Open mcanini opened 8 years ago
Comment: the inbound policies should be installed on all the edge switches since the egress port is selected when a packet enter the IXP network, before it is received at the receiving member's port. Once the outgoing port is computed, Umbrella will deliver a packet using its own header format.
@marchiesa Good point. I think to be precise it should works as follows. The inbound policies of participant A must live at each edge switch X for which there'd be potentially a participant B at switch X that sends traffic to A.
@mcanini Yes, that makes sense. I would suggest to leave it as a future optimization step that we will implement once we have something that works.
@marchiesa So for the time being we will replicated the same inbound table at all edge switches correct?
@TribuneX Yes, exactly! In a first phase I would just try to integrate Umbrella and iSDX into something that works in a multihop topology. While we do that, let's always keep in mind that at a certain point we will implement also these optimizations that we discussed.
I reopened this issue to keep this in the backlog, because we want to consider it in the future. Having less flow rules in each edge might ease the overview of the tables.
Since iSDX partitions the policies by participant, we want to install the right set of rules at the right edge switches. This means that a given edge switch X should only contain the rules for the participants that are attached to it. Concretely this means: