subject:"\[ovs\-discuss\] OVN on a non\-OpenStack and non\-sandbox environment."

Re: [ovs-discuss] OVN on a non-OpenStack and non-sandbox environment.

2016-12-23 Thread Scott Lowe


On 12/23/2016 03:45 AM, pranab boruah wrote:

Hello Everyone,
We are trying to experiment OVN ACLs on a native setup.(non-OpenStack
and non-sandbox). We couldn't find any blog posts or documentation on
how to do this.
*Gerhard Stenzel*  has posted in this thread somewhat similar to what I
need :
https://mail.openvswitch.org/pipermail/ovs-discuss/2016-July/041871.html

But my requirements are different. Also the ovn architecture document
specifically mentions that we shouldn't add physical ports to br-int*:**
C**h**a**s**s**i**s* *S**e**t**u**p *section in
http://openvswitch.org/support/dist-docs/ovn-architecture.7.html.

Setup Configurations :
Physical Host 1:
  - ovs 2.6 installed.
  - launched a VM with MacVTap(macvtap0) to em1(physical NIC).
  - VM's nic ip : 172.16.10.50

Physical Host 2:
  - em1(Physical NIC) with IP 172.16.10.10

I can ping 172.16.10.50 from 172.16.10.10. My question is how do I
set-up ACL rules for the traffic that are to be allowed/not-allowed to
this VM. The constraints are :
1) Should work in non-OpenStack and non-sandbox environment.
2) VM's interface attached either through MacVTap or SRIOV modes only.



To echo what Ben said already, you can't use MacVTAP or SRIOV interfaces 
with OVN, as both of these types of interfaces bypass OVS (and OVS is 
where the ACLs are enforced).


Using "normal" TAP interfaces for your VMs would work, though, even in 
non-OpenStack environments.


Best of luck,

--
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN on a non-OpenStack and non-sandbox environment.

2016-12-23 Thread Ben Pfaff

On Fri, Dec 23, 2016 at 04:15:30PM +0530, pranab boruah wrote:
> The constraints are :
> 1) Should work in non-OpenStack and non-sandbox environment.
> 2) VM's interface attached either through MacVTap or SRIOV modes only.

OVN doesn't currently support MacVTap or SRIOV.
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN on a non-OpenStack and non-sandbox environment.

2016-12-23 Thread pranab boruah

Thanks Raymond. We were able to create a similar set-up to what is
mentioned in the blog. But the actual VMs we are trying to launch should be
have their NICs in MacVTap or SRIOV mode. Launching VMs in default NAT mode
works, but that's not what we need.



On 23 December 2016 at 17:27, Raymond Burkholder  wrote:

> Try http://blog.spinhirne.com/p/blog-series.html for some OVN examples
> with ACL.  Does this get you closer?
>
>
>
>
>
> Hello Everyone,
>
> We are trying to experiment OVN ACLs on a native setup.(non-OpenStack and
> non-sandbox). We couldn't find any blog posts or documentation on how to do
> this.
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* , and is
> believed to be clean.
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN on a non-OpenStack and non-sandbox environment.

2016-12-23 Thread Raymond Burkholder

Try http://blog.spinhirne.com/p/blog-series.html for some OVN examples with 
ACL.  Does this get you closer?

 

 

Hello Everyone,

We are trying to experiment OVN ACLs on a native setup.(non-OpenStack and 
non-sandbox). We couldn't find any blog posts or documentation on how to do 
this.



 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] OVN on a non-OpenStack and non-sandbox environment.

2016-12-23 Thread pranab boruah

Hello Everyone,
We are trying to experiment OVN ACLs on a native setup.(non-OpenStack and
non-sandbox). We couldn't find any blog posts or documentation on how to do
this.
*Gerhard Stenzel*  has posted in this thread somewhat similar to what I
need :
https://mail.openvswitch.org/pipermail/ovs-discuss/2016-July/041871.html

But my requirements are different. Also the ovn architecture document
specifically mentions that we shouldn't add physical ports to br-int* :*
* C**h**a**s**s**i**s* *S**e**t**u**p *section in
http://openvswitch.org/support/dist-docs/ovn-architecture.7.html.

Setup Configurations :
Physical Host 1:
  - ovs 2.6 installed.
  - launched a VM with MacVTap(macvtap0) to em1(physical NIC).
  - VM's nic ip : 172.16.10.50

Physical Host 2:
  - em1(Physical NIC) with IP 172.16.10.10

I can ping 172.16.10.50 from 172.16.10.10. My question is how do I set-up
ACL rules for the traffic that are to be allowed/not-allowed to this VM.
The constraints are :
1) Should work in non-OpenStack and non-sandbox environment.
2) VM's interface attached either through MacVTap or SRIOV modes only.

Please help!
Thanks
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN on a non-OpenStack and non-sandbox environment.

Re: [ovs-discuss] OVN on a non-OpenStack and non-sandbox environment.

Re: [ovs-discuss] OVN on a non-OpenStack and non-sandbox environment.

Re: [ovs-discuss] OVN on a non-OpenStack and non-sandbox environment.

[ovs-discuss] OVN on a non-OpenStack and non-sandbox environment.

5 matches

Site Navigation

Mail list logo

Footer information