OpenDaylight controller uses the library project to interact with an OVS
instance.
- **Note**
+.. note::
Read the OVSDB User Guide before you begin development.
1. Start ODL, from the unzipped directory
-::
+ ::
- bin/karaf
+ bin/karaf
-1. Once karaf has started, and you see the OpenDaylight ascii art in the
+2. Once karaf has started, and you see the OpenDaylight ascii art in the
console, the last step is to start the OVSDB plugin framework with
the following command in the karaf console:
-::
+ ::
- feature:install odl-ovsdb-openstack
+ feature:install odl-ovsdb-openstack
Sample output from the Karaf console
''''''''''''''''''''''''''''''''''''
1. Start the controller.
-::
-
- vagrant up devstack-control
- vagrant ssh devstack-control
- cd devstack
- ./stack.sh
+ ::
-1. Run the following:
+ vagrant up devstack-control
+ vagrant ssh devstack-control
+ cd devstack
+ ./stack.sh
-::
+2. Run the following:
- vagrant up devstack-compute-1
- vagrant ssh devstack-compute-1
- cd devstack
- ./stack.sh
+ ::
-1. To start testing, create a new VM.
+ vagrant up devstack-compute-1
+ vagrant ssh devstack-compute-1
+ cd devstack
+ ./stack.sh
-::
+3. To start testing, create a new VM.
- nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep private | awk '{print $2}') test
+ ::
-To create three, use the following:
+ nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep private | awk '{print $2}') test
+
+ To create three, use the following:
-::
+ ::
- nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep private | awk '{print $2}') --num-instances 3 test
+ nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep private | awk '{print $2}') --num-instances 3 test
**To get a mininet installation for testing:.**
3. Add the Security Group and Rules.
- **Note**
+ .. note::
- This is no different than what users normally do in regular
- openstack deployments.
+ This is no different than what users normally do in regular
+ OpenStack deployments.
-::
+ ::
- neutron security-group-create group1 --description "Group 1"
- neutron security-group-list
- neutron security-group-rule-create --direction ingress --protocol tcp group1
+ neutron security-group-create group1 --description "Group 1"
+ neutron security-group-list
+ neutron security-group-rule-create --direction ingress --protocol tcp group1
-1. Start the tenant, specifying the security-group.
+4. Start the tenant, specifying the security-group.
-::
+ ::
- nova boot --flavor m1.tiny \
- --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') \
- --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 \
- --security-groups group1
+ nova boot --flavor m1.tiny \
+ --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') \
+ --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 \
+ --security-groups group1
Examples: Rules supported
'''''''''''''''''''''''''
neutron security-group-rule-create --direction egress --protocol tcp --port-range-min 443 --remote-ip-prefix 172.16.240.128/25 group7
**Reference
-gist**:https://gist.github.com/anonymous/1543a410d57f491352c8[Gist]
+gist**: `Gist <https://gist.github.com/anonymous/1543a410d57f491352c8>`__
Security group rules supported in ODL
'''''''''''''''''''''''''''''''''''''
-The following rules formata are supported in the current implementation.
+The following rules formats are supported in the current implementation.
The direction (ingress/egress) is always expected. Rules are implemented
such that tcp-syn packets that do not satisfy the rules are dropped.
2. `Install
Vagrant <http://docs.vagrantup.com/v2/installation/index.html>`__.
-1. Enable the L3 Forwarding feature:
+3. Enable the L3 Forwarding feature:
-::
+ ::
- echo 'ovsdb.l3.fwd.enabled=yes' >> ./opendaylight/configuration/config.ini
- echo 'ovsdb.l3gateway.mac=${GATEWAY_MAC}' >> ./configuration/config.ini
+ echo 'ovsdb.l3.fwd.enabled=yes' >> ./opendaylight/configuration/config.ini
+ echo 'ovsdb.l3gateway.mac=${GATEWAY_MAC}' >> ./configuration/config.ini
-1. Run the following commands to get the odl neutron drivers:
+4. Run the following commands to get the odl neutron drivers:
-::
+ ::
- git clone https://github.com/dave-tucker/odl-neutron-drivers.git
- cd odl-neutron-drivers
- vagrant up devstack-control devstack-compute-1
+ git clone https://github.com/dave-tucker/odl-neutron-drivers.git
+ cd odl-neutron-drivers
+ vagrant up devstack-control devstack-compute-1
-1. Use ssh to go to the control node, and clone odl-neutron-drivers
+5. Use ssh to go to the control node, and clone odl-neutron-drivers
again:
-::
+ ::
- vagrant ssh devstack-control
- git clone https://github.com/dave-tucker/odl-neutron-drivers.git
- cd odl-neutron-drivers
- sudo python setup.py install
- *leave this shell open*
+ vagrant ssh devstack-control
+ git clone https://github.com/dave-tucker/odl-neutron-drivers.git
+ cd odl-neutron-drivers
+ sudo python setup.py install
+ *leave this shell open*
-1. Start odl, as mentioned in `running Karaf feature
+6. Start odl, as mentioned in `running Karaf feature
section <#ovsdbStartingOdl>`__.
-2. To see processing of neutron event related to L3, do this from
+7. To see processing of neutron event related to L3, do this from
prompt:
-::
+ ::
- log:set debug org.opendaylight.ovsdb.openstack.netvirt.impl.NeutronL3Adapter
+ log:set debug org.opendaylight.ovsdb.openstack.netvirt.impl.NeutronL3Adapter
-1. From shell, do one of the following: open on ssh into control node or
+8. From shell, do one of the following: open on ssh into control node or
vagrant ssh devstack-control.
-::
+ ::
- cd ~/devstack && ./stack.sh
+ cd ~/devstack && ./stack.sh
-1. From a new shell in the host system, run the following:
+9. From a new shell in the host system, run the following:
-::
+ ::
- cd odl-neutron-drivers
- vagrant ssh devstack-compute-1
- cd ~/devstack && ./stack.sh
+ cd odl-neutron-drivers
+ vagrant ssh devstack-compute-1
+ cd ~/devstack && ./stack.sh
OpenStack workflow
''''''''''''''''''
1. Set up authentication. From shell on stack control or vagrant ssh
devstack-control:
-::
+ ::
- source openrc admin admin
+ source openrc admin admin
-::
+ rm -f id_rsa_demo* ; ssh-keygen -t rsa -b 2048 -N -f id_rsa_demo
+ nova keypair-add --pub-key id_rsa_demo.pub demo_key
+ # nova keypair-list
- rm -f id_rsa_demo* ; ssh-keygen -t rsa -b 2048 -N -f id_rsa_demo
- nova keypair-add --pub-key id_rsa_demo.pub demo_key
- # nova keypair-list
+2. Create two networks and two subnets.
-1. Create two networks and two subnets.
