[Engine-devel] bridgless networks
Hi All Lately I've been working on a design of bridge-less network feature in the engine. You can see it in http://www.ovirt.org/wiki/Features/Design/Network/Bridgeless_Networks#Bridge... Please review the design. Note, there are some open issues, you can find in the relevant section. Reviews and comments are very welcome. Thanks, Roy
I think that in the UI we should automatically check the "bridged" for VM networks, and uncheck it for non-VM ones. In the future, when we'll support more network types that can run VMs without a bridge (VEPA/VNLink/SRIOV) then we would change this logic. As for the open issues: [1] if a network is checked with "allowToRunVms" and an underlying host will need an un-bridged(SRIOV...) network to fulfil that how do we treat that during monitoring? we should be able to distinguish on interfaces that can run vm with/without bridge and deduce that cluster compatibility didn't break [oved] We will be able to make this distinction. Less relevant for today, but will be relevant in the future. [2] if, for some reason an admin wants a non VM network to be bridged, should we allow it? [oved] I would allow it. ----- Original Message -----
From: "Roy Golan" <rgolan@redhat.com> To: engine-devel@ovirt.org Sent: Monday, February 6, 2012 4:47:11 PM Subject: [Engine-devel] bridgless networks
Hi All
Lately I've been working on a design of bridge-less network feature in the engine. You can see it in http://www.ovirt.org/wiki/Features/Design/Network/Bridgeless_Networks#Bridge...
Please review the design. Note, there are some open issues, you can find in the relevant section. Reviews and comments are very welcome.
Thanks, Roy _______________________________________________ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
On 02/06/2012 04:47 PM, Roy Golan wrote:
Hi All
Lately I've been working on a design of bridge-less network feature in the engine. You can see it in http://www.ovirt.org/wiki/Features/Design/Network/Bridgeless_Networks#Bridge...
Please review the design. Note, there are some open issues, you can find in the relevant section. Reviews and comments are very welcome.
Thanks, Roy _______________________________________________ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
0. Fixed some typos in the wiki. There are others I couldn't understand. 1. "Also looking forward a capable of running VMs nics should be bridged on regular nics and un-bridged in case of dedicated special nics" - don't understand what it means (English-wise too). 2. "UI shall user shall" . 3. Not sure the REST API is complete. How is the property set on the logical network (upon creation or later) ? 4. So, if there's no bridge on my bond, can I now use the bond methods that are incompatible with bridges and therefore we did not allow them until now? Y.
----- Original Message -----
From: "Yaniv Kaul" <ykaul@redhat.com> To: "Roy Golan" <rgolan@redhat.com> Cc: engine-devel@ovirt.org Sent: Monday, February 6, 2012 5:10:16 PM Subject: Re: [Engine-devel] bridgless networks
On 02/06/2012 04:47 PM, Roy Golan wrote:
Hi All
Lately I've been working on a design of bridge-less network feature in the engine. You can see it in http://www.ovirt.org/wiki/Features/Design/Network/Bridgeless_Networks#Bridge...
Please review the design. Note, there are some open issues, you can find in the relevant section. Reviews and comments are very welcome.
Thanks, Roy _______________________________________________ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
0. Fixed some typos in the wiki. There are others I couldn't understand. 1. "Also looking forward a capable of running VMs nics should be bridged on regular nics and un-bridged in case of dedicated special nics" - don't understand what it means (English-wise too). correct, the phrasing is bad. I meant that when we are doing the actual attach, should we implicitly choose not to create a bridge on vNic or SRIOV ? Anyway for now the best and fastest approach I think is to give freedom of choice - the user will choose if the network should be bridged or not during the attach.
2. "UI shall user shall" . 3. Not sure the REST API is complete. How is the property set on the logical network (upon creation or later) ? please see my former post. I suggest we won't have this property on the logical network at all. 4. So, if there's no bridge on my bond, can I now use the bond methods that are incompatible with bridges and therefore we did not allow them until now? why not? is VDSM blocking those?
Y.
On 02/15/2012 11:34 AM, Roy Golan wrote:
----- Original Message -----
From: "Yaniv Kaul"<ykaul@redhat.com> To: "Roy Golan"<rgolan@redhat.com> Cc: engine-devel@ovirt.org Sent: Monday, February 6, 2012 5:10:16 PM Subject: Re: [Engine-devel] bridgless networks
Hi All
Lately I've been working on a design of bridge-less network feature in the engine. You can see it in http://www.ovirt.org/wiki/Features/Design/Network/Bridgeless_Networks#Bridge...
Please review the design. Note, there are some open issues, you can find in the relevant section. Reviews and comments are very welcome.
