an existing network.
+ vtep
+
network_name
localnet
.
- ovn-controller
uses local configuration to determine
- exactly how to connect to this locally accessible network.
- vtep-logical-switch
vtep
.
-
+ These options apply when is
+ localnet
.
+
localnet
+ port is connected. Each hypervisor, via ovn-controller
,
+ uses its local configuration to determine exactly how to connect to
+ this locally accessible network.
+ - When is empty and identifies - the interface of a container spawned inside a tenant VM, this column - identifies the VLAN tag in the network traffic associated with that - container's network interface. When there are multiple container - interfaces inside a VM, all of them send their network traffic through a - single VM network interface and this value helps OVN identify the correct - container interface. -
- -
- When is set to localnet
, this can be
- set to indicate that the port represents a connection to a specific
- VLAN on a locally accessible network. The VLAN ID is used to match
- incoming traffic and is also added to outgoing traffic.
-
+ These options apply when is vtep
.
+
ovn-northd
, rather than by
- the CMS plugin as is most of this database. When a logical port is bound
- to a physical location in the OVN Southbound database table, ovn-northd
- sets this column to true
; otherwise, or if the port
- becomes unbound later, it sets it to false
. This
- allows the CMS to wait for a VM's (or container's) networking to
- become active before it allows the VM (or container) to start.
- true
, the port is enabled. If this column
- is set to false
, the port is disabled. A disabled port has all
- ingress and egress traffic dropped.
- - Addresses owned by the logical port. + When a large number of containers are nested within a VM, it may be too + expensive to dedicate a VIF to each container. OVN can use VLAN tags + to support such cases. Each container is assigned a VLAN ID and each + packet that passes between the hypervisor and the VM is tagged with the + appropriate ID for the container. Such VLAN IDs never appear on a + physical wire, even inside a tunnel, so they need not be unique except + relative to a single VM on a hypervisor.
- Each element in the set must take one of the following forms: + These columns are used for VIFs that represent nested containers using + shared VIFs. For VMs and for containers that have dedicated VIFs, they + are empty.
-xx:xx:xx:xx:xx:xx
- An Ethernet address owned by the logical port. Like a physical - Ethernet NIC, a logical port ordinarily has a single fixed Ethernet - address. -
- -- When a OVN logical switch processes a unicast Ethernet frame whose - destination MAC address is in a logical port's column, it delivers it only to that port, as - if a MAC learning process had learned that MAC address on the port. -
-xx:xx:xx:xx:xx:xx a.b.c.d
- This form has all the effects of the previous form. It also - indicates that the logical port owns the given IPv4 address. -
- -- The OVN logical switch uses this information to synthesize - responses to ARP requests without traversing the physical network. - The OVN logical router connected to the logical switch, if any, - uses this information to avoid issuing ARP requests for logical - switch ports. -
-unknown
unknown
.
- - A set of L2 (Ethernet) addresses - from which the logical port is allowed to send packets and to which it - is allowed to receive packets. If this column is empty, all addresses - are permitted. Logical ports are always allowed to receive packets - addressed to multicast and broadcast addresses. -
++ The VLAN tag in the network traffic associated with a container's + network interface. +
-- Each member of the set is an Ethernet address in the form - xx:xx:xx:xx:xx:xx. -
+
+ When is set to localnet
, this can
+ be set to indicate that the port represents a connection to a
+ specific VLAN on a locally accessible network. The VLAN ID is used to
+ match incoming traffic and is also added to outgoing traffic.
+
- This specification will be extended to support L3 port security. -
-ovn-northd
, rather than by the
+ CMS plugin as is most of this database. When a logical port is bound
+ to a physical location in the OVN Southbound database table, ovn-northd
+ sets this column to true
; otherwise, or if the port
+ becomes unbound later, it sets it to false
. This allows
+ the CMS to wait for a VM's (or container's) networking to become active
+ before it allows the VM (or container) to start.
+ true
, the port is enabled. If this
+ column is set to false
, the port is disabled. A disabled
+ port has all ingress and egress traffic dropped.
+ + Addresses owned by the logical port. +
+ ++ Each element in the set must take one of the following forms: +
+ +xx:xx:xx:xx:xx:xx
+ An Ethernet address owned by the logical port. Like a physical + Ethernet NIC, a logical port ordinarily has a single fixed + Ethernet address. +
+ ++ When a OVN logical switch processes a unicast Ethernet frame + whose destination MAC address is in a logical port's column, it delivers it only to that port, as + if a MAC learning process had learned that MAC address on the + port. +
+xx:xx:xx:xx:xx:xx a.b.c.d
+ This form has all the effects of the previous form. It also + indicates that the logical port owns the given IPv4 address. +
+ ++ The OVN logical switch uses this information to synthesize + responses to ARP requests without traversing the physical + network. The OVN logical router connected to the logical switch, + if any, uses this information to avoid issuing ARP requests for + logical switch ports. +
+unknown
unknown
.
+ + A set of L2 (Ethernet) addresses from which the logical port is + allowed to send packets and to which it is allowed to receive + packets. If this column is empty, all addresses are permitted. + Logical ports are always allowed to receive packets addressed to + multicast and broadcast addresses. +
+ ++ Each member of the set is an Ethernet address in the form + xx:xx:xx:xx:xx:xx. +
+ ++ This specification will be extended to support L3 port security. +
+