+ ::
-::
+ neutron net-create net1 --tenant-id $(keystone tenant-list | grep '\s'admin | awk '{print $2}') \
+ --provider:network_type gre --provider:segmentation_id 555
- neutron net-create net1 --tenant-id $(keystone tenant-list | grep '\s'admin | awk '{print $2}') \
- --provider:network_type gre --provider:segmentation_id 555
+ neutron subnet-create --tenant-id $(keystone tenant-list | grep '\s'admin | awk '{print $2}') \
+ net1 10.0.0.0/16 --name subnet1 --dns-nameserver 8.8.8.8
-::
-
- neutron subnet-create --tenant-id $(keystone tenant-list | grep '\s'admin | awk '{print $2}') \
- net1 10.0.0.0/16 --name subnet1 --dns-nameserver 8.8.8.8
+ neutron net-create net2 --tenant-id $(keystone tenant-list | grep '\s'admin | awk '{print $2}') \
+ --provider:network_type gre --provider:segmentation_id 556
-::
+ neutron subnet-create --tenant-id $(keystone tenant-list | grep '\s'admin | awk '{print $2}') \
+ net2 20.0.0.0/16 --name subnet2 --dns-nameserver 8.8.8.8
- neutron net-create net2 --tenant-id $(keystone tenant-list | grep '\s'admin | awk '{print $2}') \
- --provider:network_type gre --provider:segmentation_id 556
-
-::
+3. Create a router, and add an interface to each of the two subnets.
- neutron subnet-create --tenant-id $(keystone tenant-list | grep '\s'admin | awk '{print $2}') \
- net2 20.0.0.0/16 --name subnet2 --dns-nameserver 8.8.8.8
+ ::
-1. Create a router, and add an interface to each of the two subnets.
-
-::
-
- neutron router-create demorouter --tenant-id $(keystone tenant-list | grep '\s'admin | awk '{print $2}')
- neutron router-interface-add demorouter subnet1
- neutron router-interface-add demorouter subnet2
+ neutron router-create demorouter --tenant-id $(keystone tenant-list | grep '\s'admin | awk '{print $2}')
+ neutron router-interface-add demorouter subnet1
+ neutron router-interface-add demorouter subnet2
# neutron router-port-list demorouter
-1. Create two tenant instances.
+4. Create two tenant instances.
-::
-
- nova boot --poll --flavor m1.nano --image $(nova image-list | grep 'cirros-0.3.2-x86_64-uec\s' | awk '{print $2}') \
- --nic net-id=$(neutron net-list | grep -w net1 | awk '{print $2}'),v4-fixed-ip=10.0.0.10 \
- --availability-zone nova:devstack-control \
- --key-name demo_key host10
+ ::
-::
+ nova boot --poll --flavor m1.nano --image $(nova image-list | grep 'cirros-0.3.2-x86_64-uec\s' | awk '{print $2}') \
+ --nic net-id=$(neutron net-list | grep -w net1 | awk '{print $2}'),v4-fixed-ip=10.0.0.10 \
+ --availability-zone nova:devstack-control \
+ --key-name demo_key host10
- nova boot --poll --flavor m1.nano --image $(nova image-list | grep 'cirros-0.3.2-x86_64-uec\s' | awk '{print $2}') \
- --nic net-id=$(neutron net-list | grep -w net2 | awk '{print $2}'),v4-fixed-ip=20.0.0.20 \
- --availability-zone nova:devstack-compute-1 \
- --key-name demo_key host20
+ nova boot --poll --flavor m1.nano --image $(nova image-list | grep 'cirros-0.3.2-x86_64-uec\s' | awk '{print $2}') \
+ --nic net-id=$(neutron net-list | grep -w net2 | awk '{print $2}'),v4-fixed-ip=20.0.0.20 \
+ --availability-zone nova:devstack-compute-1 \
+ --key-name demo_key host20
Limitations
'''''''''''
3. Create a Loadbalancer pool *X*.
-::
+ ::
- neutron lb-pool-create --name http-pool --lb-method ROUND_ROBIN --protocol HTTP --subnet-id XYZ
+ neutron lb-pool-create --name http-pool --lb-method ROUND_ROBIN --protocol HTTP --subnet-id XYZ
-1. Create a Loadbalancer pool member *Y* and associate with pool *X*.
+4. Create a Loadbalancer pool member *Y* and associate with pool *X*.
-::
+ ::
- neutron lb-member-create --address 10.0.0.10 --protocol-port 80 http-pool
- neutron lb-member-create --address 10.0.0.11 --protocol-port 80 http-pool
- neutron lb-member-create --address 10.0.0.12 --protocol-port 80 http-pool
- neutron lb-member-create --address 10.0.0.13 --protocol-port 80 http-pool
+ neutron lb-member-create --address 10.0.0.10 --protocol-port 80 http-pool
+ neutron lb-member-create --address 10.0.0.11 --protocol-port 80 http-pool
+ neutron lb-member-create --address 10.0.0.12 --protocol-port 80 http-pool
+ neutron lb-member-create --address 10.0.0.13 --protocol-port 80 http-pool
-1. Create a Loadbalancer instance *Z*, and associate pool *X* and VIP
+5. Create a Loadbalancer instance *Z*, and associate pool *X* and VIP
*B* with it.
