[ovs-dev] [RFC] ovn: minimize the impact of a compromised chassis

Russell Bryant russell at ovn.org
Mon Aug 22 15:28:52 UTC 2016


On Mon, Aug 22, 2016 at 11:24 AM, Ryan Moats <rmoats at us.ibm.com> wrote:
>
> > MAC_Binding is a bit tricky - the problem here is how to deal where
> dynamic
> > MAC bindings need to be transferred from one chassis to another for
> either
> > HA or live migration scenarios. My preference here is to leave this alone
>
> > (i.e. allow ovn-controller to continue to write this table) and see what
> we
> > can apply from various anti-arp cache poisoning technologies to either
> the IDL
> > or ovsdb-server itself.
> >
> > ​The proposal here is that they wouldn't be transferred from home
> > host to another.  Each chassis would be responsible for its own mac
> learning.​
>
> That's what I'm not comfortable with...


Why is that?  Isn't that how a network would typically work anyway?

-- 
Russell Bryant



More information about the dev mailing list