[ovs-discuss] action=normal vs. dl_vlan question

[Ben Pfaff]

On Fri, Jul 20, 2012 at 09:27:00AM +0800, YIMIN CHEN wrote:
> I have a question about using action=NORMAL to do L2 switching. I just
> realize if I use NORMAL to do switching with vlan, say, with VM connected
> in access mode, I can no longer use dl_vlan to check vlan id in the packet,
> as when pkt exits from NORMAL action, it does not have a vlan tag with
> access mode.
> 
> In this case, if I have two VMs of same IP in two vlans, and I want to
> limit traffic to port 80 of one of them. I can not think of a way to write
> a flow entry to achieve this:
> 
> dl_vlan=1, nw_dst=10.0.0.1,tp_dst=80,actions=NORMAL.
> 
> Here dl_vlan=1 is not valid, as vlan id is not in the pkt.
> 
> Is my understanding correct? Basically if I have vlans, I can't really
> create flow entries based on L3, if I use NORMAL for L2?

Did you read the FAQ?

Q: My OpenFlow controller doesn't see the VLANs that I expect.

A: The configuration for VLANs in the Open vSwitch database (e.g. via
   ovs-vsctl) only affects traffic that goes through Open vSwitch's
   implementation of the OpenFlow "normal switching" action.  By
   default, when Open vSwitch isn't connected to a controller and
   nothing has been manually configured in the flow table, all traffic
   goes through the "normal switching" action.  But, if you set up
   OpenFlow flows on your own, through a controller or using ovs-ofctl
   or through other means, then you have to implement VLAN handling
   yourself.

   You can use "normal switching" as a component of your OpenFlow
   actions, e.g. by putting "normal" into the lists of actions on
   ovs-ofctl or by outputting to OFPP_NORMAL from an OpenFlow
   controller.  This will only be suitable for some situations,
   though.