Thanks, Roy _______________________________________________ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
On 02/06/2012 04:47 PM, Roy Golan wrote: 0. Fixed some typos in the wiki. There are others I couldn't understand. 1. "Also looking forward a capable of running VMs nics should be bridged on regular nics and un-bridged in case of dedicated special nics" - don't understand what it means (English-wise too). correct, the phrasing is bad. I meant that when we are doing the actual attach, should we implicitly choose not to create a bridge on vNic or SRIOV ? Anyway for now the best and fastest approach I think is to give freedom of choice - the user will choose if the network should be bridged or not during the attach.
2. "UI shall user shall" . 3. Not sure the REST API is complete. How is the property set on the logical network (upon creation or later) ? please see my former post. I suggest we won't have this property on the logical network at all. 4. So, if there's no bridge on my bond, can I now use the bond methods that are incompatible with bridges and therefore we did not allow them until now? why not? is VDSM blocking those?
Either UI or engine do not show bond modes that are incompatible with bridges. Perhaps it's not a limitation we need to worry about. Y.
Y.
On 02/06/2012 04:47 PM, Roy Golan wrote:
Hi All
Lately I've been working on a design of bridge-less network feature in the engine. You can see it in http://www.ovirt.org/wiki/Features/Design/Network/Bridgeless_Networks#Bridge...
Please review the design. Note, there are some open issues, you can find in the relevant section. Reviews and comments are very welcome.
I'm not in the details of the above design but just please make sure this change will be able to accommodate w/: - Different bridging types: - Today's Linux bridge - openVswitch bridge - macvtap bridges. - pci device assignment w/o sriov - virtio over macvtap over sriov virtual function Cheers, Dor
Thanks, Roy _______________________________________________ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
----- Original Message -----
From: "Dor Laor" <dlaor@redhat.com> To: "Roy Golan" <rgolan@redhat.com> Cc: engine-devel@ovirt.org Sent: Tuesday, February 7, 2012 12:01:58 PM Subject: Re: [Engine-devel] bridgless networks
On 02/06/2012 04:47 PM, Roy Golan wrote:
Hi All
Lately I've been working on a design of bridge-less network feature in the engine. You can see it in http://www.ovirt.org/wiki/Features/Design/Network/Bridgeless_Networks#Bridge...
Please review the design. Note, there are some open issues, you can find in the relevant section. Reviews and comments are very welcome.
I'm not in the details of the above design but just please make sure this change will be able to accommodate w/: - Different bridging types: - Today's Linux bridge - openVswitch bridge - macvtap bridges. - pci device assignment w/o sriov - virtio over macvtap over sriov virtual function
and you can mix any bridge type with any nic?
Cheers, Dor
Thanks, Roy _______________________________________________ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
On 02/15/2012 11:16 AM, Roy Golan wrote:
----- Original Message -----
From: "Dor Laor"<dlaor@redhat.com> To: "Roy Golan"<rgolan@redhat.com> Cc: engine-devel@ovirt.org Sent: Tuesday, February 7, 2012 12:01:58 PM Subject: Re: [Engine-devel] bridgless networks
On 02/06/2012 04:47 PM, Roy Golan wrote:
Hi All
Lately I've been working on a design of bridge-less network feature in the engine. You can see it in http://www.ovirt.org/wiki/Features/Design/Network/Bridgeless_Networks#Bridge...
Please review the design. Note, there are some open issues, you can find in the relevant section. Reviews and comments are very welcome.
I'm not in the details of the above design but just please make sure this change will be able to accommodate w/: - Different bridging types: - Today's Linux bridge - openVswitch bridge - macvtap bridges. - pci device assignment w/o sriov - virtio over macvtap over sriov virtual function
and you can mix any bridge type with any nic?
Yes, virtio/e1000.rtl8139 are all good over any backend.
Cheers, Dor
Thanks, Roy _______________________________________________ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
On 02/06/2012 04:47 PM, Roy Golan wrote:
Hi All
Lately I've been working on a design of bridge-less network feature in the engine. You can see it in http://www.ovirt.org/wiki/Features/Design/Network/Bridgeless_Networks#Bridge...
Please review the design. Note, there are some open issues, you can find in the relevant section. Reviews and comments are very welcome.
