[ovs-dev] [PATCH v12] OVN: Enable E-W Traffic, Vlan backed DVR

Ben Pfaff blp at ovn.org
Fri Jul 5 18:08:21 UTC 2019


On Thu, Jun 20, 2019 at 01:36:46AM +0000, Ankur Sharma wrote:
> Background:
> [1] https://mail.openvswitch.org/pipermail/ovs-dev/2018-October/353066.html
> [2] https://docs.google.com/document/d/1uoQH478wM1OZ16HrxzbOUvk5LvFnfNEWbkPT6Zmm9OU/edit?usp=sharing
> 
> Key difference between an overlay logical switch and
> vlan backed logical switch is that for vlan logical switches
> packets are not encapsulated.
> 
> Hence, if a distributed router port is connected to vlan backed
> logical switch, then router port mac as source mac could be
> seen from multiple hypervisors. Same <mac,vlan> pairs coming
> from multiple ports from a top of the rack switch (TOR) perspective
> could be seen as a security threat and it could send alarms, drop
> the packets or block the ports etc.
> 
> This patch addresses the same by introducing the concept of chassis mac.
> A chassis mac is CMS provisioned unique mac per chassis. For any routed packet
> (i.e source mac is router port mac) going on the wire on a vlan type
> logical switch, we will replace its source mac with chassis mac.

Thanks.  I made a few stylistic and documentation updates and applied
this to master.


More information about the dev mailing list