Versions Compared

Old Version 6

changes.mady.by.user sajeesh mathew

Saved on

compared with

New Version Current

changes.mady.by.user sajeesh mathew

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Blueprint/Feature Lead: sajeesh mathew / Nagendra Prasath Maynattamai Prem Chandran 
  • Core team: contacts to the core team members
  • JIRA EPIC: 
    Jira
    serverTungsten Fabric
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId82691efe-91a0-3cff-8e71-932ce5d4700b
    keyTFF-16

...

Following are the three use cases are addressed in this story
**use Use case 1 : ** Cloud admin shares on-boarded physical ports with tenant and tenant creates VPG .
**use Use case 2 : ** Cloud admin shares physical router and tenant creates logical router.

...

3.6 Operations and Notification impact

None

4. Implementation

...

Use case 1 :

...

Cloud admin shares on-boarded physical ports with tenant and tenant creates VPG .

1. Cloud admin shares physical port(s) with a specific tenant.
2. Tenant admin creates their own VPG using these physical ports.
3. Tenant admin applies tenant's security policies and other features on this VPG.
4. Tenant admin creates his VLANs (virtual networks) on this VPG.
5. Only the tenant creating the VPG can see the port(s) and the VPG.

...

Workflow with proposed design

...

Creation of fabric an onboarding physical routers

...


- Cloud admin will create the fabric and onboard physical routers and physical ports.
- Cloud admin will be the owner of fabric objects (fabric, physical routers ,physical ports ) under global system configuration.###Object

Object Sharing


- Cloud admin will share physical ports with tenant1.
- Cloud admin will share fabric/physical-router with 'R' permission and
physical-port with 'RX' permissions.###VPG

VPG creation

...


- Tenant1 admin will create VPG1 using the physical ports shared with it.
- VPG1 will be owned Cloud admin and automatically shared with tenant1 based on RBAC AUTH_TOKEN of the user .###VLAN

VLAN association

...


- Tenant admin for tenant1 will create VMI and VN within the project.
- Tenant admins for tenant1 will associate VMI (VPG1-10) and VN1 with VPG1(which result in VLAN association).
- VN’s or VMI’s shared to tenant1 also can be associated with VPG1.###Port

Port and VPG visibility

...


- VPG1 will be visible cloud admin and tenant1 admin.
- VPG1 won’t be visible to other tenant admins.(no sharing)
- To support UI workflow we can share Physical port/physical router to tenant1 admin with “Read” permission## **

Use case 2 :

...

Cloud admin shares physical router and tenant creates logical router.

1. Cloud admin shares a physical router (PR) with other tenants.
2. Tenants create logical routers (LR) on this PR.
3. PR is visible to all tenants. A tenant can see only their LR’s on this PR.## Workflow

 Workflow with proposed design

###Creation Creation of fabric an onboarding physical routers
- Cloud admin will create the fabric and onboard physical routers and physical ports.
- Cloud admin will be the owner of fabric objects (fabric, physical routers ,physical ports ) under global system configuration.### Object

 Object Sharing


- Cloud admin will share physical routers with tenant1. Cloud admin will share fabric with 'R' permission and
physical-router with 'RX' permissions.
- Sharing can be done using UI workflow or using VNC API’s .###LR

LR creation

- Tenant1 admin will create LR R1. R1 will be owned by cloud administrator and shared with tenant1 .
- Public LR and NAT attributes can only be updated by cloud admin . RBAC ACL’s will be added to enforce this restriction.###LR

LR visibility


- Physical Routers will visible to Cloud admin and tenants to which these ports are being shared.
- R1 will be visible cloud admin and tenant admin .

...