Hi Han, all
While implementing Port Groups in OpenStack I have noticed that we are
duplicating the lflows for the DHCP now with the current code. Seeking for
advice here:
When we create a Neutron subnet, I'm creating a Port Group with the ACL for
the DHCP:
_uuid : 7f2b64eb-090b-4bb4-85fd-09576329c21b
action : allow
direction : from-lport
external_ids : {}
log : false
match : "inport == @pg_12070130_e7f0_47a7_aee2_cde2064e7a28
&& ip4 && ip4.dst == {255.255.255.255, 192.168.1.0/24} && udp && udp.src ==
68 && udp.dst == 67"
name : []
priority : 1002
severity : []
This generates the proper lflow in the Logical_Flow table:
_uuid : a2a970ec-82ee-4474-bf0e-43f1cdedd7ed
actions : "next;"
external_ids : {source="ovn-northd.c:3192", stage-hint="7f2b64eb",
stage-name=ls_in_acl}
logical_datapath : e1bdb553-5bbf-4b76-a19d-cf385612a3ff
match : "inport == @pg_12070130_e7f0_47a7_aee2_cde2064e7a28
&& ip4 && ip4.dst == {255.255.255.255, 192.168.1.0/24} && udp && udp.src ==
68 && udp.dst == 67"
pipeline : ingress
priority : 2002
table_id : 6
hash : 0
However, all the ports belonging in that subnet also have a lflow for DHCP
(different stages though)
_uuid : f159803f-6b8d-4c8a-9339-b89ee267c2eb
actions : "next;"
external_ids : {source="ovn-northd.c:2579",
stage-name=ls_in_port_sec_ip}
logical_datapath : 2b3126db-74d4-48a1-9e81-192066748de6
match : "inport == \"240edf21-5a9c-4edd-98b5-8dadc343b9de\"
&& eth.src == fa:16:3e:07:85:91 && ip4.src == 0.0.0.0 && ip4.dst ==
255.255.255.255 && udp.src == 68 && udp.dst == 67"
pipeline : ingress
priority : 90
table_id : 1
hash : 0
My questions are:
1) Do I really need to create the Port Group for every subnet just to take
care of the DHCP?
2) We have per-port DHCP lflows, is it worth to implement port groups
around them too?
Thanks!
Daniel
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
