Have questions? Stuck? Please check our FAQ for some common questions and answers.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Requirements

 

  1. Supports Connection Tracking feature using OVS

  2. Separates routing flow rules from switching rules for simplicity

  3. Supports complete tenant isolation

Limitations

A tenant cannot create more than one subnet with same IP address range even in different virtual network. However, the same subnet can be defined across tenants.

High level table design

 

 

  • VNI tables

 

 

Tag the src VNI to the packet according to the in-port of the packet  

 

 

 

  • ACL tables
    - Flow rules for Security Group
    - Flow rules for Connection Tracking : due to the architecture of the OVS connection tracking feature the ACL should be located to prior to the switching tables.

 

  • Routing table
    - Check if routing is required by looking at the eth_dst. If not go to switching table.

 

 

Flow rules for routing between different subnets

 

 

 

Flow rules for external network connections, i.e rules to gateway nodes.

 

 

 

Switching table

 

 

 

Flow rules to forwarding packets to VM ports

 

 

 

Flow rules to forwarding packets to VxLAN tunnel port.

 

 



  • No labels