-::
+ ::
- neutron lb-vip-create --name http-vip --protocol-port 80 --protocol HTTP --subnet-id XYZ http-pool
+ neutron lb-vip-create --name http-vip --protocol-port 80 --protocol HTTP --subnet-id XYZ http-pool
Implementation
''''''''''''''
- Proactive forward rules:
-::
+ ::
- sudo ovs-ofctl -O OpenFlow13 add-flow s1 "table=10,reg0=0,ip,nw_dst=10.0.0.5,actions=load:0x1->NXM_NX_REG0[[]],multipath(symmetric_l4, 1024, modulo_n, 4, 0, NXM_NX_REG1[0..12]),resubmit(,10)"
- sudo ovs-ofctl -O OpenFlow13 add-flow s1 table=10,reg0=1,nw_dst=10.0.0.5,ip,reg1=0,actions=mod_dl_dst:00:00:00:00:00:10,mod_nw_dst:10.0.0.10,goto_table:20
- sudo ovs-ofctl -O OpenFlow13 add-flow s1 table=10,reg0=1,nw_dst=10.0.0.5,ip,reg1=1,actions=mod_dl_dst:00:00:00:00:00:11,mod_nw_dst:10.0.0.11,goto_table:20
- sudo ovs-ofctl -O OpenFlow13 add-flow s1 table=10,reg0=1,nw_dst=10.0.0.5,ip,reg1=2,actions=mod_dl_dst:00:00:00:00:00:12,mod_nw_dst:10.0.0.12,goto_table:20
- sudo ovs-ofctl -O OpenFlow13 add-flow s1 table=10,reg0=1,nw_dst=10.0.0.5,ip,reg1=3,actions=mod_dl_dst:00:00:00:00:00:13,mod_nw_dst:10.0.0.13,goto_table:20
+ sudo ovs-ofctl -O OpenFlow13 add-flow s1 "table=10,reg0=0,ip,nw_dst=10.0.0.5,actions=load:0x1->NXM_NX_REG0[[]],multipath(symmetric_l4, 1024, modulo_n, 4, 0, NXM_NX_REG1[0..12]),resubmit(,10)"
+ sudo ovs-ofctl -O OpenFlow13 add-flow s1 table=10,reg0=1,nw_dst=10.0.0.5,ip,reg1=0,actions=mod_dl_dst:00:00:00:00:00:10,mod_nw_dst:10.0.0.10,goto_table:20
+ sudo ovs-ofctl -O OpenFlow13 add-flow s1 table=10,reg0=1,nw_dst=10.0.0.5,ip,reg1=1,actions=mod_dl_dst:00:00:00:00:00:11,mod_nw_dst:10.0.0.11,goto_table:20
+ sudo ovs-ofctl -O OpenFlow13 add-flow s1 table=10,reg0=1,nw_dst=10.0.0.5,ip,reg1=2,actions=mod_dl_dst:00:00:00:00:00:12,mod_nw_dst:10.0.0.12,goto_table:20
+ sudo ovs-ofctl -O OpenFlow13 add-flow s1 table=10,reg0=1,nw_dst=10.0.0.5,ip,reg1=3,actions=mod_dl_dst:00:00:00:00:00:13,mod_nw_dst:10.0.0.13,goto_table:20
- Proactive reverse rules:
-::
+ ::
- sudo ovs-ofctl -O OpenFlow13 add-flow s1 table=10,ip,tcp,tp_src=80,actions=mod_dl_src:00:00:00:00:00:05,mod_nw_src:10.0.0.5,goto_table:20
+ sudo ovs-ofctl -O OpenFlow13 add-flow s1 table=10,ip,tcp,tp_src=80,actions=mod_dl_src:00:00:00:00:00:05,mod_nw_src:10.0.0.5,goto_table:20
OVSDB project code
''''''''''''''''''
``operationResults = transactionBuilder.execute().get();``
- **Note**
+ .. note::
Although the "select" operation is supported in the OVSDB
library, the library implementation is a little different from
- `OpenStack Neutron ML2
Plugin <https://wiki.openstack.org/wiki/Neutron/ML2>`__
-|Openstack Integration|
+.. figure:: images/openstack_integration.png
+
+ OpenStack Integration
OVSDB Service Function Chaining Developer Guide
-----------------------------------------------
odl-ovsdb-openstack feature as well as the openflowplugin, neutron and
sfc features are installed.
-feature:install odl-ovsdb-sfc-ui ---
+``feature:install odl-ovsdb-sfc-ui``
Verify the required features are installed:
-opendaylight-user@root>feature:list -i \| grep ovsdb
-
-odl-ovsdb-southbound-api \| 1.2.1-SNAPSHOT \| x \|
-odl-ovsdb-southbound-1.2.1-SNAPSHOT \| OpenDaylight
- southbound :: api
-
-odl-ovsdb-southbound-impl \| 1.2.1-SNAPSHOT \| x \|
-odl-ovsdb-southbound-1.2.1-SNAPSHOT \| OpenDaylight :: southbound
- impl
-
-odl-ovsdb-southbound-impl-rest \| 1.2.1-SNAPSHOT \| x \|
-odl-ovsdb-southbound-1.2.1-SNAPSHOT \| OpenDaylight :: southbound ::
-impl
- REST
-
-odl-ovsdb-southbound-impl-ui \| 1.2.1-SNAPSHOT \| x \|
-odl-ovsdb-southbound-1.2.1-SNAPSHOT \| OpenDaylight :: southbound ::
-impl
- UI
-
-odl-ovsdb-library \| 1.2.1-SNAPSHOT \| x \|
-odl-ovsdb-library-1.2.1-SNAPSHOT \| OpenDaylight
- library
-
-odl-ovsdb-openstack \| 1.2.1-SNAPSHOT \| x \| ovsdb-1.2.1-SNAPSHOT \|
-OpenDaylight :: OVSDB
- OpenStack Network Virtual
-
-odl-ovsdb-sfc-api \| 1.2.1-SNAPSHOT \| x \| odl-ovsdb-sfc-1.2.1-SNAPSHOT
-\| OpenDaylight :: ovsdb-sfc
- api
-
-odl-ovsdb-sfc \| 1.2.1-SNAPSHOT \| x \| odl-ovsdb-sfc-1.2.1-SNAPSHOT \|
-OpenDaylight
- ovsdb-sfc
-
-odl-ovsdb-sfc-rest \| 1.2.1-SNAPSHOT \| x \|
-odl-ovsdb-sfc-1.2.1-SNAPSHOT \| OpenDaylight :: ovsdb-sfc
- REST
-
-odl-ovsdb-sfc-ui \| 1.2.1-SNAPSHOT \| x \| odl-ovsdb-sfc-1.2.1-SNAPSHOT
-\| OpenDaylight :: ovsdb-sfc
- UI
-
-opendaylight-user@root>feature:list -i \| grep sfc odl-sfc-model \|
-0.2.0-SNAPSHOT \| x \| odl-sfc-0.2.0-SNAPSHOT \| OpenDaylight :: sfc ::
-Model odl-sfc-provider \| 0.2.0-SNAPSHOT \| x \| odl-sfc-0.2.0-SNAPSHOT
-\| OpenDaylight :: sfc :: Provider odl-sfc-provider-rest \|
-0.2.0-SNAPSHOT \| x \| odl-sfc-0.2.0-SNAPSHOT \| OpenDaylight :: sfc ::
-Provider odl-sfc-ovs \| 0.2.0-SNAPSHOT \| x \| odl-sfc-0.2.0-SNAPSHOT \|
-OpenDaylight :: OpenvSwitch odl-sfcofl2 \| 0.2.0-SNAPSHOT \| x \|
-odl-sfc-0.2.0-SNAPSHOT \| OpenDaylight :: sfcofl2 odl-ovsdb-sfc-test \|
-1.2.1-SNAPSHOT \| x \| odl-ovsdb-sfc-test1.2.1-SNAPSHOT \| OpenDaylight
-:: ovsdb-sfc-test odl-ovsdb-sfc-api \| 1.2.1-SNAPSHOT \| x \|
