This adds an extension to the neutron port resource, in order to
support creation and tear-down of ERSPAN sessions. The port resource
is extended with the apic:erspan_config property, which is a list
of dictionary objects. Each entry in the dictionary specifies the
parameters for an ERSPAN session:
'dest_ip': the ERSPAN destination IP address
'flow_id': the flow ID to use (1-1023)
'direction': 'in', 'out', or 'bi' (port-centric)
The neutron port UUID plus direction define a unique ERSPAN
source, while the destination IP and flow ID defina a unique
ERSPAN destination. ERSPAN Sources and and Destinations are
associated by name using the SpanSpanlbl resource in AIM.
Sources and destinations must also be applied to interface
resources in AIM, providing topology to the source EPs. This means
that overlapping destination IPs aren't supported. This could be
extended to consider things like the VRF that the network/EPG is
mapped to, but would require a data migration of existing DB state.
This extension is only supported on ports that belong to networks
of type 'opflex'. This means that hierarchical port binding (HPB)
and 'vlan' type networks are not supported, nor are SVI networks. The
ports must have a vnic_type of "normal" and have a device owner prefix
of "compute:". The extensions can be added to the port at any point in
its life cycle, but the configuration is only pushed to AIM when the
port is bound. Unbinding the port removes the configuration from AIM,
but not the extension information in the port resource. That state must
be removed explicitly by the user.
This workflow currently doesn't support live-migration. Live migration
may still work, as port rebinding updates the appropriate state in AIM,
but this is done by first deleting the information from the source
interface policy group in APIC, then adding it to the destination/target
iterface policy group, which will lead to some loss of traffic. This can
be addressed in a future patch if needed.
Administrative privileges are required to use this extension. This
restriction can be relaxed in a subsequent patch, if needed.
ERSPAN traffic is sent from the local vSwitch to the host,
and the host's IP stack forwards the encapsulated
Change-Id: I3a35b060f914daebd7b34fa1fca2e289bd5f6967
7adb9734b9