[ovs-dev] [PATCH ovn] controller: set vlan-limit=0
Ben Pfaff
blp at ovn.org
Fri Jul 2 20:39:10 UTC 2021
On Wed, Jun 23, 2021 at 08:35:19PM -0400, Ihar Hrachyshka wrote:
> This allows L3+ ACLs to match against double tagged vlan traffic on
> vlan-passthru switches.
>
> The default in OVS is vlan-limit=1 for backwards compatibility. This
> means packets are not "parsed" deeper than one tag level.
>
> This patch sets it to 0, which means "parse as deep as OVS supports".
> Right now it's effectively the same as setting it to "2", which is the
> maximum number of tag levels that OVS supports right now.
>
> It is already set to 2 in puppet-vswitch that is used in some OpenStack
> distributions:
>
> https://opendev.org/openstack/puppet-vswitch/commit/14011d69c18e628a3466fa71db25cefb7adff425
>
> Signed-off-by: Ihar Hrachyshka <ihrachys at redhat.com>
Thanks! This is a good idea, I think.
I think that the following is going to always submit a transaction to
update vlan-limit, even if it's already correct. That's going to be
wasteful. I think it would be better to check whether it's already set
to 0:
> + /* Enable ACL matching for double tagged traffic. */
> + if (ovs_idl_txn) {
> + const struct ovsrec_open_vswitch *cfg =
> + ovsrec_open_vswitch_table_first(ovs_table);
> + ovsrec_open_vswitch_update_other_config_setkey(
> + cfg, "vlan-limit", "0");
> + }
More information about the dev
mailing list