-odl-ovsdb-sfc-1.2.1-SNAPSHOT \| OpenDaylight :: ovsdb-sfc :: api
-odl-ovsdb-sfc \| 1.2.1-SNAPSHOT \| x \| odl-ovsdb-sfc-1.2.1-SNAPSHOT \|
-OpenDaylight :: ovsdb-sfc odl-ovsdb-sfc-rest \| 1.2.1-SNAPSHOT \| x \|
-odl-ovsdb-sfc-1.2.1-SNAPSHOT \| OpenDaylight :: ovsdb-sfc :: REST
-odl-ovsdb-sfc-ui \| 1.2.1-SNAPSHOT \| x \| odl-ovsdb-sfc-1.2.1-SNAPSHOT
-\| OpenDaylight :: ovsdb-sfc :: UI
-
-opendaylight-user@root>feature:list -i \| grep neutron
-odl-neutron-service \| 0.6.0-SNAPSHOT \| x \| odl-neutron-0.6.0-SNAPSHOT
-\| OpenDaylight :: Neutron :: API odl-neutron-northbound-api \|
-0.6.0-SNAPSHOT \| x \| odl-neutron-0.6.0-SNAPSHOT \| OpenDaylight ::
-Neutron :: Northbound odl-neutron-spi \| 0.6.0-SNAPSHOT \| x \|
-odl-neutron-0.6.0-SNAPSHOT \| OpenDaylight :: Neutron :: API
-odl-neutron-transcriber \| 0.6.0-SNAPSHOT \| x \|
-odl-neutron-0.6.0-SNAPSHOT \| OpenDaylight :: Neutron :: Implementation
----
+::
+
+ opendaylight-user@root>feature:list -i | grep ovsdb
+ odl-ovsdb-southbound-api | 1.2.1-SNAPSHOT | x | odl-ovsdb-southbound-1.2.1-SNAPSHOT | OpenDaylight southbound :: api
+ odl-ovsdb-southbound-impl | 1.2.1-SNAPSHOT | x | odl-ovsdb-southbound-1.2.1-SNAPSHOT | OpenDaylight :: southbound impl
+ odl-ovsdb-southbound-impl-rest | 1.2.1-SNAPSHOT | x | odl-ovsdb-southbound-1.2.1-SNAPSHOT | OpenDaylight :: southbound :: impl REST
+ odl-ovsdb-southbound-impl-ui | 1.2.1-SNAPSHOT | x | odl-ovsdb-southbound-1.2.1-SNAPSHOT | OpenDaylight :: southbound :: impl UI
+ odl-ovsdb-library | 1.2.1-SNAPSHOT | x | odl-ovsdb-library-1.2.1-SNAPSHOT | OpenDaylight library
+ odl-ovsdb-openstack | 1.2.1-SNAPSHOT | x | ovsdb-1.2.1-SNAPSHOT | OpenDaylight :: OVSDB OpenStack Network Virtual
+ odl-ovsdb-sfc-api | 1.2.1-SNAPSHOT | x | odl-ovsdb-sfc-1.2.1-SNAPSHOT | OpenDaylight :: ovsdb-sfc api
+ odl-ovsdb-sfc | 1.2.1-SNAPSHOT | x | odl-ovsdb-sfc-1.2.1-SNAPSHOT | OpenDaylight ovsdb-sfc
+ odl-ovsdb-sfc-rest | 1.2.1-SNAPSHOT | x | odl-ovsdb-sfc-1.2.1-SNAPSHOT | OpenDaylight :: ovsdb-sfc REST
+ odl-ovsdb-sfc-ui | 1.2.1-SNAPSHOT | x | odl-ovsdb-sfc-1.2.1-SNAPSHOT | OpenDaylight :: ovsdb-sfc UI
+
+ opendaylight-user@root>feature:list -i | grep sfc
+ odl-sfc-model | 0.2.0-SNAPSHOT | x | odl-sfc-0.2.0-SNAPSHOT | OpenDaylight :: sfc :: Model
+ odl-sfc-provider | 0.2.0-SNAPSHOT | x | odl-sfc-0.2.0-SNAPSHOT | OpenDaylight :: sfc :: Provider
+ odl-sfc-provider-rest | 0.2.0-SNAPSHOT | x | odl-sfc-0.2.0-SNAPSHOT | OpenDaylight :: sfc :: Provider
+ odl-sfc-ovs | 0.2.0-SNAPSHOT | x | odl-sfc-0.2.0-SNAPSHOT | OpenDaylight :: OpenvSwitch
+ odl-sfcofl2 | 0.2.0-SNAPSHOT | x | odl-sfc-0.2.0-SNAPSHOT | OpenDaylight :: sfcofl2
+ odl-ovsdb-sfc-test | 1.2.1-SNAPSHOT | x | odl-ovsdb-sfc-test1.2.1-SNAPSHOT | OpenDaylight :: ovsdb-sfc-test
+ odl-ovsdb-sfc-api | 1.2.1-SNAPSHOT | x | odl-ovsdb-sfc-1.2.1-SNAPSHOT | OpenDaylight :: ovsdb-sfc :: api
+ odl-ovsdb-sfc | 1.2.1-SNAPSHOT | x | odl-ovsdb-sfc-1.2.1-SNAPSHOT | OpenDaylight :: ovsdb-sfc
+ odl-ovsdb-sfc-rest | 1.2.1-SNAPSHOT | x | odl-ovsdb-sfc-1.2.1-SNAPSHOT | OpenDaylight :: ovsdb-sfc :: REST
+ odl-ovsdb-sfc-ui | 1.2.1-SNAPSHOT | x | odl-ovsdb-sfc-1.2.1-SNAPSHOT | OpenDaylight :: ovsdb-sfc :: UI
+
+ opendaylight-user@root>feature:list -i | grep neutron
+ odl-neutron-service | 0.6.0-SNAPSHOT | x | odl-neutron-0.6.0-SNAPSHOT | OpenDaylight :: Neutron :: API
+ odl-neutron-northbound-api | 0.6.0-SNAPSHOT | x | odl-neutron-0.6.0-SNAPSHOT | OpenDaylight :: Neutron :: Northbound
+ odl-neutron-spi | 0.6.0-SNAPSHOT | x | odl-neutron-0.6.0-SNAPSHOT | OpenDaylight :: Neutron :: API
+ odl-neutron-transcriber | 0.6.0-SNAPSHOT | x | odl-neutron-0.6.0-SNAPSHOT | OpenDaylight :: Neutron :: Implementation
OVSDB NetVirt Service Function Chaining Example
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://localhost:8181/restconf/config/ietf-access-control-list:access-lists
-{ "access-lists": { "acl": [ { "acl-name": "http-acl",
-"access-list-entries": { "ace": [ { "rule-name": "http-rule", "matches":
-{ "source-port-range": { "lower-port": 0, "upper-port": 0 }, "protocol":
-6, "destination-port-range": { "lower-port": 80, "upper-port": 80 } },
-"actions": { "netvirt-sfc-acl:sfc-name": "http-sfc" } } ] } } ] } } ---
+::
+
+ {
+ "access-lists": {
+ "acl": [
+ {
+ "acl-name": "http-acl",
+ "access-list-entries": {
+ "ace": [
+ {
+ "rule-name": "http-rule",
+ "matches": {
+ "source-port-range": {
+ "lower-port": 0,
+ "upper-port": 0
+ },
+ "protocol": 6,
+ "destination-port-range": {
+ "lower-port": 80,
+ "upper-port": 80
+ }
+ },
+ "actions": {
+ "netvirt-sfc-acl:sfc-name": "http-sfc"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
When the chain is rendered using the Rendered Service Path RPC,
NetvirtSfc will add the classification flows. The classification flows
identifying the NSH NSI. In this case the chain is identified with an
NSP of 4 and the NSI is 255 to indicate the beginning of the chain.
