On 10/14/20 11:15 AM, [email protected] wrote: > From: Numan Siddique <[email protected]> > > ovn-northd adds below lflows for a reject ACL with a match - M > > match = (ip4 && tcp && 'M') action = tcp_reject{} > match = (ip6 && tcp && 'M') action = tcp_reject{} > match = (ip4 && 'M') action = icmp4{} > match = (ip6 && 'M') action = icmp6{} > > This approach has a couple of problems: > - ovn-controller can reject the lflows if there are invalid matches. > Eg. If match 'M' is - 'ip4 && udp'. > > - In a large scale deployment, this could result in lot of invalid > logical flows and increase the size of the SB DB. > > This patch addresses this problem by using newly added reject OVN action. > With this patch, there will be just one lflow for each reject ACL. > > Signed-off-by: Numan Siddique <[email protected]> > ---
This is nice! However, I'm waiting with the ack until the discussion on patch 2/3 is concluded. Thanks, Dumitru _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
