[ovs-dev] [PATCH 2/2] FAQ: Mention packet filter incompatibility
yamamoto at valinux.co.jp
Mon May 5 00:13:53 UTC 2014
Signed-off-by: YAMAMOTO Takashi <yamamoto at valinux.co.jp>
FAQ | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/FAQ b/FAQ
index fc21af4..716c1de 100644
@@ -676,6 +676,19 @@ A: On Linux kernels before 3.11, the OVS GRE module and Linux GRE module
can then reload the OVS module following the directions in INSTALL,
which will ensure that dependencies are satisfied.
+Q: Open vSwitch does not seem to obey my packet filter rules.
+A: It's by design. Open vSwitch interacts with packets at a lower layer
+ than typical packet-filter implementations like iptables.
+ For simple filtering rules, it might be possible to achieve similar
+ by installing appropriate OpenFlow flows instead.
+ If the use of a particular packet filter software is essential,
+ Open vSwitch might not be the best choice for you. On Linux, you might
+ want to consider to use Linux Bridge, which works with iptables.
+ On NetBSD, you might want to consider to use bridge(4) with BRIDGE_IPF
Quality of Service (QoS)
More information about the dev