-sudo ovs-ofctl --protocol=OpenFlow13 dump-flows br-int OFPST\_FLOW reply
-(OF1.3) (xid=0x2): cookie=0x0, duration=17.157s, table=0, n\_packets=0,
-n\_bytes=0, priority=6 actions=goto\_table:1 cookie=0x14,
-duration=10.692s, table=0, n\_packets=0, n\_bytes=0,
-priority=400,udp,in\_port=4,tp\_dst=6633 actions=LOCAL cookie=0x0,
-duration=17.134s, table=0, n\_packets=0, n\_bytes=0, dl\_type=0x88cc
-actions=CONTROLLER:65535 cookie=0x14, duration=10.717s, table=0,
-n\_packets=0, n\_bytes=0, priority=350,nsp=4 actions=goto\_table:152
-cookie=0x14, duration=10.688s, table=0, n\_packets=0, n\_bytes=0,
-priority=400,udp,nw\_dst=10.2.1.1,tp\_dst=6633 actions=output:4
-cookie=0x0, duration=17.157s, table=1, n\_packets=0, n\_bytes=0,
-priority=0 actions=goto\_table:11 cookie=0x1110070000040254,
-duration=10.608s, table=1, n\_packets=0, n\_bytes=0,
-priority=40000,reg0=0x1,nsp=4,nsi=254,in\_port=1 actions=goto\_table:21
-cookie=0x0, duration=17.157s, table=11, n\_packets=0, n\_bytes=0,
-priority=0 actions=goto\_table:21 cookie=0x1110060000040254,
-duration=10.625s, table=11, n\_packets=0, n\_bytes=0,
-nsp=4,nsi=254,in\_port=4
-actions=load:0x1→NXM\_NX\_REG0[],move:NXM\_NX\_NSH\_C2[]→NXM\_NX\_TUN\_ID[0..31],resubmit(1,1)
-cookie=0x1110010000040255, duration=10.615s, table=11, n\_packets=0,
-n\_bytes=0, tcp,reg0=0x1,tp\_dst=80
-actions=move:NXM\_NX\_TUN\_ID[0..31]→NXM\_NX\_NSH\_C2[],set\_nshc1:0xc0a83246,set\_nsp:0x4,set\_nsi:255,load:0xa020101→NXM\_NX\_TUN\_IPV4\_DST[],load:0x4→NXM\_NX\_TUN\_ID[0..31],resubmit(,0)
-cookie=0x0, duration=17.157s, table=21, n\_packets=0, n\_bytes=0,
-priority=0 actions=goto\_table:31 cookie=0x1110040000000000,
-duration=10.765s, table=21, n\_packets=0, n\_bytes=0,
-priority=1024,arp,in\_port=LOCAL,arp\_tpa=10.2.1.1,arp\_op=1
-actions=move:NXM\_OF\_ETH\_SRC[]→NXM\_OF\_ETH\_DST[],set\_field:f6:00:00:0f:00:01→eth\_src,load:0x2→NXM\_OF\_ARP\_OP[],move:NXM\_NX\_ARP\_SHA[]→NXM\_NX\_ARP\_THA[],move:NXM\_OF\_ARP\_SPA[]→NXM\_OF\_ARP\_TPA[],load:0xf600000f0001→NXM\_NX\_ARP\_SHA[],load:0xa020101→NXM\_OF\_ARP\_SPA[],IN\_PORT
-cookie=0x0, duration=17.157s, table=31, n\_packets=0, n\_bytes=0,
-priority=0 actions=goto\_table:41 cookie=0x0, duration=17.157s,
-table=41, n\_packets=0, n\_bytes=0, priority=0 actions=goto\_table:51
-cookie=0x0, duration=17.157s, table=51, n\_packets=0, n\_bytes=0,
-priority=0 actions=goto\_table:61 cookie=0x0, duration=17.142s,
-table=61, n\_packets=0, n\_bytes=0, priority=0 actions=goto\_table:71
-cookie=0x0, duration=17.140s, table=71, n\_packets=0, n\_bytes=0,
-priority=0 actions=goto\_table:81 cookie=0x0, duration=17.116s,
-table=81, n\_packets=0, n\_bytes=0, priority=0 actions=goto\_table:91
-cookie=0x0, duration=17.116s, table=91, n\_packets=0, n\_bytes=0,
-priority=0 actions=goto\_table:101 cookie=0x0, duration=17.107s,
-table=101, n\_packets=0, n\_bytes=0, priority=0 actions=goto\_table:111
-cookie=0x0, duration=17.083s, table=111, n\_packets=0, n\_bytes=0,
-priority=0 actions=drop cookie=0x14, duration=11.042s, table=150,
-n\_packets=0, n\_bytes=0, priority=5 actions=goto\_table:151
-cookie=0x14, duration=11.027s, table=151, n\_packets=0, n\_bytes=0,
-priority=5 actions=goto\_table:152 cookie=0x14, duration=11.010s,
-table=152, n\_packets=0, n\_bytes=0, priority=5 actions=goto\_table:158
-cookie=0x14, duration=10.668s, table=152, n\_packets=0, n\_bytes=0,
-priority=650,nsp=4,nsi=255
-actions=load:0xa020101→NXM\_NX\_TUN\_IPV4\_DST[],goto\_table:158
-cookie=0x14, duration=10.995s, table=158, n\_packets=0, n\_bytes=0,
-priority=5 actions=drop cookie=0xba5eba11ba5eba11, duration=10.645s,
-table=158, n\_packets=0, n\_bytes=0,
-priority=751,nsp=4,nsi=255,in\_port=4
-actions=move:NXM\_NX\_NSH\_C1[]→NXM\_NX\_NSH\_C1[],move:NXM\_NX\_NSH\_C2[]→NXM\_NX\_NSH\_C2[],move:NXM\_NX\_TUN\_ID[0..31]→NXM\_NX\_TUN\_ID[0..31],IN\_PORT
-cookie=0xba5eba11ba5eba11, duration=10.590s, table=158, n\_packets=0,
-n\_bytes=0, priority=751,nsp=4,nsi=254,in\_port=4
-actions=move:NXM\_NX\_NSI[]→NXM\_NX\_NSI[],move:NXM\_NX\_NSP[]→NXM\_NX\_NSP[],move:NXM\_NX\_NSH\_C1[]→NXM\_NX\_TUN\_IPV4\_DST[],move:NXM\_NX\_NSH\_C2[]→NXM\_NX\_TUN\_ID[0..31],IN\_PORT
-cookie=0xba5eba11ba5eba11, duration=10.640s, table=158, n\_packets=0,
-n\_bytes=0, priority=750,nsp=4,nsi=255
-actions=move:NXM\_NX\_NSH\_C1[]→NXM\_NX\_NSH\_C1[],move:NXM\_NX\_NSH\_C2[]→NXM\_NX\_NSH\_C2[],move:NXM\_NX\_TUN\_ID[0..31]→NXM\_NX\_TUN\_ID[0..31],output:4
-cookie=0xba5eba11ba5eba11, duration=10.571s, table=158, n\_packets=0,
-n\_bytes=0, priority=761,nsp=4,nsi=254,nshc1=3232248390,in\_port=4
-actions=move:NXM\_NX\_NSI[]→NXM\_NX\_NSI[],move:NXM\_NX\_NSP[]→NXM\_NX\_NSP[],move:NXM\_NX\_NSH\_C1[]→NXM\_NX\_TUN\_IPV4\_DST[],move:NXM\_NX\_NSH\_C2[]→NXM\_NX\_TUN\_ID[0..31],set\_nshc1:0,resubmit(,11)
----
+::
+
+ sudo ovs-ofctl --protocol=OpenFlow13 dump-flows br-int
+ OFPST_FLOW reply (OF1.3) (xid=0x2):
+ cookie=0x0, duration=17.157s, table=0, n_packets=0, n_bytes=0, priority=6 actions=goto_table:1
