[ovs-dev] [v2] proposed OVN port security specification (was: Re: Allowed Address Pairs - OVN)
Justin Pettit
jpettit at nicira.com
Thu Sep 10 01:23:13 UTC 2015
> On Jul 2, 2015, at 5:39 PM, Ben Pfaff <blp at nicira.com> wrote:
Sorry. I hadn't realized this was waiting for feedback.
> This column is provided as a convenience to cloud management
> systems, but all of the features that it implements can be
> implemented as ACLs using the ACL table.
This is true, but if "from-host" ACL processing happens after L3, then it won't have the benefit of the spoof protection afforded by the ARP restrictions. My guess is that ACL processing will happen before L3, but we should keep it in mind.
This looks like a good addition. Thanks.
--Justin
More information about the dev
mailing list