This session combines submissions centered around ML2 agents.
This session will include the following subject(s):
Chaining of basic Networking services with OVS:
More and more features are adding flows to OVS bridges [br-int, br-tun etc] which impacts performance, scalability and troubleshooting. In this session we discuss the design model where each of these core feature uses its own OVS bridge to isolate its flows. Discussion would revolve around following key topics:
- Each feature/service creates its own OVS bridge and adds flows to it. - These OVS bridges can even be hosted in a separate service VM to allow a scale-out model. - Test results from a prototype using such a deployment. Current impetus for this came from work on OVS-Firewall-Driver and currently am working on a prototype that implements OVS Firewall using a separate bridge. I expect the prototype and test results to be ready by the summit and plan to share them during this discussion.
(Note: This can be collapsed into a similar topic, esp OVS-Based security groups)
(Session proposed by Vishal Thapar)
OVS-based security groups:
Blueprint purpose: To support the security groups extension in the OVS neutron agent through OVS flows using the existing OVS library with feature parity to the existing iptables-based implementations. In Icehouse, the existing openvswitch plugin is being deprecated, so the blueprint is compatible with the ML2 plugin with the openvswitch mechanism driver.
Going forward: We weren't able to progress with this blueprint in Icehouse due to OVS 2.1.0 dependency which was not released until late March. We would like to continue blueprint design discussion and implementation in Juno.
For more information see https://blueprints.launchpad.net/neutron/+spec/ovs-firewall-driver and https://wiki.openstack.org/wiki/Neutron/blueprint_ovs-firewall-driver
(Session proposed by Amir Sadoughi)
Modular L2 agents :
In this session we consider various aspects of developing a modular L2 agent. In particular we look into:
- combining openvswitch, linuxbridge, hyperv, ofa L2 agents - adding plugable support for SR-IOV cards - adding plugable drivers for firewall, QoS, etc
(This may not need a whole session and could be part of a session on similar topics.)