[ovs-dev] Query on ACLs
Kaushik Kumar Ram
kaushik at rice.edu
Thu Feb 18 01:48:03 UTC 2010
Hello,
I heard that open vswitch has basic support for ACLs. Can someone clarify what sort of support is available and how ACLs can be installed? To be more precise, I would like to install a ACL with a rule of type "drop all traffic to TCP port XYZ".
I understand that so called "negative flows" can be used to achieve the same, i.e. drop all traffic matching particular flow(s) (to TCP port XYZ in this example). This would also be more efficient since the packet would be dropped in the in-kernel fast-path itself. But then it is not possible to match against packet header fields outside the 10-tuple (like TCP flags for example).
Any feedback would be appreciated.
Thanks.
-Kaushik
More information about the dev
mailing list