Thanks Ben, I'm considering going down the patch route - though I must admit I haven't had a lot of experience with OVS. To steer in the right direction, where would a feature like this be configured/manipulated? in ovs-vsctl? ovs-ofctl has a mod-port command, but I'm not really aware of port specific configuration in ovs-vsctl? Should I be asking this on the dev mailing list instead?
Cheers, Ben On Thu, Oct 27, 2016 at 1:09 AM, Ben Pfaff <b...@ovn.org> wrote: > On Wed, Oct 26, 2016 at 12:45:48PM +0300, Ben Kelly wrote: >> Hi, >> >> I've been searching for ways to implement something like "protected >> mode" for ovs without much luck so far. Hoping someone on the discuss >> mailing list might have some suggestions. >> >> Protected mode is available on some broadcom switch ASIC, and cisco >> switches also have this as a configurable option >> (http://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/multibook/configuration_guide/b_consolidated_config_guide_3850_chapter_011101.html). >> >> Basically, I would like to nominate a set of ports in my ovs bridge to >> have layer 2 forwarding between them disabled. A "protected" port will >> not forward frames to another protected port, however forwarding >> occurs as normal between protected <-> non-protected ports and >> vice-versa. >> >> My underlying requirement is that I need to use OpenvSwitch for 802.1q >> and associate layer 3 addressing with internal ovs ports, however I'd >> like to disable layer 2 forwarding between physical ports. >> >> I've looked at things such as "ovs-ofctl mod-port [phys port] noflood" >> etc. but this seems to be an all-or-nothing approach with regards to >> forwarding between ports. >> >> I'd appreciate any suggestions! > > You could implement this with an OpenFlow controller. > > You could submit patches to add such a feature to base OVS. _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss