[ovs-discuss] [ovn4nfv]

John McDowall jmcdowall at paloaltonetworks.com
Wed May 18 22:55:38 UTC 2016


Murali,

So yes this can be implemented in OVN fairly simply.

However I must be missing something fundamental as this looks almost exactly like the current ACL schema with the addition of a label, useful for deleting flows. Are you thinking about adding custom match/action fields. If so then problem becomes hard as (I think ) they need to exist in OVS. For example in mobile using GTP, OVS would have to understand the GTP protocol, for custom actions not quite sure what needs to be done. So if the real issue is adding custom match/actions I need to defer to the core OVS team.

Am I understanding this correctly?

Regards

John

From: Murali R <muralirdev at gmail.com<mailto:muralirdev at gmail.com>>
Date: Tuesday, May 17, 2016 at 12:02 PM
To: John McDowall <jmcdowall at paloaltonetworks.com<mailto:jmcdowall at paloaltonetworks.com>>
Cc: Muralidharan Rangachari <Muralidharan.Rangachari at huawei.com<mailto:Muralidharan.Rangachari at huawei.com>>, Russell Bryant <russell at ovn.org<mailto:russell at ovn.org>>, "discuss at openvswitch.org<mailto:discuss at openvswitch.org>" <discuss at openvswitch.org<mailto:discuss at openvswitch.org>>
Subject: Re: [ovs-discuss] [ovn4nfv]

John/Russell

Please provide feedback on the schema as well as few questions listed below. You guys are aware of current code base and want to know if something like this can be implemented or if there is any design constraint/contradictions.

       "Custom_Lflows": {
            "columns": {
                "flow_id": {"type": "string"},
                "priority": {"type": {"key": {"type": "integer",
                                              "minInteger": 0,
                                              "maxInteger": 32767}}},
                "direction": {"type": {"key": {"type": "string",
                                            "enum": ["set", ["from-lport", "to-lport"]]}}},
                "match": {"type": "string"},
                "action": {"type": "string"},
                "log": {"type": "boolean"},
                "external_ids": {
                    "type": {"key": "string", "value": "string",
                             "min": 0, "max": "unlimited"}}},
            "isRoot": false},


Logical flow commands:\n\
  lflow-add LSWITCH DIRECTION PRIORITY MATCH ACTION FLOWID\n\
                            add a logical flow identified by FLOWID
  lflow-del LSWITCH FLOWID  delete a logical flow identified by FLOWID


1. Do we need to have key-value pairs for better usability for match string & action string?

2. Can we currently get mpls tag compared in logical flow or need additional work? I read in an email Russel had it working in some form so guess would work.

3. Can we use connection tracker in another flow table after acl or are there any restrictions? The idea is to re-attach a geneve header to an egress flow within a switch.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20160518/f56361f6/attachment-0002.html>


More information about the discuss mailing list