On Tue, Nov 1, 2016 at 1:05 PM, John McDowall < jmcdow...@paloaltonetworks.com> wrote:
> So we would have something like: > > > > $ ovn-nbctl acl-add sw0 to-lport 1003 'outport == "sw0-port1" && ip' > sfc-action sfc-stage external_ids:lsp_chain_id=”chain-id” > > > > The chain-id would be passed as metadata with the packet to the > ls_in_chain stage where it would be processed according to the current > state of its in/out ports in the chain. > > > > Where sfc is the stage and the action – would the SFC ACL Table have any > other action other than SFC? It seems a little redundant – not sure if > there is a better way though. > > Right. If I understood correctly, the sfc-stage is optional and may be something we may add later on to ACLs. For now, having it all in a sigle stage will not invalidate that effort. Using the example comand, my main 'focus' is actually in regards to what else goes as external_ids. I can see that besides 'lsp_chain_id', we will need 'last_hop_port', and possibly 'bidirectional'. Sounds right? I will send an email with a proposed schema+xml on this shortly. -- flaviof > > Regards > > > > John > > > > > > > > *From: *Flaviof <fla...@flaviof.com> > *Date: *Tuesday, November 1, 2016 at 6:53 AM > *To: *Russell Bryant <russ...@ovn.org> > *Cc: *discuss <discuss@openvswitch.org>, John McDowall < > jmcdow...@paloaltonetworks.com>, Russell Bryant <russ...@russellbryant.net>, > Farhad Sunavala <farhad.sunav...@huawei.com> > *Subject: *Re: [ovs-discuss] OVN SFC: Changes to include ACL based > classifiers > > > > > > > > On Tue, Nov 1, 2016 at 8:55 AM, Russell Bryant <russ...@ovn.org> wrote: > > > > > > On Tue, Nov 1, 2016 at 11:09 AM, Flaviof <fla...@flaviof.com> wrote: > > [cc: John, Louis, Farhad, Russell] > > > > Hi folks, > > > > Picking up from where we left off at the summit [1], I took > > a stab at the nb schema changes to represent what I > > understood Russell and others saying on how we could > > use a secondary table of ACLs to serve as the SFC > > classifiers: [2]. > > > > What I had in mind was proceeding with a proposal like this one where we > change ACLs to have multiple stages. This patch proposed two, but I think > we later talked about extending it to have more (8 perhaps?). > > > > http://openvswitch.org/pipermail/dev/2016-July/076674.html > <https://urldefense.proofpoint.com/v2/url?u=http-3A__openvswitch.org_pipermail_dev_2016-2DJuly_076674.html&d=DQMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=vZ6VUDaavDpfOdPQrz1ED54jEjvAE36A8TVJroVlrOQ&m=Qcx3nInKFEOSnlKXJtFFNQKK58goOQs1a4EpsKii8Oo&s=wvhP2oSBZFyV_nQ-c2XcdksW3_eCKb3VJmtXZ9WEhrk&e=> > > > > Then if SFC was an ACL action, you could put it in any stage of ACLs you > want, with other things before or after as desired. > > > > > > I see. I like that! Let me better understand the code changes from that > > email. > > > > Thanks, > > > > -- flaviof > > > > > > Does it look right to you? If so, I will start making the > > changes to incorporate that and obsolete the classifier based > > code [3]. I'm not sure if I will be able to migrate to this new > > table in time for the talk at OVSCon [4], but I will try. > > > > Thanks, > > > > -- flaviof > > > > [1]: https://etherpad.openstack.org/p/r.f7cebb215b63ae657d91a28ab0da42bf > <https://urldefense.proofpoint.com/v2/url?u=https-3A__etherpad.openstack.org_p_networking-2Dovn-2Docata-2Dsummit&d=DQMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=vZ6VUDaavDpfOdPQrz1ED54jEjvAE36A8TVJroVlrOQ&m=Qcx3nInKFEOSnlKXJtFFNQKK58goOQs1a4EpsKii8Oo&s=L2np7u37seRJXk1u6IKRGCbc9_CyxRnM_jRs5I3I6tM&e=> > > > > [2]: https://github.com/doonhammer/ovs/pull/3/commits/ > b10224a07de2970358eb5e105146ef1d5f5eca6d > <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_doonhammer_ovs_pull_3_commits_b10224a07de2970358eb5e105146ef1d5f5eca6d&d=DQMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=vZ6VUDaavDpfOdPQrz1ED54jEjvAE36A8TVJroVlrOQ&m=Qcx3nInKFEOSnlKXJtFFNQKK58goOQs1a4EpsKii8Oo&s=RNYzurF4GoXhr8svoqHm31SEhh_vxggb75i7ZWoXx6o&e=> > > > > [3]: https://github.com/doonhammer/ovs/pull/3/commits/ > 2ebea7881c523dd356cd043a24531c268bddf6b4#diff- > 2c35162acf6ad144624954fdc4c3d9f4R2505 > <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_doonhammer_ovs_pull_3_commits_2ebea7881c523dd356cd043a24531c268bddf6b4-23diff-2D2c35162acf6ad144624954fdc4c3d9f4R2505&d=DQMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=vZ6VUDaavDpfOdPQrz1ED54jEjvAE36A8TVJroVlrOQ&m=Qcx3nInKFEOSnlKXJtFFNQKK58goOQs1a4EpsKii8Oo&s=4AhPmbuGG7Pes0gDKq1rmhrtn4MRN21A3XzWc1uDOuI&e=> > > > > [4]: http://sched.co/8aZE > <https://urldefense.proofpoint.com/v2/url?u=http-3A__sched.co_8aZE&d=DQMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=vZ6VUDaavDpfOdPQrz1ED54jEjvAE36A8TVJroVlrOQ&m=Qcx3nInKFEOSnlKXJtFFNQKK58goOQs1a4EpsKii8Oo&s=wAosiaJVTnwkZz4KZQq00jBKyfdam0y0M6aaP0UXAQU&e=> > > > > > > > _______________________________________________ > discuss mailing list > discuss@openvswitch.org > http://openvswitch.org/mailman/listinfo/discuss > <https://urldefense.proofpoint.com/v2/url?u=http-3A__openvswitch.org_mailman_listinfo_discuss&d=DQMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=vZ6VUDaavDpfOdPQrz1ED54jEjvAE36A8TVJroVlrOQ&m=Qcx3nInKFEOSnlKXJtFFNQKK58goOQs1a4EpsKii8Oo&s=dah33q0ouBl8zSgAGHB8R5dBHqckveNUfwE7X-wR7XQ&e=> > > > > > > -- > > Russell Bryant > > >
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
