[ovs-dev] [PATCH 1/3] ovn: Add port_security proposal

Russell Bryant russell at ovn.org
Thu Jan 28 15:44:07 UTC 2016


On 01/28/2016 10:11 AM, Numan Siddique wrote:
> On 01/28/2016 08:04 PM, Russell Bryant wrote:
>> You raised another thread about the proposed syntax here:
>>
>> http://openvswitch.org/pipermail/dev/2016-January/064921.html
>>
>> Let's make sure we agree on that before proceeding.  In that thread, Han
>> suggested:
>>
>>> I would suggest to have the format ["MAC1 IP1-1 IP1-2 IP1-3 ...", "MAC2
>>> IP2-1 IP2-2 ...", ...] for both "port_security" and "addresses" columns.
>> That mostly follows this proposal and means another patch is needed to
>> change 'addresses'.  That's not exactly backwards compatible, but I
>> don't think that's a problem.
>>
>> In this port_security documentation, it seems to suggest that this form
>> is also allowed:
>>
>> 1)
>>     ["MAC1 MAC2 MAC3 IP1 IP2 IP3"]
>>
>> Is that intentional?  or should we require this instead which seems to
>> be what you and Han were discussing?
>>
>> 2)
>>     ["MAC1 IP1 IP2 IP3", "MAC2 IP1 IP2 IP3", "MAC3 IP1 IP2 IP3"]
>>
>> The other alternative is to adopt how the addresses column works today,
>> and require:
>>
>> 3)
>>     ["MAC1 IP1", "MAC1 IP2", "MAC1 IP3",
>>      "MAC2 IP1", "MAC2 IP2", "MAC2 IP3",
>>      "MAC3 IP1", "MAC3 IP2", "MAC3 IP3"]
>>
>>
>> The thing I care about most is consistency.  I think option #1 is the
>> least clear.  Option #3 is nicely explicit, but more verbose.  #2 seems
>> like a compromise on clarity and verbosity.
>>
>> My suggestion would be to adopt #2 and update this documentation to
>> reflect that.  It seems that #2 is actually what you have implemented in
>> this series.
>>
> 
> Thanks Russel for the comments. Yes, I assumed #2. I will update the documentation.
> Is your suggestion (#2) for both port security and addresses or just for port security ?

I suggest that whatever we adopt here, we make 'addresses' consistent
with it, so it would be for both.  The change to 'addresses' can be done
in another patch series, though.

-- 
Russell Bryant



More information about the dev mailing list