1332674 – [RFE] [TEF] [UL2] Transition from multi-tenant to single-tenant

Bug 1332674 - [RFE] [TEF] [UL2] Transition from multi-tenant to single-tenant

Summary: [RFE] [TEF] [UL2] Transition from multi-tenant to single-tenant

Keywords:
Status:	NEW
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-neutron
Sub Component:
Version:	11.0 (Ocata)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	low
Target Milestone:	---
Target Release:	---
Assignee:	OSP Team
QA Contact:	Toni Freger
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1235009 1419948
TreeView+	depends on / blocked

Reported:	2016-05-03 18:04 UTC by JP Jung
Modified:	2023-07-12 16:11 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	OSP-4254	0	None	None	None	2023-06-07 07:33:35 UTC

Description JP Jung 2016-05-03 18:04:33 UTC

Description of problem:
* Some network scenarios involve a multi-tenant VNF connected to several single-tenant VNFs or to several single-tenant external networks. For instance, in a VPN service, a PE router usually has a network interface where several CEs from different tenants are connected, each tenant using a different VLAN in order to isolate the traffic from each corporation.
* In this situation, it is required to be able to define tenant data plane networks visible by the appropriate tenant and simultaneously visible by the Admin (or Service Provider tenant), but being invisible for the rest of tenants.
* Moreover, it is required to create the appropriate connectivity in the underlay switching infrastructure that allows networks with any combination of multi-tenant VNF, single-tenant VNFs, multi-tenant physical elements and single- tenant physical elements.


Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:


Additional info:

Comment 4 Assaf Muller 2016-05-03 21:59:15 UTC

(In reply to JP Jung from comment #0)
> Description of problem:
> * Some network scenarios involve a multi-tenant VNF connected to several
> single-tenant VNFs or to several single-tenant external networks. For
> instance, in a VPN service, a PE router usually has a network interface
> where several CEs from different tenants are connected, each tenant using a
> different VLAN in order to isolate the traffic from each corporation.
> * In this situation, it is required to be able to define tenant data plane
> networks visible by the appropriate tenant and simultaneously visible by the
> Admin (or Service Provider tenant), but being invisible for the rest of
> tenants.

It looks like this requirement can be satisfied with http://docs.openstack.org/liberty/networking-guide/adv-config-network-rbac.html which is available in OSP 8.

> * Moreover, it is required to create the appropriate connectivity in the
> underlay switching infrastructure that allows networks with any combination
> of multi-tenant VNF, single-tenant VNFs, multi-tenant physical elements and
> single- tenant physical elements.

What Neutron plugin / ml2 driver are you currently using?

> 
> 
> Version-Release number of selected component (if applicable):
> 
> How reproducible:
> 
> Steps to Reproduce:
> 
> Actual results:
> 
> Expected results:
> 
> 
> Additional info:

Comment 5 Antonio López 2016-10-03 14:45:36 UTC

(In reply to Assaf Muller from comment #4)
> (In reply to JP Jung from comment #0)
> > Description of problem:
> > * Some network scenarios involve a multi-tenant VNF connected to several
> > single-tenant VNFs or to several single-tenant external networks. For
> > instance, in a VPN service, a PE router usually has a network interface
> > where several CEs from different tenants are connected, each tenant using a
> > different VLAN in order to isolate the traffic from each corporation.
> > * In this situation, it is required to be able to define tenant data plane
> > networks visible by the appropriate tenant and simultaneously visible by the
> > Admin (or Service Provider tenant), but being invisible for the rest of
> > tenants.
> 
> It looks like this requirement can be satisfied with
> http://docs.openstack.org/liberty/networking-guide/adv-config-network-rbac.
> html which is available in OSP 8.

I don't agree RBAC is related to this functionality. RBAC is just about sharing networks between tenants. This use case needs to connect a network that handles multiple vlan tags to several networks that just handle one of those tags. And this needs to be done in the dataplane.

> 
> > * Moreover, it is required to create the appropriate connectivity in the
> > underlay switching infrastructure that allows networks with any combination
> > of multi-tenant VNF, single-tenant VNFs, multi-tenant physical elements and
> > single- tenant physical elements.
> 
> What Neutron plugin / ml2 driver are you currently using?

We need to use SRIOV and passthrough interfaces in the dataplane. That requires the sriov ml2 driver enabled, and whatever it will be needed in Newton when Neutron was able to handle passthrough ports.

> 
> > 
> > 
> > Version-Release number of selected component (if applicable):
> > 
> > How reproducible:
> > 
> > Steps to Reproduce:
> > 
> > Actual results:
> > 
> > Expected results:
> > 
> > 
> > Additional info:

Comment 6 Nir Yechiel 2017-10-18 06:36:02 UTC

We have reviewed this feature request and we won't be able to prioritize it for RHOSP 13 due to other priorities.

Note You need to log in before you can comment on or make changes to this bug.