initial commit

Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>

1 files changed, 66 insertions, 0 deletions

diff --git a/doc/source/how_l2_segregation_works.rst b/doc/source/how_l2_segregation_works.rst
new file mode 100644
index 00000000..4b0d2b9d
--- /dev/null
+++ b/doc/source/how_l2_segregation_works.rst
@@ -0,0 +1,66 @@
+.. _how_it_works:
+
+****************************
+How Ryu L2 segregation works
+****************************
+This section describes how Ryu L2 segregation works.
+
+tenant/network id creation
+==========================
+When tenant(= network id) is created, Quantum server tells it to Ryu.
+Ryu remembers the network id.
+
+  .. image:: /images/network-creation.png
+
+
+association OVS port to network id
+==================================
+#. When VM instance is created, the network port is created in OVS and
+   it is associated to network id that VM belongs to.
+
+#. quantum OVS agent tells the associated (network id, ovs port) to Ryu.
+   Ryu remembers (network id, ovs port) relationship.
+
+#. quantum OVS agent also tells to Ryu which OVS port is not managed by
+   nova/quantum, but is connected to external ether cable.
+   We call it external OVS port or that the port is external.
+
+
+  .. image:: /images/assoc-ovs-port.png
+
+
+mac learing
+===========
+When VM sends packets, Ryu determins network id from OVS port and then
+associates src mac address to network id.
+
+   .. image:: /images/mac-learning.png
+
+
+packet filtering(L2 unicast case)
+=================================
+* When VM sending L2-unicast packet, Ryu checks if the destination mac
+  address belongs to the same netowrk id of the source mac address which
+  is same to the network id that the OVS port is associated to.
+* If no, the packet is dropped.
+* If yes, send the packet is sent to ports which belongs to the same
+  network id and external port.
+
+   .. image:: /images/filtering-outgoing.png
+   .. image:: /images/filtering-incoming.png
+
+
+packet filtering(L2 broadcast case)
+===================================
+* When VM sending L2-broadcast/multicaset packet, Ryu checks if the source
+  mac address.
+* send the packet to all external ports and all OVS ports that belongs
+  to the same network id of the source mac address.
+* When receiving broacast/multicast packet from the external ports,
+  Ryu checks if the source mac address belongs to known network id.
+
+   * If yes, send the packet to the external ports except incoming one
+     and the all OVS ports that belongs to the network id
+   * if no, drop the packet.
+
+   .. image:: /images/filtering-broadcast.png