On Thu, Feb 15, 2018 at 12:36:35AM +0100, Daniel Alvarez Sanchez wrote:
> If we would have the Port_Set we could simply write the match part as
> "outport == $security_group1 && ip4 && ip4.src == 0.0.0.0/0 && tcp &&
> tcp.dst == 22"
> and reduce the number of ACLs to 1 per security group rule instead of 1 per
> security
> group rule per port as it is right now. As you can see, we're referencing
> the relevant security group rule in the CMS through the
> neutron:security_group_rule_id
> key in the external_ids column so we would reduce all ACLs which correspond
> to
> the same SG rule to just 1.

OK, that matches up with what Han says.  Han is going to rebase the
"port set" patches, so I think we'll have a solution for this soon after
that.
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Reply via email to