On Thu, Sep 14, 2017 at 2:58 PM, Ben Pfaff <[email protected]> wrote: > On Thu, Sep 14, 2017 at 02:52:48PM -0600, Miguel Angel Ajo Pelayo wrote: > > Although I see we have code for somehow packing stuff into conjunctions: > > > > https://github.com/openvswitch/ovs/blob/1ea2184501d43352ec40764f5eaa3c > bd07e3fee3/ovn/controller/lflow.c#L298 > > > > I don't really understand (yet) what's it doing. Is it may be supposed to > > cover this case but we got into a bug? > > It's a naive, ad hoc algorithm that I implemented knowing at the time > that I didn't know what was actually important yet. Now that we have an > example of a case where it's important to get it right, it's time to > take another look. >
Oh, sounds great Ben, thank you for handling this. I'm spending some time reading the lflow.c code to understand what we have now. I was wondering if, another improvement we could make in the future is having ACL_Match sets, or something like that, to reduce the amount of ACL entries and lflow entries that we generate, and also make it easier for ovn-controller to group them. They would resemble the idea of security groups (for rules, not for members) in neutron, but not sure if that's too specific. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
