[ovs-discuss] "protected mode" for openvswitch ports (layer 2 forwarding) ?
Ben Kelly
ben at benjii.net
Wed Oct 26 09:45:48 UTC 2016
Hi,
I've been searching for ways to implement something like "protected
mode" for ovs without much luck so far. Hoping someone on the discuss
mailing list might have some suggestions.
Protected mode is available on some broadcom switch ASIC, and cisco
switches also have this as a configurable option
(http://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/multibook/configuration_guide/b_consolidated_config_guide_3850_chapter_011101.html).
Basically, I would like to nominate a set of ports in my ovs bridge to
have layer 2 forwarding between them disabled. A "protected" port will
not forward frames to another protected port, however forwarding
occurs as normal between protected <-> non-protected ports and
vice-versa.
My underlying requirement is that I need to use OpenvSwitch for 802.1q
and associate layer 3 addressing with internal ovs ports, however I'd
like to disable layer 2 forwarding between physical ports.
I've looked at things such as "ovs-ofctl mod-port [phys port] noflood"
etc. but this seems to be an all-or-nothing approach with regards to
forwarding between ports.
I'd appreciate any suggestions!
Cheers,
Ben
More information about the discuss
mailing list