On Wed, Feb 22, 2017 at 1:53 PM, Thomas Morin <thomas.mo...@orange.com> wrote:
> Wed Feb 22 2017 11:13:18 GMT-0500 (EST), Anil Venkata: > > > While relevant, I think this is not possible until br-int allows to match > the network a packet belongs to (the ovsdb port tags don't let you do that > until the packet leaves br-int with a NORMAL action). > >> Ajo has told me yesterday that the OVS firewall driver uses registers >> precisely to do that. Making this generic (and not specific to the OVS >> firewall driver) would be a prerequisite before you can add ARP responder >> rules in br-int. >> >> > [...] Spoke to Ajo on this. He said we can follow above suggestion i.e do > the same what firewall driver is doing in br-int, or wait till OVS flow > extension is implemented(but this will take time as lack of resources) > > > I think using registers instead of ovsdb port tags should be seen as a > common pre-requisite for both ARP responder in br-int and doing the OVS > flow extension work. > So waiting for resource on the later should not be seen as the problem.. > although you still need some resource to use register in br-int... > > Those port/net tagging parts were designed as some of the fixed stages of the openflow pipeline. If we wanted to pursue this I feel we may need to wait for the pipeline to eventually be ready. An alternative option would be moving the port/net tagging to a common place for ovs firewall and hybrid firewall. But I'm not sure how complex that could be. > -Thomas > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
