[ovs-discuss] "protected mode" for openvswitch ports (layer 2 forwarding) ?
Ben Pfaff
blp at ovn.org
Wed Oct 26 22:09:42 UTC 2016
On Wed, Oct 26, 2016 at 12:45:48PM +0300, Ben Kelly wrote:
> Hi,
>
> I've been searching for ways to implement something like "protected
> mode" for ovs without much luck so far. Hoping someone on the discuss
> mailing list might have some suggestions.
>
> Protected mode is available on some broadcom switch ASIC, and cisco
> switches also have this as a configurable option
> (http://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/multibook/configuration_guide/b_consolidated_config_guide_3850_chapter_011101.html).
>
> Basically, I would like to nominate a set of ports in my ovs bridge to
> have layer 2 forwarding between them disabled. A "protected" port will
> not forward frames to another protected port, however forwarding
> occurs as normal between protected <-> non-protected ports and
> vice-versa.
>
> My underlying requirement is that I need to use OpenvSwitch for 802.1q
> and associate layer 3 addressing with internal ovs ports, however I'd
> like to disable layer 2 forwarding between physical ports.
>
> I've looked at things such as "ovs-ofctl mod-port [phys port] noflood"
> etc. but this seems to be an all-or-nothing approach with regards to
> forwarding between ports.
>
> I'd appreciate any suggestions!
You could implement this with an OpenFlow controller.
You could submit patches to add such a feature to base OVS.
More information about the discuss
mailing list