...
- Multiple applications writing into table 0 (directly or through an Ingress Manager function)
- Flow conflict detection mechanisms do not allow for any overlap between flows
- Overlap (or rather refinement) should be allowed using priorities to disambiguate:
- e.g. packets on in_port with certain DMAC to application A, all the rest to application B
- How can a generic Ingress Manager ensure that there is no semantic conflict between the flows if the simple non-overlap criterion is not sufficient?
Genius Proposal
Generic Functions for Multi-Network Service Support
- Any ODL application can use these to achieve at minimum interference-free co-existence with other applications using the services
- Provide support for co-operation between applications with the minimal amount of design-time coordination and hard-coded dependencies
- Use APIs to move design-time coordination to run-time
- Generic infrastructure APIs to avoid direct coupling where possible
- Direct inter-application (client-server) APIs where necessary for stronger coupling
- Factor out commonly used functions into shared services to avoid duplication & waste of resources, e.g.
- Overlay Tunnel Manager
- ID manager
- MD-SAL Util
VPN Service Modules and Inter-relationships
Interface Manager
- Models generic interfaces as attachment point for applications
- Supports Hierarchy of: Port, VLAN, VXLAN Trunk, VXLAN VNI, GRE Tunnel, ...
- Extendible to arbitrary other types of interfaces (virtual link, VPN interface, …)
- Interface ID/tag system wide unique identifier in control/data plane.
- Ingress interface tag stored in metadata
- Handles ingress de-capsulation and de-multiplexing
- Owns table 0 (and possibly additional tables needed for demultiplexing of interfaces)
- Application bind to interfaces through API and register application-specific instructions/actions to be added to the interfaces ingress flow entry (e.g. write metadata, goto table)
- Each bound service is assigned to a separate interface handle, no risk of interference on ingress traffic
- South bound protocol agnostic
- Ability to plug in different south bound renderers
- Provides tunnel monitoring services
- Handles egress encapsulation and output, service processing priority