On Thu, Feb 15, 2018 at 12:36:35AM +0100, Daniel Alvarez Sanchez wrote: > If we would have the Port_Set we could simply write the match part as > "outport == $security_group1 && ip4 && ip4.src == 0.0.0.0/0 && tcp && > tcp.dst == 22" > and reduce the number of ACLs to 1 per security group rule instead of 1 per > security > group rule per port as it is right now. As you can see, we're referencing > the relevant security group rule in the CMS through the > neutron:security_group_rule_id > key in the external_ids column so we would reduce all ACLs which correspond > to > the same SG rule to just 1.
OK, that matches up with what Han says. Han is going to rebase the "port set" patches, so I think we'll have a solution for this soon after that. _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
