[ovs-discuss] Open vSwitch - Private VLANS (as per RFC5517)

Justin Pettit jpettit at nicira.com
Sun Apr 22 21:21:19 UTC 2012 

Hi, Giles.  There was some discussion about adding PVLAN support last month:

	http://openvswitch.org/pipermail/discuss/2012-March/006816.html

Based on later comments in the thread, it sounds like Benoît was putting that development on hold.  It would be great to have someone contribute an implementation.  I don't know of it being on anyone's immediate roadmap right now, though.

--Justin


On Apr 22, 2012, at 2:06 PM, Giles Coochey wrote:

> Hi All,
> 
> I don't normally join a mailing list and butt in with a question too early, but I have googled about and this project seems technically focused to closest one of the things that I am trying to achieve.
> I am looking for a (open-source) technology that implements the features that are found within Cisco's "Private VLANs", as described in RFC5517.
> Don't confuse this with ordinary VLANs, this requirement is for hosts to have isolated, community and promiscuous behaviour within the VLAN.
> I understand that, at the moment, this is not implemented in Open vSwitch, but I was wondering whether it is anywhere in the roadmap for development, and/or whether there are any other similar technologies that Open vSwitch might support.
> 
> My test environment is currently a single server running Virtualbox with virtual firewalls. Ideally I want to be able to give each host in the environment two interfaces, one for management and the other for production traffic. I don't want to have to set any perpetual or static routes on the hosts themselves and I don't want them to be able to communicate with each other over the management network. I do want the management network (and in the future, possibly a storage network) to be able to communicate with each host. Hence the need for some Layer-2 filtering, which in the physical world I think I would achieve with "PVLANS - Private VLANs".
> 
> Any comments on this would be appreciated?
> 
> I'm not a developer, otherwise I would try to implement this myself, and this would be the project I'd try to get the code into.
> 
> -- 
> Best Regards,
> 
> Giles Coochey
> NetSecSpec Ltd
> UK Mobile: +44 7983 877 438
> Business Email: giles.coochey at netsecspec.co.uk
> Email/MSN/Live Messenger: giles at coochey.net
> Skype: gilescoochey
> 
> 
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss

More information about the discuss mailing list