Hi, You can disable port_security for this one port and check then if it will work properly. You can also add additional „allowed_address_pairs” and add additional IP address to Your port. Also it it blocks DHCP responses from some external dhcp server, maybe You can add security group rules to allow such kind of traffic and it will then not drop it.
— Slawek Kaplonski Senior software engineer Red Hat > Wiadomość napisana przez luckydog xf <luckydo...@gmail.com> w dniu > 26.12.2018, o godz. 05:40: > > Yes, it's dropped, I use ovs-ofctl to debug flow table. > > I found that VPN cannot run in an instances, just because: > > 1. IP varys from time to time, while security group needs IP/Mac address > binding. > > 2. flow table of br-int won't allow traffic to goes through, as I met in this > topic. > > Probably VPNaas of Openstack is a good choice. > > Thanks. > _______________________________________________ > discuss mailing list > disc...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss