Thanks for you rapidly reply. We think localnet port never be the real destination port of vm instance. Like patch port of route, localnet port just used for interim.
And nouse of ct to localnet will not cause the bypass of firewall. Because of the real destination port of vm1 or vm2 have their own ct. The introducing of same port or same zone in different networks maybe not suitable, this is not consensus with the isolation of networks. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
