[ovs-dev] [PATCH] ovn-nb: Add port_security proposal.
Ben Pfaff
blp at nicira.com
Wed Sep 16 15:24:43 UTC 2015
On Thu, Sep 10, 2015 at 10:22:46PM -0400, Brian Haley wrote:
> On 9/10/15 2:54 PM, Ben Pfaff wrote:
> >diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
>
> >+ <dt><code>80:fa:5b:06:72:b7 192.168.1.10/24</code></dt>
>
> IPv6 too ? :)
I don't think an IPv6 example would clarify anything.
> >+ <dd>
> >+ This adds further restrictions to the first example. The host may
> >+ send IPv4 packets from or receive IPv4 packets to only 192.168.1.10,
> >+ except that it may also receive IPv4 packets to 192.168.1.255 (based
> >+ on the subnet mask), 255.255.255.255, and any address n 224.0.0.0/4.
> >+ The host may not send ARPs with a source Ethernet address other than
> >+ 80:fa:5b:06:72:b7 or source IPv4 address other than 192.168.1.10.
>
> What about the Source Hardware Address (SHA) in the ARP reply? That doesn't
> have to match the Ethernet hardware address. Or is that what you're talking
> about - what's in the ARP reply part of the packet?
I'll add (SHA) and (SPA) in the text above to clarify.
More information about the dev
mailing list