[ovs-discuss] 'DROP' functionality of ebtables using OpenVSwitch

Kaushal Shubhank kshubhank at gmail.com
Fri Apr 6 09:57:35 UTC 2012


Hello,

I was reading about OpenVSwitch and really appreciated the concept. I am a
newbie and do not have a good understanding of OVS yet. I installed OVS and
and I was able to create a bridge reading the instructions.

I read that ebtables is useless in case of OVS and ovs-ofctl can do things
similar to ebtables.

I want to filter packets for port 80 http traffic only. For this when I was
using ebtables operating on a Linux bridge. But with ovs I was able to add
flow but I am not sure on how to get the *ebtables -j DROP* type
functionality using OVS.

The commands which I used with ovs-ofctl ware as follow:
*
*
*ovs-ofctl add-flow br0 "in_port=ANY out_port=ANY action=NORMAL" # for my
bridge traffic*
*ovs-ofctl add-flow br0 "in_port=1 tcp, tp_src=80 action=NORMAL"*
*ovs-ofctl add-flow br0 "in_port=2 tcp, tp_dst=80 action=NORMAL"*

I also tried using action=LOCAL but then I was not able to use port 80
traffic below the bridge.

Any help on this will be appreciated. If there is some documentation out
there with examples for a similar case kindly redirect me to it.

PS: I have no VMs in my system and I was wondering whether I can use
the capabilities of OVS bridge which is transparent to VLAN trunk where I
can filter port 80 traffic from different VLAN.

{Router, Gateway}
         | |
         | |
         | |{VLAN TRUNK}
         {OVS- BRIDGE}
         | |
         | |
         | |{Local Network}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20120406/f6b1883c/attachment.html>


More information about the discuss mailing list