On 3/13/12 3:18 PM, Ben Pfaff wrote:
Here's what I have in mind. Presumably you are working with some kind
of hypervisor or CMS or whatever that has a database of VMs. That
database would normally include the MAC address that the VM "owns";
perhaps it also includes an IP address.
Now suppose that your controller knows how to talk to the database of
VMs as well as to an OpenFlow switch and to OVSDB. When a new port
appears through OpenFlow, the controller figures out which VM it is
associated with (via the "external-ids" in the OVSDB row for the
interface), looks it up in the database of VMs, and sets up the proper
ACLs via OpenFlow to allow the VM to talk on its own MAC (and possibly
IP) but not on others.
Does that make sense?
Yep, makes sense.
I was just missing how the controller could get which VM is connected to
that port and querying the OVSDB solves that.
Thanks Ben !
_______________________________________________
discuss mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/discuss
