Changes between Version 24 and Version 25 of OpenFlow/FOAM


Ignore:
Timestamp:
07/17/12 14:57:51 (12 years ago)
Author:
Josh Smift
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • OpenFlow/FOAM

    v24 v25  
    7272 * Mode 2, "analsys": Newly created slivers are automatically approved if they pass all the checks in the analysis engine.
    7373
    74 The analysis engine performs four tests:
    75 
    76  * If the sliver's flowspace includes IP space: Does the new sliver's requested IP space overlap with the IP space of any already-approved slivers?
    77  * If the sliver's flowspace includes MAC addresses: Do the new sliver's requested MAC addresses overlap with the MAC addresses of any already-approved slivers?
    78  * If the sliver's flowspace includes ethertypes (other than IP and ARP): Do the new sliver's requested ethertypes overlap with the ethertypes of any already-approved slivers?
    79  * If there are any port groups defined: Does the new sliver's flowspace include more than one port in a port group?
    80 
    81 If all of those tests pass (i.e. the answer is "no" for all of those questions), the sliver is automatically approved (when FOAM is in mode 2 -- in the other modes, the analysis is still done, but the results are ignored).
     74The default value is "0", for safety. You can turn it on with foamctl:
     75
     76{{{
     77foamctl config:set-value --key="geni.approval.approve-on-creation" --value="2" --passwd-file=/opt/foam/etc/foampasswd
     78}}}
     79
     80The analysis engine performs six tests:
     81
     82 * If the sliver's flowspace includes IP space: That IP space must not overlap with the IP space of any already-approved slivers.
     83 * If the sliver's flowspace includes MAC addresses: Those MAC addresses must not overlap with the MAC addresses of any already-approved slivers.
     84 * If the sliver's flowspace includes ethertypes (other than IP and ARP): Those ethertypes must not overlap with the ethertypes of any already-approved slivers.
     85 * If there are any port groups defined: The new sliver's flowspace must not include more than one port in any port group.
     86 * The sliver's flowspace must not include any flowspace defined by VLAN. (no 'dl_vlan')
     87 * The sliver's flowspace must include at least one datapath. (no 'any')
     88
     89If all of those tests pass, the sliver is automatically approved (when FOAM is in mode 2 -- in the other modes, the analysis is still done, but the results are ignored).
    8290
    8391In practice, this implements a policy somewhat like: "Auto-approve a sliver that includes IP, MAC, or ethertype flowspace, doesn't overlap with anything else, and doesn't include more than one port in these port groups". Port groups might include things like cross-connects, or any other collection of ports where you only want a given sliver to have one port in the group.
    8492
    85 If a sliver is not auto-approved, the 'pend_reason' field (visible in 'foamctl geni:show-sliver') should explain why.
     93If a sliver is not auto-approved, the 'pend_reason' field (visible in 'foamctl geni:show-sliver') should explain why. (More precisely, it'll include one test that the sliver didn't pass; if it failed multiple tests, only one will be listed.)
    8694
    8795A more flexible policy is expected in future versions of FOAM.