[ovs-discuss] How to filter tagged frames in bridge?
Matthias May
matthias.may at neratec.com
Thu Aug 8 12:51:57 UTC 2019
On 08/08/2019 13:43, Felipe Arturo Polanco wrote:
> The hypervisor is the one that adds the ports to the switch I specify.
>
> Is there a way to limit vlan tags being delivered to a fake bridge perhaps? I only want untagged traffic in the fake
> bridge.
>
>
> On Wed, Aug 7, 2019, 2:52 AM Matthias May via discuss <ovs-discuss at openvswitch.org <mailto:ovs-discuss at openvswitch.org>>
> wrote:
>
> On 06/08/2019 17:12, Felipe Arturo Polanco wrote:
> > Hello,
> >
> > This is for a hosting environment where we are using OVS bridges with KVM.
> >
> > I have two interfaces bonded together with LACP and allowing two vlans.
> > VLAN 500 public and vlan 400 private.
> > The native vlan for this trunk port is Vlan 500*
> >
> > I need to find a way to limit trunk access on the VMs when they are
> > connected to my bridge.
> > If I add a tap0 interface to ovsbr0, I can see tagged traffic which is not good.
> >
> > I was thinking about adding a second bridge and connect both of them
> > using a patch port but I still need to find a way to filter tagged
> > frames and only allow untagged traffic on the second bridge.
> >
> > Any ideas how can this be done?
> >
> > Thanks,
> > _______________________________________________
> > discuss mailing list
> > discuss at openvswitch.org <mailto:discuss at openvswitch.org>
> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
> >
>
> When you add the port, set
> vlan_mode=access
> tag=500
>
> BR
> Matthias
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org <mailto:discuss at openvswitch.org>
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
I highly suggest you read the documentation regarding vlan_mode, tag and trunk.
My answer is still to set the vlan_mode to access and set the tag.
It doesn't matter if the hypervisor adds the port or someone else.
You can set a config for a port even if it is not yet part of a bridge.
BR
Matthias
More information about the discuss
mailing list