+ cookie=0x14, duration=10.692s, table=0, n_packets=0, n_bytes=0, priority=400,udp,in_port=4,tp_dst=6633 actions=LOCAL
+ cookie=0x0, duration=17.134s, table=0, n_packets=0, n_bytes=0, dl_type=0x88cc actions=CONTROLLER:65535
+ cookie=0x14, duration=10.717s, table=0, n_packets=0, n_bytes=0, priority=350,nsp=4 actions=goto_table:152
+ cookie=0x14, duration=10.688s, table=0, n_packets=0, n_bytes=0, priority=400,udp,nw_dst=10.2.1.1,tp_dst=6633 actions=output:4
+ cookie=0x0, duration=17.157s, table=1, n_packets=0, n_bytes=0, priority=0 actions=goto_table:11
+ cookie=0x1110070000040254, duration=10.608s, table=1, n_packets=0, n_bytes=0, priority=40000,reg0=0x1,nsp=4,nsi=254,in_port=1 actions=goto_table:21
+ cookie=0x0, duration=17.157s, table=11, n_packets=0, n_bytes=0, priority=0 actions=goto_table:21
+ cookie=0x1110060000040254, duration=10.625s, table=11, n_packets=0, n_bytes=0, nsp=4,nsi=254,in_port=4 actions=load:0x1->NXM_NX_REG0[],move:NXM_NX_NSH_C2[]->NXM_NX_TUN_ID[0..31],resubmit(1,1)
+ cookie=0x1110010000040255, duration=10.615s, table=11, n_packets=0, n_bytes=0, tcp,reg0=0x1,tp_dst=80 actions=move:NXM_NX_TUN_ID[0..31]->NXM_NX_NSH_C2[],set_nshc1:0xc0a83246,set_nsp:0x4,set_nsi:255,load:0xa020101->NXM_NX_TUN_IPV4_DST[],load:0x4->NXM_NX_TUN_ID[0..31],resubmit(,0)
+ cookie=0x0, duration=17.157s, table=21, n_packets=0, n_bytes=0, priority=0 actions=goto_table:31
+ cookie=0x1110040000000000, duration=10.765s, table=21, n_packets=0, n_bytes=0, priority=1024,arp,in_port=LOCAL,arp_tpa=10.2.1.1,arp_op=1 actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],set_field:f6:00:00:0f:00:01->eth_src,load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0xf600000f0001->NXM_NX_ARP_SHA[],load:0xa020101->NXM_OF_ARP_SPA[],IN_PORT
+ cookie=0x0, duration=17.157s, table=31, n_packets=0, n_bytes=0, priority=0 actions=goto_table:41
+ cookie=0x0, duration=17.157s, table=41, n_packets=0, n_bytes=0, priority=0 actions=goto_table:51
+ cookie=0x0, duration=17.157s, table=51, n_packets=0, n_bytes=0, priority=0 actions=goto_table:61
+ cookie=0x0, duration=17.142s, table=61, n_packets=0, n_bytes=0, priority=0 actions=goto_table:71
+ cookie=0x0, duration=17.140s, table=71, n_packets=0, n_bytes=0, priority=0 actions=goto_table:81
+ cookie=0x0, duration=17.116s, table=81, n_packets=0, n_bytes=0, priority=0 actions=goto_table:91
+ cookie=0x0, duration=17.116s, table=91, n_packets=0, n_bytes=0, priority=0 actions=goto_table:101
+ cookie=0x0, duration=17.107s, table=101, n_packets=0, n_bytes=0, priority=0 actions=goto_table:111
+ cookie=0x0, duration=17.083s, table=111, n_packets=0, n_bytes=0, priority=0 actions=drop
+ cookie=0x14, duration=11.042s, table=150, n_packets=0, n_bytes=0, priority=5 actions=goto_table:151
+ cookie=0x14, duration=11.027s, table=151, n_packets=0, n_bytes=0, priority=5 actions=goto_table:152
+ cookie=0x14, duration=11.010s, table=152, n_packets=0, n_bytes=0, priority=5 actions=goto_table:158
+ cookie=0x14, duration=10.668s, table=152, n_packets=0, n_bytes=0, priority=650,nsp=4,nsi=255 actions=load:0xa020101->NXM_NX_TUN_IPV4_DST[],goto_table:158
+ cookie=0x14, duration=10.995s, table=158, n_packets=0, n_bytes=0, priority=5 actions=drop
+ cookie=0xba5eba11ba5eba11, duration=10.645s, table=158, n_packets=0, n_bytes=0, priority=751,nsp=4,nsi=255,in_port=4 actions=move:NXM_NX_NSH_C1[]->NXM_NX_NSH_C1[],move:NXM_NX_NSH_C2[]->NXM_NX_NSH_C2[],move:NXM_NX_TUN_ID[0..31]->NXM_NX_TUN_ID[0..31],IN_PORT
+ cookie=0xba5eba11ba5eba11, duration=10.590s, table=158, n_packets=0, n_bytes=0, priority=751,nsp=4,nsi=254,in_port=4 actions=move:NXM_NX_NSI[]->NXM_NX_NSI[],move:NXM_NX_NSP[]->NXM_NX_NSP[],move:NXM_NX_NSH_C1[]->NXM_NX_TUN_IPV4_DST[],move:NXM_NX_NSH_C2[]->NXM_NX_TUN_ID[0..31],IN_PORT
+ cookie=0xba5eba11ba5eba11, duration=10.640s, table=158, n_packets=0, n_bytes=0, priority=750,nsp=4,nsi=255 actions=move:NXM_NX_NSH_C1[]->NXM_NX_NSH_C1[],move:NXM_NX_NSH_C2[]->NXM_NX_NSH_C2[],move:NXM_NX_TUN_ID[0..31]->NXM_NX_TUN_ID[0..31],output:4
+ cookie=0xba5eba11ba5eba11, duration=10.571s, table=158, n_packets=0, n_bytes=0, priority=761,nsp=4,nsi=254,nshc1=3232248390,in_port=4 actions=move:NXM_NX_NSI[]->NXM_NX_NSI[],move:NXM_NX_NSP[]->NXM_NX_NSP[],move:NXM_NX_NSH_C1[]->NXM_NX_TUN_IPV4_DST[],move:NXM_NX_NSH_C2[]->NXM_NX_TUN_ID[0..31],set_nshc1:0,resubmit(,11)
+
Configuration
~~~~~~~~~~~~~
http://localhost:8181/restconf/config/netvirt-providers-config:netvirt-providers-config
-{ "netvirt-providers-config": { "table-offset": 1 } } ---
+``{ "netvirt-providers-config": { "table-offset": 1 } }``
Next configure SFC to start at table 150 and configure the table
handoff. The configuration starts SFC at table 150 and sets the handoff
http://localhost:8181/restconf/config/sfc-of-renderer:sfc-of-renderer-config
-{ "sfc-of-renderer-config": { "sfc-of-app-egress-table-offset": 11,
-"sfc-of-table-offset": 150 } } ---
+``{ "sfc-of-renderer-config": { "sfc-of-app-egress-table-offset": 11, "sfc-of-table-offset": 150 } }``
OVSDB Hardware VTEP Developer Guide
-----------------------------------
resolution process.
