[ovs-dev] [PATCH 1/1] netdev-vport: reject concomitant incompatible tunnels
Ben Pfaff
blp at ovn.org
Fri Jul 7 18:32:07 UTC 2017
On Fri, Jun 09, 2017 at 11:09:08AM +0200, Eelco Chaudron wrote:
> This is a follow up patch for an earlier patch send by Cascardo,
> however I think this patch might not be needed...
>
> This patch will make sure VXLAN tunnels with and without the group
> based policy (gbp) option enabled can not coexist on the same
> destination udp port.
>
> However the interface ports for VXLAN have to be unique on the same
> destination port, i.e. they need a different VNI. Looking at the
> datapath code (only Linux seems to support this), this is not a
> problem for the ingress/egress path. For egress based on the
> configuration the correct header is build. For ingress, if gbp is not
> configured and a gbp VXLAN is received the packet is dropped. If gbp
> is enabled and a non gbp packet is received its accepted (meaning
> default group policy as per the draft rfc).
>
> Can some one that worked more in depth on the VXLAN side confirm this
> patch can be tossed in the bin? If I missed some specific
> configuration / use case why it is needed, please review the patch.
>
> Signed-off-by: Eelco Chaudron <echaudro at redhat.com>
I've read this commit message a few times and I'm still not confident
that I understand. Let me restate it and you can correct me if I'm
wrong. I *think* that you are saying that the Linux datapath handles
GBP and non-GBP tunnels that are otherwise the same in a sensible way,
so that there is no need to add code to reject them. Is that right?
Thanks,
Ben.
More information about the dev
mailing list