[ovs-git] [openvswitch/ovs] 795d7f: OVN: Enable E-W Traffic, Vlan backed DVR
noreply at github.com
Fri Jul 5 18:08:06 UTC 2019
Author: Ankur Sharma <ankur.sharma at nutanix.com>
Date: 2019-07-05 (Fri, 05 Jul 2019)
OVN: Enable E-W Traffic, Vlan backed DVR
Key difference between an overlay logical switch and
vlan backed logical switch is that for vlan logical switches
packets are not encapsulated.
Hence, if a distributed router port is connected to vlan backed
logical switch, then router port mac as source mac could be
seen from multiple hypervisors. Same <mac,vlan> pairs coming
from multiple ports from a top of the rack switch (TOR) perspective
could be seen as a security threat and it could send alarms, drop
the packets or block the ports etc.
This patch addresses the same by introducing the concept of chassis mac.
A chassis mac is CMS provisioned unique mac per chassis. For any routed packet
(i.e source mac is router port mac) going on the wire on a vlan type
logical switch, we will replace its source mac with chassis mac.
This replacing of source mac with chassis mac will happen in table=65
of the logical switch datapath. A flow is added at priority 150, which
matches the source mac and replaces it with chassis mac if the value
is a router port mac.
cookie=0x0, duration=67765.830s, table=65, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534, priority=150,reg15=0x1,metadata=0x4,
Here, 00:00:01:01:02:03 is router port mac and aa:bb:cc:dd:ee:ff
is chassis mac.
Acked-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Ankur Sharma <ankur.sharma at nutanix.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
More information about the git