On Fri, Jan 22, 2016 at 6:17 PM, Han Zhou <zhou...@gmail.com> wrote: > > Regarding the functionality of port-security itself, I am not sure how would it be supported for ls_out_port_sec. If a dst MAC is not recognised in ls_in_l2_lkup stage, it is meaningless to have it allowed in ls_out_port_sec, because the packet would never reach the output port.
I just realized that port-security is useful already when "unknown" is in the addresses of a lport, which can receive packets with any dst MAC as long as the MAC is allowed in port-security. For mac-learning behaviour I mentioned, I will post another thread for discussion, and keep this thread to be focused on the address format in Logical_Port table. -- Best regards, Han _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
