[ovs-discuss] [ovn] should allow-related action apply to packets destined to logical router?

Flavio Fernandes flavio at flaviof.com
Thu May 7 18:39:28 UTC 2020


Hi OVN gurus,

A few months back, I wrote a little blog covering ovsdbapp [2] as an alternative
to do what Russell wrote in an old gist with shell commands [1].

Going back to that last week, I noticed a change in behavior. The rule for
allow-related action does not seem to conntrack packets to the logical router.
In order to make it work, I needed to add explicit rules [3].

Is this a known/expected behavior? I can try a bisect to see when the behavior
changed, but thought of asking first.

Thanks,

-- flaviof

[1] https://gist.github.com/russellb/4ab0a9641f12f8ac66fdd6822ee7789e <https://gist.github.com/russellb/4ab0a9641f12f8ac66fdd6822ee7789e> russellb/ovn-test-icmp-reproducer.sh
[2] https://github.com/flavio-fernandes/ovsdbapp_playground/blob/a9e780ce7ad57215b2200eba14c515482be84d63/scripts/step2_create_logical_ports.py <https://github.com/flavio-fernandes/ovsdbapp_playground/blob/a9e780ce7ad57215b2200eba14c515482be84d63/scripts/step2_create_logical_ports.py> russellb's equivalent in ovsdbapp
[3] https://github.com/flavio-fernandes/ovsdbapp_playground/commit/a9e780ce7ad57215b2200eba14c515482be84d63 <https://github.com/flavio-fernandes/ovsdbapp_playground/commit/a9e780ce7ad57215b2200eba14c515482be84d63> acl rules changes to make 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20200507/31bbd73c/attachment.html>


More information about the discuss mailing list