Changes between Version 25 and Version 26 of OpenFlow/FOAM


Ignore:
Timestamp:
07/17/12 15:12:13 (12 years ago)
Author:
Josh Smift
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • OpenFlow/FOAM

    v25 v26  
    7878}}}
    7979
    80 The analysis engine performs six tests:
    81 
    82  * If the sliver's flowspace includes IP space: That IP space must not overlap with the IP space of any already-approved slivers.
    83  * If the sliver's flowspace includes MAC addresses: Those MAC addresses must not overlap with the MAC addresses of any already-approved slivers.
    84  * If the sliver's flowspace includes ethertypes (other than IP and ARP): Those ethertypes must not overlap with the ethertypes of any already-approved slivers.
    85  * If there are any port groups defined: The new sliver's flowspace must not include more than one port in any port group.
    86  * The sliver's flowspace must not include any flowspace defined by VLAN. (no 'dl_vlan')
    87  * The sliver's flowspace must include at least one datapath. (no 'any')
    88 
    89 If all of those tests pass, the sliver is automatically approved (when FOAM is in mode 2 -- in the other modes, the analysis is still done, but the results are ignored).
     80The analysis engine performs three tests related to your flowspace:
     81
     82 1. If the sliver's flowspace includes IP space: That IP space must not overlap with the IP space of any already-approved slivers.
     83 2. If the sliver's flowspace includes MAC addresses: Those MAC addresses must not overlap with the MAC addresses of any already-approved slivers.
     84 3. If the sliver's flowspace includes ethertypes (other than IP and ARP): Those ethertypes must not overlap with the ethertypes of any already-approved slivers.
     85
     86For each of those tests, the result could be "pass", "fail", or "n/a" (e.g. if the sliver's flowspace doesn't include IP space, or there are no port groups defined).
     87
     88It also performs three tests related to datapaths, ports, and VLANs:
     89
     90 1. The sliver's flowspace must include at least one datapath. (no 'any')
     91 2. The sliver's flowspace must not include more than one port in any port group. (if any port groups are defined)
     92 3. The sliver's flowspace must not include any flowspace defined by VLAN. (no 'dl_vlan')
     93
     94The sliver is automatically approved if at least one test in the first group passes, and no test fails (in either group). (When FOAM is in mode 2 -- in the other modes, the analysis is still done, but the results are ignored.)
    9095
    9196In practice, this implements a policy somewhat like: "Auto-approve a sliver that includes IP, MAC, or ethertype flowspace, doesn't overlap with anything else, and doesn't include more than one port in these port groups". Port groups might include things like cross-connects, or any other collection of ports where you only want a given sliver to have one port in the group.