[ovs-discuss] Other actions using learn rules?
Ben Pfaff
blp at ovn.org
Thu Sep 22 05:25:31 UTC 2016
On Wed, Sep 21, 2016 at 05:20:28PM -0700, Ray Li wrote:
> Is there anyway to specify other action types for a learn rule? For example
>
> learn(<criterion>,normal) or
> learn(<criterion>,resubmit(,10))
The FAQ says:
### Q: The "learn" action can't learn the action I want, can you improve it?
A: By itself, the "learn" action can only put two kinds of actions
into the flows that it creates: "load" and "output" actions. If
"learn" is used in isolation, these are severe limits.
However, "learn" is not meant to be used in isolation. It is a
primitive meant to be used together with other Open vSwitch
features to accomplish a task. Its existing features are enough to
accomplish most tasks.
Here is an outline of a typical pipeline structure that allows for
versatile behavior using "learn":
- Flows in table A contain a "learn" action, that populates flows
in table L, that use a "load" action to populate register R
with information about what was learned.
- Flows in table B contain two sequential resubmit actions: one
to table L and another one to table B+1.
- Flows in table B+1 match on register R and act differently
depending on what the flows in table L loaded into it.
This approach can be used to implement many "learn"-based features.
For example:
- Resubmit to a table selected based on learned information, e.g. see:
http://openvswitch.org/pipermail/discuss/2016-June/021694.html
- MAC learning in the middle of a pipeline, as described in
[Tutorial.md].
- TCP state based firewalling, by learning outgoing connections
based on SYN packets and matching them up with incoming
packets.
- At least some of the features described in T. A. Hoff,
"Extending Open vSwitch to Facilitate Creation of Stateful SDN
Applications".
More information about the discuss
mailing list