On 07/07/2017 08:32 PM, Ben Pfaff wrote:
On Fri, Jun 09, 2017 at 11:09:08AM +0200, Eelco Chaudron wrote:
This is a follow up patch for an earlier patch send by Cascardo,
however I think this patch might not be needed...
This patch will make sure VXLAN tunnels with and without the group
based policy (gbp) option enabled can not coexist on the same
destination udp port.
However the interface ports for VXLAN have to be unique on the same
destination port, i.e. they need a different VNI. Looking at the
datapath code (only Linux seems to support this), this is not a
problem for the ingress/egress path. For egress based on the
configuration the correct header is build. For ingress, if gbp is not
configured and a gbp VXLAN is received the packet is dropped. If gbp
is enabled and a non gbp packet is received its accepted (meaning
default group policy as per the draft rfc).
Can some one that worked more in depth on the VXLAN side confirm this
patch can be tossed in the bin? If I missed some specific
configuration / use case why it is needed, please review the patch.
Signed-off-by: Eelco Chaudron <[email protected]>
I've read this commit message a few times and I'm still not confident
that I understand. Let me restate it and you can correct me if I'm
wrong. I *think* that you are saying that the Linux datapath handles
GBP and non-GBP tunnels that are otherwise the same in a sensible way,
so that there is no need to add code to reject them. Is that right?
Thanks,
Ben.
Hi Ben,
Yes your summary is correct! I was just wondering if I missed something
that does require this fix to be added.
Cheers,
Eelco
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
