Versions Compared

Old Version 8

changes.mady.by.user Sangho Shin

Saved on

compared with

New Version 9

changes.mady.by.user Sangho Shin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A tenant cannot create more than one subnet with same IP address range even in different virtual network. However, the same subnet can be defined across tenants.

High level table design

Image RemovedImage Added

  • VNI tables
    - Tag the src VNI to the packet according to the in-port of the packet  

...

  • VNI tables
    - Tag the VNI of source IP address (by looking at the in-port ??)

    Code Block
    table=0,ip,in_port=1, actions=set_field:0x402->tun_id,goto_table:1

  • ACI tables

         Image RemovedImage Added

Code Block
table=2,ip,nw_src=10.10.0.10,nw_dst=10.10.0.12 actions=goto_table:4
table=3,in_port=4,ip,ct_state=+trk+new,nw_dst=10.10.0.13/32,action=ct(commit),goto_table:4

...

Code Block
table=5,ip,nw_dst=10.10.0.13 actions=set_field:fa:16:3e:b8:92:fe->eth_dst ,output:5
table=5,ip,nw_dst=10.10.0.10 actions=set_field:10.0.0.166->tun_dst,output:1


Overall SONA TTP

Image RemovedImage Added

Example

Image RemovedImage Added

 

Code Block
titleVNI Table
table=0,ip,in_port=2, actions=set_field:0x402->tun_id,goto_table:1
table=0,ip,in_port=3, actions=set_field:0x402->tun_id,goto_table:1
table=0,ip,in_port=4, actions=set_field:0x501->tun_id,goto_table:1
table=0,ip,in_port=5, actions=set_field:0x501->tun_id,goto_table:1

...

Security groups are set per VMs, and we need M x M (M=number of VMs) rules are required. We might be able to reduce the rules using subnet when all VMs in a subnet are set with the same security group.


 

Code Block
titleConnection Tracking
table=2,ip,nw_src=10.10.0.2,ct_state=+trk+new,action=ct(commit),goto_table:3
table=2,ip,nw_dst=10.10.0.2,ct_state=+trk+est,action=goto_table:3
table=2,ip,nw_dst=10.10.0.2,ct_state=+trk+new,action=drop

Connection Tracking is activated only for VMs that do not have “allow all incoming” rules.

 

 

Code Block
titleJump Table
table=3,ip,eth_dst=fa:00:00:00:00:00,action=goto_table:5
table=3,ip,action=goto_table:7

...

Flow rules (1) & (2) are default routing rule for VMs within its subnet and set whenever a virtual network is created.
Flow rules (3) & (4) are the routing rules between subnets. NxN (N=# of subnets) rules are required.

 

 

Code Block
titleSwitching Table
table=7,ip,tun_id=0x402,nw_dst=10.10.0.2 actions=set_field:fa:16:3e:b8:92:fe->eth_dst, output:2
table=7,ip,tun_id=0x402,nw_dst=10.10.0.3 actions=set_field:fa:16:3e:b8:92:fe->eth_dst, output:3
table=7,ip,tun_id=0x501,nw_dst=10.10.1.2 actions=set_field:fa:16:3e:b8:92:fe->eth_dst, output:4
table=7,ip,tun_id=0x501,nw_dst=10.10.1.3 actions=set_field:fa:16:3e:b8:92:fe->eth_dst, output:5