Bug 1332674

Summary: [RFE] [TEF] [UL2] Transition from multi-tenant to single-tenant
Product: Red Hat OpenStack Reporter: JP Jung <jjung>
Component: openstack-neutronAssignee: OSP Team <rhos-maint>
Status: NEW --- QA Contact: Toni Freger <tfreger>
Severity: low Docs Contact:
Priority: high    
Version: 11.0 (Ocata)CC: chrisw, ekuris, jlibosva, srevivo, tvvcox
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Feature Request
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1235009, 1419948    

Description JP Jung 2016-05-03 18:04:33 UTC 
Description of problem:
* Some network scenarios involve a multi-tenant VNF connected to several single-tenant VNFs or to several single-tenant external networks. For instance, in a VPN service, a PE router usually has a network interface where several CEs from different tenants are connected, each tenant using a different VLAN in order to isolate the traffic from each corporation.
* In this situation, it is required to be able to define tenant data plane networks visible by the appropriate tenant and simultaneously visible by the Admin (or Service Provider tenant), but being invisible for the rest of tenants.
* Moreover, it is required to create the appropriate connectivity in the underlay switching infrastructure that allows networks with any combination of multi-tenant VNF, single-tenant VNFs, multi-tenant physical elements and single- tenant physical elements.


Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:


Additional info:
Comment 4 Assaf Muller 2016-05-03 21:59:15 UTC 
(In reply to JP Jung from comment #0)
> Description of problem:
> * Some network scenarios involve a multi-tenant VNF connected to several
> single-tenant VNFs or to several single-tenant external networks. For
> instance, in a VPN service, a PE router usually has a network interface
> where several CEs from different tenants are connected, each tenant using a
> different VLAN in order to isolate the traffic from each corporation.
> * In this situation, it is required to be able to define tenant data plane
> networks visible by the appropriate tenant and simultaneously visible by the
> Admin (or Service Provider tenant), but being invisible for the rest of
> tenants.

It looks like this requirement can be satisfied with http://docs.openstack.org/liberty/networking-guide/adv-config-network-rbac.html which is available in OSP 8.

> * Moreover, it is required to create the appropriate connectivity in the
> underlay switching infrastructure that allows networks with any combination
> of multi-tenant VNF, single-tenant VNFs, multi-tenant physical elements and
> single- tenant physical elements.

What Neutron plugin / ml2 driver are you currently using?

> 
> 
> Version-Release number of selected component (if applicable):
> 
> How reproducible:
> 
> Steps to Reproduce:
> 
> Actual results:
> 
> Expected results:
> 
> 
> Additional info:
Comment 5 Antonio López 2016-10-03 14:45:36 UTC 
(In reply to Assaf Muller from comment #4)
> (In reply to JP Jung from comment #0)
> > Description of problem:
> > * Some network scenarios involve a multi-tenant VNF connected to several
> > single-tenant VNFs or to several single-tenant external networks. For
> > instance, in a VPN service, a PE router usually has a network interface
> > where several CEs from different tenants are connected, each tenant using a
> > different VLAN in order to isolate the traffic from each corporation.
> > * In this situation, it is required to be able to define tenant data plane
> > networks visible by the appropriate tenant and simultaneously visible by the
> > Admin (or Service Provider tenant), but being invisible for the rest of
> > tenants.
> 
> It looks like this requirement can be satisfied with
> http://docs.openstack.org/liberty/networking-guide/adv-config-network-rbac.
> html which is available in OSP 8.

I don't agree RBAC is related to this functionality. RBAC is just about sharing networks between tenants. This use case needs to connect a network that handles multiple vlan tags to several networks that just handle one of those tags. And this needs to be done in the dataplane.

> 
> > * Moreover, it is required to create the appropriate connectivity in the
> > underlay switching infrastructure that allows networks with any combination
> > of multi-tenant VNF, single-tenant VNFs, multi-tenant physical elements and
> > single- tenant physical elements.
> 
> What Neutron plugin / ml2 driver are you currently using?

We need to use SRIOV and passthrough interfaces in the dataplane. That requires the sriov ml2 driver enabled, and whatever it will be needed in Newton when Neutron was able to handle passthrough ports.

> 
> > 
> > 
> > Version-Release number of selected component (if applicable):
> > 
> > How reproducible:
> > 
> > Steps to Reproduce:
> > 
> > Actual results:
> > 
> > Expected results:
> > 
> > 
> > Additional info:
Comment 6 Nir Yechiel 2017-10-18 06:36:02 UTC 
We have reviewed this feature request and we won't be able to prioritize it for RHOSP 13 due to other priorities.