[ovs-dev] [v2] proposed OVN port security specification (was: Re: Allowed Address Pairs - OVN)

[Justin Pettit]

> On Jul 2, 2015, at 5:39 PM, Ben Pfaff <blp at nicira.com> wrote:

Sorry.  I hadn't realized this was waiting for feedback.

>              This column is provided as a  convenience  to  cloud  management
>              systems,  but  all  of  the  features  that it implements can be
>              implemented as ACLs using the ACL table.

This is true, but if "from-host" ACL processing happens after L3, then it won't have the benefit of the spoof protection afforded by the ARP restrictions.  My guess is that ACL processing will happen before L3, but we should keep it in mind.

This looks like a good addition.  Thanks.

--Justin