[ovs-dev] [v2] proposed OVN port security specification (was: Re: Allowed Address Pairs - OVN)
Ben Pfaff
blp at nicira.com
Thu Sep 10 01:51:05 UTC 2015
On Wed, Sep 09, 2015 at 06:23:13PM -0700, Justin Pettit wrote:
> > On Jul 2, 2015, at 5:39 PM, Ben Pfaff <blp at nicira.com> wrote:
> Sorry. I hadn't realized this was waiting for feedback.
Honestly I figured the next step was to produce a patch rather than a
document.
> > This column is provided as a convenience to cloud
> > management systems, but all of the features that it
> > implements can be implemented as ACLs using the ACL
> > table.
>
> This is true, but if "from-host" ACL processing happens after L3, then
> it won't have the benefit of the spoof protection afforded by the ARP
> restrictions. My guess is that ACL processing will happen before L3,
> but we should keep it in mind.
Good point, I'll be sure to revise that text before implementing this.
More information about the dev
mailing list