.. figure:: ./images/groupbasedpolicy/GBPTerminology1.png
- :alt: GBP Access Model Terminology - Endpoints, EndpointGroups,
- Contract
+ :alt: GBP Access Model Terminology - Endpoints, EndpointGroups, Contract
GBP Access Model Terminology - Endpoints, EndpointGroups, Contract
GBP Access Model Terminology - Subject, Classifier, Action
.. figure:: ./images/groupbasedpolicy/GBPTerminology3.png
- :alt: GBP Forwarding Model Terminology - L3 Context, L2 Bridge
- Context, L2 Flood Context/Domain, Subnet
+ :alt: GBP Forwarding Model Terminology - L3 Context, L2 Bridge Context, L2 Flood Context/Domain, Subnet
GBP Forwarding Model Terminology - L3 Context, L2 Bridge Context, L2
Flood Context/Domain, Subnet
Architecture and Value Proposition
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-**GBP** offers an intent based interface, accessed via the `UX <#UX>`__,
+**GBP** offers an intent based interface, accessed via the :ref:`UX <gbp-ux>`,
via the `REST API <#REST>`__ or directly from a domain-specific-language
-such as `Neutron <#Neutron>`__ through a mapping interface.
+such as :ref:`Neutron <gbp-neutron>` through a mapping interface.
There are two models in **GBP**:
The *classifier* and *action* portions of the model can be thought of as
hooks, with their definition provided by each *renderer* about its
domain specific capabilities. In **GBP** for this release, there is one
-renderer, the *`OpenFlow Overlay renderer (OfOverlay). <#OfOverlay>`__*
+renderer, the :ref:`OpenFlow Overlay renderer (OfOverlay). <gbp-of-overlay>`
These hooks are filled with *definitions* of the types of *features* the
renderer can provide the *subject*, and are called
High-level implementation Architecture
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-The overall architecture, including *`Neutron <#Neutron>`__* domain
-specific mapping, and the `OpenFlow Overlay renderer <#OfOverlay>`__
+The overall architecture, including :ref:`Neutron <gbp-neutron>` domain
+specific mapping, and the :ref:`OpenFlow Overlay renderer <gbp-of-overlay>`
looks as so:
.. figure:: ./images/groupbasedpolicy/GBP_High-levelBerylliumArchitecture.png
domain-specific-language is completely separate and independent of the
underlying renderer implementation.
-For instance, using the `Neutron Mapper <#Neutron>`__, which maps the
+For instance, using the :ref:`Neutron Mapper <gbp-neutron>`, which maps the
Neutron API to the **GBP** core model, any contract automatically
-generated from this mapping can be augmented via the `UX <#UX>`__ to use
-`Service Function Chaining <#SFC>`__, a capability not currently
+generated from this mapping can be augmented via the :ref:`UX <gbp-ux>` to use
+:ref:`Service Function Chaining <gbp-sfc>`, a capability not currently
available in OpenStack Neutron.
When another renderer is added, for instance, NetConf, the same policy
particular cookie. Actions are specific actions that need to be taken on
the traffic before it reaches its destination. Actions could include
tagging or encapsulating the traffic in some way, redirecting the
-traffic, or applying a `service function chain <#SFC>`__.
+traffic, or applying a :ref:`service function chain <gbp-sfc>`.
Rules, subjects, and actions have an *order* parameter, where a lower
order value means that a particular item will be applied first. All
purpose of matching. Otherwise, the label with the same name will
completely override the label from the parent.
+.. _gbp-ux:
+
Using the GBP UX interface
--------------------------
Below the select box are buttons which display Expressed or Delivered
policy of Governance section. In the bottom half of this section is
select box with list of renderers for select. There is currently only
-`OfOverlay <#OfOverlay>`__ renderer available.
+:ref:`OfOverlay <gbp-of-overlay>` renderer available.
Below the select box is Renderer configuration button, which switch the
app into the Policy expression view with Renderers section expanded for
By single-clicking on any contract or EPG, the data of actual selected
element will be shown in the right column below the menu. A Manage
button launches a display wizard window for managing configuration of
-items such as `Service Function Chaining <#SFC>`__.
+items such as :ref:`Service Function Chaining <gbp-sfc>`.
.. figure:: ./images/groupbasedpolicy/ui-3-governanceview-expressed.png
:alt: Expressed policy
Please see:
-- `Using the GBP OpenFlow Overlay (OfOverlay) renderer <#OfOverlay>`__
+- :ref:`gbp-of-overlay`
-- `Policy Resolution <#policyresolution>`__
+- `Policy Resolution`_
- `Forwarding Model <#forwarding>`__
It is recommended to use either:
-- `Neutron mapper <#Neutron>`__
+- `Neutron mapper <gbp-neutron>`
-- `the UX <#UX>`__
+- :ref:`the UX <gbp-ux>`
If the REST API must be used, and the above resources are not
sufficient:
- feature:install odl-dlux-yangui
- browse to:
- `http://<odl-controller>:8181/index.html <http://<odl-controller>:8181/index.html>`__
+ ``http://<odl-controller>:8181/index.html``
and select YangUI from the left menu.
to explore the various **GBP** REST options
+.. _gbp-neutron:
+
Using OpenStack with GBP
------------------------
REST calls from OpenStack Neutron are by the Neutron NorthBound project.
**GBP** provides the implementation of the `Neutron V2.0
-API <http://developer.openstack.org/api-ref-networking-v2.html>`__.
+API <http://developer.openstack.org/api-ref-networking-v2.html>`_.
Features
~~~~~~~~
**Neutron FloatingIP**
When associated with a Neutron Port, this leverages the
-`OfOverlay <#OfOverlay>`__ renderer’s NAT capabilities.
+:ref:`OfOverlay <gbp-of-overlay>` renderer’s NAT capabilities.
