[ovs-discuss] Traffic Isolation with OVS

Joo Yong-Seok joo.yongseok at gmail.com
Wed Aug 30 16:29:29 UTC 2017


Not sure whether I understand your intention properly, but it sounds like
routing rather than switching.

If you want, you can enable routing on OVS - Routing is nothing but
changing DMAC and sending the packet to right egress port (or hand-over
pkts to bridge/switch) after looking up routing table.

Best regards,

On Wed, Aug 30, 2017 at 5:27 AM, Gibran Gibran <coldd.hott at yahoo.com> wrote:

> Thank you Joo, this is a really good starting point to try out.
>
> Let's me pose a more challenging scenario since you solved this one quick
> :)
>
> Assuming I have two bridges, br-in, and br-ex, and the VM guest supports
> only VLAN tagging, is it somehow possible on KVM to steer traffic to
> br-in or br-ex depending on the VLAN tag?  I realize this is more of KVM
> question, but I am hoping you or someone on the list knows something about
> it.
>
>                                 VM Guest
>                                     ||
>                                    /  \
>                                  /     \
>                             V10      V20
>                               /          \
>                          br-ex          br-in
>                             /               \
>                         eth0            eth1
>
> Thank you,
>
> Gibran
>
>
>
> ------------------------------
> *From:* Joo Yong-Seok <joo.yongseok at gmail.com>
> *To:* N F <knight_leb at yahoo.com>
> *Cc:* "ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
> *Sent:* Tuesday, August 29, 2017 7:55 PM
> *Subject:* Re: [ovs-discuss] Traffic Isolation with OVS
>
> How about this?
>
> ovs-vsctl set port eth0 tag=100 vlan_mode=native-untagged
> ovs-vsctl set port eth1 tag=200 vlan_mode=native-untagged
>
> eth0 and eth1 is on br0.
>
> Best regards,
>
> On Tue, Aug 29, 2017 at 4:27 PM, N F via discuss <
> ovs-discuss at openvswitch.org> wrote:
>
> Greetings all,
>
> I have a little challenge and I can't seem to work around it,  I am
> certain it's my limited OVS skills.
>
> Assuming I have a single bridge with two interfaces, eth0 and eth1, and
> assuming I have a VM guest with two VLANs 100 and 200.  Is it possible to
> pin VLAN100 to eth0 and VLAN200 to eth1?
>
> My challenge is I can't have more than one OVS bridge, the bridge must
> steer the traffic based on the VM's interface or VLAN.
>
> Ideally, I would love to have separate broadcast domains for a set of
> VLANs, or a concept like VRF.
>
> Any suggestions?
>
> Thank you,
>
> Gibran
>
> ______________________________ _________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/ mailman/listinfo/ovs-discuss
> <https://mail.openvswitch.org/mailman/listinfo/ovs-discuss>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170830/d5f8c70f/attachment-0001.html>


More information about the discuss mailing list