On 07/01/2015 04:11 AM, Gal Sagie wrote: > Hello Everyone, > > As you might know, allowed address pairs in neutron is an extension to > allow port > to have more then a pair of MAC-IP addresses assigned to it. > This is useful for cases of where few VM's need to share virtual MAC/IP, > like > for VRRP, Load balancing, NFV use cases and so on... > (Aaron who implemented it as far as i know can maybe elaborate) > > Its not urgent but i believe that we can support this in Neutron OVN (at > least for L2) > By adding all the MAC addresses configured to a certain logical port.
You cant set the same MAC address on more than one logical port. The behavior is undefined. Packets will go to 1 of them, but it's undefined which one. It's fine to set the same MAC address in port_security for multiple logical ports like we do now, but I'm not sure it's useful yet. What's the expected behavior? Is it that a set of ports is allowed a MAC address, but we should do MAC learning to figure out which one is actively using it? > However, when L3 is going to be introduced, we cant just also add all > the IP addresses, because security wise this means that a certain IP > must be assigned to a certain MAC address (please correct me if i am > wrong here) > > Just wanted to put this here, so when L3 design is finalized these > connections > are also taken care of in OVN for port security. > > Please share any comments/thoughts. > > Thanks > Gal. > -- Russell Bryant _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
