[ovs-dev] [PATCH v1 0/3] Policy-based routing

Mark Michelson mmichels at redhat.com
Wed Oct 24 15:08:57 UTC 2018 

Hi Mary, thanks for the patchset.

At the most basic level, it looks like the new Logical_Router_Policy 
table is nearly the same as the current ACL table. The differences are:

* ACL has a "direction" column
* ACL has a "log" column
* ACL has an "allow-related" action
* Logical_Router_Policy has a "name" column
* Logical_Router_Policy has a "nexthop" column
* Logical_Router_Policy has a "reroute" action

Seeing this makes me wonder why the approach was to create a new table 
instead of making modifications to the ACL table. Can you share the 
thought process that led to creating a new table? My thoughts on the 
matter are that ACLs are well established in OVN and reusing them offers 
some nice benefits.

Seeing the differences also makes me wonder why logical router policies 
only apply to ingress traffic. Is there a reason why we can't specify a 
direction like we do with logical switch ACLs?

And finally, the logging in ACLs is a nice feature and should also be in 
router policies.

On 10/22/2018 06:24 PM, Mary Manohar wrote:
> This patch series implements policy-based routing.
> Policy-based routing (PBR) provides a mechanism to configure permit/deny and reroute policies on the router.
> Permit/deny policies are similar to OVN ACLs, but exist on the logical-router.
> Reroute policies are needed for service-insertion and service-chaining.
> Currently, we support only stateless policies.
> 
> To achieve this, we introduced a new table in the ingress pipeline of the Logical-router.
> The new table is between the ‘IP Routing’ and the ‘ARP/ND resolution’ table.
> This way, PBR can override routing decisions and provide a different next-hop.
> 
> Mary Manohar (3):
>    [1/3]: Routing policies, add config in schema
>    [2/3] Routing policies, add routing-policies in ovn-nbctl
>    [3/3]: Routing policies, ovn-northd changes to handle routing policy
>      commands.
> 
>   ovn/northd/ovn-northd.c   | 144 ++++++++++++++++++++++++++++++++--
>   ovn/ovn-nb.ovsschema      |  20 ++++-
>   ovn/ovn-nb.xml            |  63 +++++++++++++++
>   ovn/utilities/ovn-nbctl.c | 196 ++++++++++++++++++++++++++++++++++++++++++++++
>   tests/ovn-nbctl.at        |  47 +++++++++++
>   5 files changed, 463 insertions(+), 7 deletions(-)
>

More information about the dev mailing list