Sounds like you will have to redesign your topology. If these two virtual machines are behind different ports you could match on the in_port if you'd like. Otherwise, you're basically describing a fundamental property of networking. If on one network you have two hosts with the same L3 and L2 headers, you can't differentiate them.
Ethan On Thu, Jul 19, 2012 at 6:27 PM, YIMIN CHEN <[email protected]> wrote: > Hi, > > I have a question about using action=NORMAL to do L2 switching. I just > realize if I use NORMAL to do switching with vlan, say, with VM connected in > access mode, I can no longer use dl_vlan to check vlan id in the packet, as > when pkt exits from NORMAL action, it does not have a vlan tag with access > mode. > > In this case, if I have two VMs of same IP in two vlans, and I want to limit > traffic to port 80 of one of them. I can not think of a way to write a flow > entry to achieve this: > > dl_vlan=1, nw_dst=10.0.0.1,tp_dst=80,actions=NORMAL. > > Here dl_vlan=1 is not valid, as vlan id is not in the pkt. > > Is my understanding correct? Basically if I have vlans, I can't really > create flow entries based on L3, if I use NORMAL for L2? > > > Thanks! > Yimin > > _______________________________________________ > discuss mailing list > [email protected] > http://openvswitch.org/mailman/listinfo/discuss > _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