1. validations 1.1. do you block setting a logical network to don't allow running VMs if it has a vnic associated with it? 1.2. do you check on import a vnic isn't connected to a logical network which doesn't allow running VMs? 1.3. do you check when REST API tries to add/edit a vnic that the chosen logical network is allowed to run VMs? 2. changes 2.1 can a logical network be changed between allow/disallow running VMs? 2.2 what's the flow when enabling running VMs? will the logical network become non-operational until all hosts are reconfigured with a bridge (if applicable)? what is the user flow to reconfigure the hosts (go one by one? do what (there is no change to host level config)? 2.3 what's the flow to not allowing to run VMs (bridge-less) - no need to make the network non operational, but same question - what should the admin do to reconfigure the hosts (no host level config change is needed by him, just a reconfigure iiuc) Thanks, Itamar
----- Original Message -----
From: "Itamar Heim" <iheim@redhat.com> To: "Roy Golan" <rgolan@redhat.com> Cc: engine-devel@ovirt.org Sent: Thursday, February 9, 2012 10:02:03 AM Subject: Re: [Engine-devel] bridgless networks
On 02/06/2012 04:47 PM, Roy Golan wrote:
Hi All
Lately I've been working on a design of bridge-less network feature in the engine. You can see it in http://www.ovirt.org/wiki/Features/Design/Network/Bridgeless_Networks#Bridge...
Please review the design. Note, there are some open issues, you can find in the relevant section. Reviews and comments are very welcome.
1. validations 1.1. do you block setting a logical network to don't allow running VMs if it has a vnic associated with it? 1.2. do you check on import a vnic isn't connected to a logical network which doesn't allow running VMs? 1.3. do you check when REST API tries to add/edit a vnic that the chosen logical network is allowed to run VMs?
2. changes 2.1 can a logical network be changed between allow/disallow running VMs? 2.2 what's the flow when enabling running VMs? will the logical network become non-operational until all hosts are reconfigured with a bridge (if applicable)? what is the user flow to reconfigure the hosts (go one by one? do what (there is no change to host level config)? 2.3 what's the flow to not allowing to run VMs (bridge-less) - no need to make the network non operational, but same question - what should the admin do to reconfigure the hosts (no host level config change is needed by him, just a reconfigure iiuc)
Thanks, Itamar
Since it will take some time till we'll add a type to a nic, the whole concept of enforcing bridging in the migration domain, namely the cluster, should be replaced with much more simple approach - set bridged true/false during the attach action on the host (i.e setupnetworks). This means there are no monitoring checks, no new fields to logical networks and no validations but migration might fail in case the target network is not bridged and the underlying nic is not vNic etc. Once we will support nic types it will be easy to add the ability to mark a network as "able to run VMs" to advice the attach nic action, based on the nic type to set a bridge or not. thoughts?
On 02/14/2012 03:35 PM, Roy Golan wrote:
----- Original Message -----
From: "Itamar Heim"<iheim@redhat.com> To: "Roy Golan"<rgolan@redhat.com> Cc: engine-devel@ovirt.org Sent: Thursday, February 9, 2012 10:02:03 AM Subject: Re: [Engine-devel] bridgless networks
On 02/06/2012 04:47 PM, Roy Golan wrote:
Hi All
Lately I've been working on a design of bridge-less network feature in the engine. You can see it in http://www.ovirt.org/wiki/Features/Design/Network/Bridgeless_Networks#Bridge...
Please review the design. Note, there are some open issues, you can find in the relevant section. Reviews and comments are very welcome.
1. validations 1.1. do you block setting a logical network to don't allow running VMs if it has a vnic associated with it? 1.2. do you check on import a vnic isn't connected to a logical network which doesn't allow running VMs? 1.3. do you check when REST API tries to add/edit a vnic that the chosen logical network is allowed to run VMs?
2. changes 2.1 can a logical network be changed between allow/disallow running VMs? 2.2 what's the flow when enabling running VMs? will the logical network become non-operational until all hosts are reconfigured with a bridge (if applicable)? what is the user flow to reconfigure the hosts (go one by one? do what (there is no change to host level config)? 2.3 what's the flow to not allowing to run VMs (bridge-less) - no need to make the network non operational, but same question - what should the admin do to reconfigure the hosts (no host level config change is needed by him, just a reconfigure iiuc)
Thanks, Itamar
Since it will take some time till we'll add a type to a nic, the whole concept of enforcing bridging in the migration domain, namely the cluster, should be replaced with much more simple approach - set bridged true/false during the attach action on the host (i.e setupnetworks).
This means there are no monitoring checks, no new fields to logical networks and no validations but migration might fail in case the target network is not bridged and the underlying nic is not vNic etc.
Once we will support nic types it will be easy to add the ability to mark a network as "able to run VMs" to advice the attach nic action, based on the nic type to set a bridge or not.
thoughts?
what i don't like about this: 1. no validations == allows more users errors 2. more definitions at host level (+ allows more user error on misconfiguring the cluster). 3. probably need to obsolete this when will add this at logical network + handle upgrade for this so question is what is the implementation gap between doing this at logical network (cluster level) to doing this at host level?
participants (5)
-
Dor Laor -
Itamar Heim -
Oved Ourfalli -
Roy Golan -
Yaniv Kaul