[ovs-dev] [PATCH 1/1] netdev-vport: reject concomitant incompatible tunnels
Eelco Chaudron
echaudro at redhat.com
Mon Jul 10 08:19:49 UTC 2017
On 07/07/2017 08:32 PM, Ben Pfaff wrote:
> On Fri, Jun 09, 2017 at 11:09:08AM +0200, Eelco Chaudron wrote:
>> This is a follow up patch for an earlier patch send by Cascardo,
>> however I think this patch might not be needed...
>>
>> This patch will make sure VXLAN tunnels with and without the group
>> based policy (gbp) option enabled can not coexist on the same
>> destination udp port.
>>
>> However the interface ports for VXLAN have to be unique on the same
>> destination port, i.e. they need a different VNI. Looking at the
>> datapath code (only Linux seems to support this), this is not a
>> problem for the ingress/egress path. For egress based on the
>> configuration the correct header is build. For ingress, if gbp is not
>> configured and a gbp VXLAN is received the packet is dropped. If gbp
>> is enabled and a non gbp packet is received its accepted (meaning
>> default group policy as per the draft rfc).
>>
>> Can some one that worked more in depth on the VXLAN side confirm this
>> patch can be tossed in the bin? If I missed some specific
>> configuration / use case why it is needed, please review the patch.
>>
>> Signed-off-by: Eelco Chaudron <echaudro at redhat.com>
> I've read this commit message a few times and I'm still not confident
> that I understand. Let me restate it and you can correct me if I'm
> wrong. I *think* that you are saying that the Linux datapath handles
> GBP and non-GBP tunnels that are otherwise the same in a sensible way,
> so that there is no need to add code to reject them. Is that right?
>
> Thanks,
>
> Ben.
Hi Ben,
Yes your summary is correct! I was just wondering if I missed something
that does require this fix to be added.
Cheers,
Eelco
More information about the dev
mailing list