Hi Reid, Thank you for your clarification! Another related question I have might be better asking in this thread. Should NORMAL action always be the last action? Can I have something like "action=NORMAL,goto table2", where table2 contains egress flow entries? I am not sure whether after NORMAL action is done, whether packet is already forwarded and goto table2 will not have no packet to deal with.
Thanks! Yimin On Fri, Jul 13, 2012 at 9:19 AM, Reid Price <[email protected]> wrote: > Hi Yimin, > > The behavior you describe would emerge from the flows you choose to > utilize, and may not necessarily be a single modification. One way to > think about this is as a side effect of the flow table being processed a > single time. Since the matching only occurs on the packet entering > the switch (rather than leaving it), actions which filter based upon > in_port are usually trivial. There is no native correspondence for output > actions, though it often straightforward to do so. In this case, you are > relying upon the normal action for forwarding decisions, which spans > the entire bridge. This probably will not offer you enough granularity to > do what you desire, since AFAIK, you can't say > > priority=100, tp_dst=80, action=NORMAL(all ports) > priority=50, action=NORMAL(all ports except port 3) > > Hope this clarifies. > > -Reid > > On Thu, Jul 12, 2012 at 5:56 PM, YIMIN CHEN <[email protected]> wrote: >> >> Hi, >> >> I am experimenting with OVS 1.4.2, using openflow entries to control >> traffic b/w VMs. VM1 (11.1.1.4) and VM2 (11.1.1.5) connected to OVS >> via tap0 (openflow port 2) and tap1 (of port 3). >> >> I am a little confused about how to specify an inbound rule. How can I >> specify an openflow entry for VM2 saying allowing incoming pkts to VM2 >> only allowed on tcp port 80, but not others? >> "in_port=3,tp_dst=80,action=normal" will work? To me, it sounds like >> saying "If VM2 send a pkt to port 80, allow it", instead of "if VM2 >> receives a pkt to port 80, allow it". I am a little confused. >> >> Could anyone please clarify for me? >> >> Thanks! >> Yimin >> _______________________________________________ >> discuss mailing list >> [email protected] >> http://openvswitch.org/mailman/listinfo/discuss > > _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
