[ovs-discuss] Overlapping rules with identical actions

Ben Pfaff blp at nicira.com
Wed Sep 5 16:55:22 UTC 2012


On Wed, Sep 05, 2012 at 12:37:27PM -0400, Bithika Khargharia wrote:
> On Wed, Sep 5, 2012 at 12:17 PM, Ben Pfaff <blp at nicira.com> wrote:
> 
> > On Wed, Sep 05, 2012 at 12:16:59PM -0400, Bithika Khargharia wrote:
> > > Thank you Ben.
> > >
> > > I am trying to figure out what happens in the following scenario.
> > >
> > > OVERLAP flag is not set. Rule 1 has been installed that has an idle
> > timeout
> > > value. Before Rule 1 has expired, an overlapping Rule 2 (same priority,
> > > same idle timeout) came in.
> >
> > Overlapping or identical?
> 
> 
> Sorry looks like I was not clear on the definitions. I thought overlapping
> and identical are the same.

No.

Here is an example of overlapping rules:

        - Rule 1, with priority 1234, matches all IP packets.

        - Rule 2, with priority 1234, matches all TCP packets.

because all TCP packets are also IP packets.

> Consider this example. These are identical then?

Your rules are identical.

> So, if Controller sent RULE 2 before RULE 1 expired, RULE 2 will
> replace RULE 1?

Yes.

> *RULE 1:* ADD
> priority=0,in_port=21,vlan_tci=0x0000,dl_src=00:24:e8:cc:f9:ca,dl_dst=00:14:d1:1b:94:21
> cookie:0x20000000000000 idle:5 flags:0x1 actions=output:23
> 
> 
>  *RULE 2:* ADD
> priority=0,in_port=21,vlan_tci=0x0000,dl_src=00:24:e8:cc:f9:ca,dl_dst=00:14:d1:1b:94:21
> cookie:0x20000000000000 idle:5 flags:0x1 actions=output:23
> 
> 
> > If they are identical, rule 2 replaces rule
> > 1.  If they merely overlap, both will be present, but which one
> > actually processes matching packets is unpredictable.
> >



More information about the discuss mailing list