[ovs-discuss] OVN

Yu-han Lin guesslin at glasnostic.com
Tue Nov 17 08:57:50 UTC 2020


Folks,

I'm using the a k8s CNI based on the OVN architectural, and I tried to add
a filter between all ports, like:

      Client <======> Filter <======> Server

so the filter can intercept the traffic between the client/server in this
scenario.
I did add couples of OpenFlow rules to intercept traffic between virtual
ports, like:

      function add_flow() {
            local filter=$1;
            local actions=$2;
            ovs-ofctl --strict --name add-flow $vswitch "$filter $actions";
      }
      add_flow "table=18,priority=50,metadata=0x3,ip,reg14=$filter_nic_idx"
   "actions=resubmit(,19)";
      add_flow "table=64,priority=50,metadata=0x3,reg14=$filter_nic_idx"
    "actions=resubmit(,65)";
      add_flow "table=64,priority=50,metadata=0x3,arp"
    "actions=resubmit(,65)";

These rules work well for the internal virtual ports, but I encounter a
problem, the external traffic becomes unstable.

Do folks have any suggestions?
-- 
Best,
Yu-Han Lin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20201117/51032d67/attachment-0001.html>


More information about the discuss mailing list