A dedicated *external* interface on each Nova compute host allows for
disitributed external access. Each Nova instance associated with a
Assuming the gateway provisioned in the Neutron Subnet command for the
external network is reachable, the combination of **GBP** Neutron Mapper
-and `OfOverlay renderer <#OfOverlay>`__ will automatically ARP for this
+and :ref:`OfOverlay renderer <gbp-of-overlay>` will automatically ARP for this
default gateway, requiring no user intervention.
**Troubleshooting within GBP**
No intervention passed initial OpenStack setup is required by the user.
More information about configuration can be found in our DevStack demo
-environment on the `**GBP**
-wiki <https://wiki.opendaylight.org/view/Group_Based_Policy_(GBP)>`__.
+environment on the `GBP
+wiki <https://wiki.opendaylight.org/view/Group_Based_Policy_(GBP)>`_.
Administering or Managing GBP Neutron
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For consistencies sake, all provisioning should be performed via the
Neutron API. (CLI or Horizon).
-The mapped policies can be augmented via the **GBP** `UX <#UX>`__, to:
+The mapped policies can be augmented via the **GBP** :ref:`UX <gbp-ux>`, to:
-- Enable `Service Function Chaining <#SFC>`__
+- Enable :ref:`Service Function Chaining <gbp-sfc>`
- Add endpoints from outside of Neutron i.e. VMs/containers not
provisioned in OpenStack
Tutorials
~~~~~~~~~
-A DevStack demo environment can be found on the `**GBP**
-wiki <https://wiki.opendaylight.org/view/Group_Based_Policy_(GBP)>`__.
+A DevStack demo environment can be found on the `GBP
+wiki <https://wiki.opendaylight.org/view/Group_Based_Policy_(GBP)>`_.
GBP Renderer manager
--------------------
Similarly, when a Location provider is deleted, information of its locations
is removed from the OPER data store.
+.. _gbp-of-overlay:
+
Using the GBP OpenFlow Overlay (OfOverlay) renderer
---------------------------------------------------
This renderer is designed to work with OpenVSwitch (OVS) 2.1+ (although
2.3 is strongly recommended) and OpenFlow 1.3.
-When used in conjunction with the `Neutron Mapper feature <#Neutron>`__
+When used in conjunction with the :ref:`Neutron Mapper feature <gbp-neutron>`
no extra OfOverlay specific setup is required.
When this feature is loaded "standalone", the user is required to
- and creating the VXLAN/VXLAN-GPE tunnel ports on the bridges.
+.. _gbp-offset:
+
The **GBP** OfOverlay renderer also supports a table offset option, to
offset the pipeline post-table 0. The value of table offset is stored in
the config datastore and it may be rewritten at runtime.
Policy resolution is completely domain independent, and the OfOverlay
leverages process policy information internally. See `Policy Resolution
-process <#policyresolution>`__.
+process <Policy Resolution>`_.
It listens to inputs to the *Tenants* configuration datastore, validates
tenant input, then writes this to the Tenants operational datastore.
The endpoint repository operates in **orchestrated** mode. This means
the user is responsible for the provisioning of endpoints via:
-- `UX/GUI <#UX>`__
+- :ref:`UX/GUI <gbp-ux>`
- REST API
**Note**
- When using the `Neutron mapper <#Neutron>`__ feature, everything is
+ When using the :ref:`Neutron mapper <gbp-neutron>` feature, everything is
managed transparently via Neutron.
The Endpoint Manager is responsible for listening to Endpoint repository
**Ingress NAT Mapper**
-Table `*offset* <#offset>`__\ +1.
+Table :ref:`offset <gbp-offset>` +1.
ARP responder for external NAT address:
**Source Mapper**
-Table `*offset* <#offset>`__\ +2.
+Table :ref:`offset <gbp-offset>` +2.
Determines based on characteristics from the ingress port, which:
**Destination Mapper**
-Table `*offset* <#offset>`__\ +3.
+Table :ref:`offset <gbp-offset>` +3.
Determines based on characteristics of the endpoint:
**Policy Enforcer**
-Table `*offset* <#offset>`__\ +4.
+Table :ref:`offset <gbp-offset>` +4.
Once the Source and Destination EndpointGroups are assigned, policy is
enforced based on resolved rules.
-In the case of `Service Function Chaining <#SFC>`__, the encapsulation
+In the case of :ref:`Service Function Chaining <gbp-sfc>`, the encapsulation
and destination for traffic destined to a chain, is discovered and
enforced.
**Egress NAT Mapper**
-Table `*offset* <#offset>`__\ +5.
+Table :ref:`offset <gbp-offset>` +5.
Performs NAT function before Egressing OVS instance to the underlay
network.
**External Mapper**
-Table `*offset* <#offset>`__\ +6.
+Table :ref:`offset <gbp-offset>` +6.
Manages post-policy enforcement for endpoint specific destination
-effects. Specifically for `Service Function Chaining <#SFC>`__, which is
+effects. Specifically for :ref:`Service Function Chaining <gbp-sfc>`, which is
why we can support both symmetric and asymmetric chains and distributed
ingress/egress classification.
**Note**
- Please see the `UX <#UX>`__ section on how to configure **GBP** via
+ Please see the :ref:`UX <gbp-ux>` section on how to configure **GBP** via
the GUI.
**Endpoint**
}
}
-**Tenants** see `Policy Resolution <#policyresolution>`__ and
+**Tenants** see `Policy Resolution`_ and
`Forwarding Model <#forwarding>`__ for details:
::
~~~~~~~~~
Comprehensive tutorials, along with a demonstration environment
-leveraging Vagrant can be found on the `**GBP**
+leveraging Vagrant can be found on the `GBP
wiki <https://wiki.opendaylight.org/view/Group_Based_Policy_(GBP)>`__
Using the GBP eBPF IO Visor Agent renderer
feature:install odl-groupbasedpolicy-iovisor odl-restconf
Installation details, usage, and other information for the IO Visor GBP
-module can be found here: `**IO Visor** github repo for IO
-Modules <https://github.com/iovisor/iomodules>`__
+module can be found here: `IO Visor github repo for IO
+Modules <https://github.com/iovisor/iomodules>`_
Using the GBP FaaS renderer
---------------------------
More information about FaaS can be found here:
https://wiki.opendaylight.org/view/FaaS:GBPIntegration
+.. _gbp-sfc:
+
Using Service Function Chaining (SFC) with GBP Neutron Mapper and OfOverlay
---------------------------------------------------------------------------
This takes the form of an *action* in **GBP**.
-Using the `**GBP** demo and development environment <#demo>`__ as an
+Using the `GBP demo and development environment <#demo>`__ as an
example:
.. figure:: ./images/groupbasedpolicy/sfc-1-topology.png
- DevStack based GBP+Neutron integration Vagrant environment
`Demo @ GBP
-wiki <https://wiki.opendaylight.org/view/Group_Based_Policy_(GBP)/Consumability/Demo>`__
+wiki <https://wiki.opendaylight.org/view/Group_Based_Policy_(GBP)/Consumability/Demo>`_