Openvswitch with NSH support in Neutron¶
Blueprint on Launchpad
This spec introduces the work required to have Open vSwitch with NSH protocol support which is used in Service Function Chaining.
According to * https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ Network Service Header (NSH) is inserted to a packet or a frame to realize service functions paths. Also provides a mechanism for metadata exchange along the instantiated service path. The NSH protocol is used as an SFC encapsulation which is required for the support of the Service Function Chaining (SFC) Architecture as it defined in RFC7665.
The Openvswitch currently doesn’t support the NSH protocol. So the only way to add NSH support to Open vSwitch is through Yi Yang’s patches (https://github.com/yyang13/ovs_nsh_patches).
The proposed change is the use of the existing Neutron Ansible Role for the installation of Open vSwitch with NSH support when the user selects that functionality through specific configuration in Openstack-Ansible project. We intent to configure only Neutron component and not use the aforementioned functionality for end to end testing.
The installation of Open vSwitch with NSH support will be addressed by the use of specific packages which are going to be maintained in private repositories unti the NSH functionality will be included in a subsequent release of Open vSwitch project.
An alternative to create a SFC without NSH is the port chaining technique. The aforementioned technique uses Neutron ports to steer the traffic to a service chain and has no notion of the actual services which are attached to those Neutron ports.
The os_neutron role will be modified to optionally install Open vSwitch with
NSH support. The proposal is to add an extra variable so the user can decide
whether or not he needs to add NSH support with the Open vSwitch installation. When
neutron_plugin_type variable is set to
ovs_nsh_support variable is set to
true then the Open vSwitch will
be installed with NSH support. So there will be an extra task in the
which will add the distribution specific repositories with the ovs_nsh packages.
This is the first implementation of Open vSwitch with NSH support in OpenStack-Ansible,so no upgrade concerns yet.
No security impact
The added NSH support to Open vSwitch will not have any performance impact to the current OpenStack-Ansible installation because the system will need to install only some extra packages.
End user impact¶
The end users will have the capability to create service function chains with the use
of the NSH protocol. Also they can use OpenDaylight as networking backend which
sfc component supports the creation of SFCs through the NSH protocol.
The deployer needs to ensure that the specific repositories which hold the ovs_nsh packages are added to the system and the proper Open vSwitch packages are installed.
The developer impact is really low because the NSH support for Open vSwitch is optional and can be ignored when extending or modifying Neutron role.
There are no dependencies
- Primary assignee:
Dimitrios Markou (mardim)
Add specific PPA for ovs_nsh packages
Install Open vSwitch with NSH protocol suppport
Document the new functionality
Existing tests should be run because the only thing that change is that the installation of Open vSwitch is managed by specific repositories when NSH support is selected.
The new functionality Open vSwitch with NSH support should be documented, explaining the required configuration parameters which are necessary for this deployment.
Open vSwitch scenario with OpenStack-Ansible
NSH ietf draft
SFC RFC 7665
PPA for Openvswitch-NSH packages
Openvswitch-NSH packages for Centos