Public bug reported:
Bug https://bugs.launchpad.net/neutron/+bug/1732067 has a bad impact on VM
traffic. And all the fix has some potenial risk of data-plane down. So we added
a new bug for the new solution:
It will add a flow table something like a switch FDB table. The accepted egress
flows will be take care in that.
table=94 will be used to do accept egress traffic classification when enable
openflow firewall:
1. the "dest mac" is handled this ovs-agent, direct "output" to that port
2. "ARP request" with enabled L2 pop, packets will still be sent to patch port
to tunnel bridge
3. "dest mac" not in this host, vlan or tunnel (gre/vxlan/geneve) unicast will
be sent to corresponding patch port of tunnel/physical bridge.
4. other traffic still match the original NORMAL flow
A new table=61 will be used to do accept egress traffic classification when not
enable openflow firewall:
1. egress packets will be send to table 61, match rule will be of-port which be
handled by ovs-agent "in_port=<some_local_of_port>"
2. the "dest mac" is handled this ovs-agent, direct "output" to that port
3. "ARP request" with enabled L2 pop, packets will still be sent to patch port
to tunnel bridge
4. "dest mac" not in this host, vlan or tunnel (gre/vxlan/geneve) unicast will
be sent to corresponding patch port of tunnel/physical bridge.
5. other traffic still match the original NORMAL flow
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1841622
Title:
[L2][OVS] add accepted egress fdb flows
Status in neutron:
New
Bug description:
Bug https://bugs.launchpad.net/neutron/+bug/1732067 has a bad impact on VM
traffic. And all the fix has some potenial risk of data-plane down. So we added
a new bug for the new solution:
It will add a flow table something like a switch FDB table. The accepted
egress flows will be take care in that.
table=94 will be used to do accept egress traffic classification when enable
openflow firewall:
1. the "dest mac" is handled this ovs-agent, direct "output" to that port
2. "ARP request" with enabled L2 pop, packets will still be sent to patch
port to tunnel bridge
3. "dest mac" not in this host, vlan or tunnel (gre/vxlan/geneve) unicast
will be sent to corresponding patch port of tunnel/physical bridge.
4. other traffic still match the original NORMAL flow
A new table=61 will be used to do accept egress traffic classification when
not enable openflow firewall:
1. egress packets will be send to table 61, match rule will be of-port which
be handled by ovs-agent "in_port=<some_local_of_port>"
2. the "dest mac" is handled this ovs-agent, direct "output" to that port
3. "ARP request" with enabled L2 pop, packets will still be sent to patch
port to tunnel bridge
4. "dest mac" not in this host, vlan or tunnel (gre/vxlan/geneve) unicast
will be sent to corresponding patch port of tunnel/physical bridge.
5. other traffic still match the original NORMAL flow
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1841622/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
