On Wed, Mar 09, 2016 at 04:12:07PM -0500, Russell Bryant wrote:
>
> One use case for OVN ACLs includes matching on a set of IP addresses. A
> simple example:
>
> inport == "lport1" && ip.src == {10.0.0.1, 10.0.0.3, 10.0.7}
>
> This is only 3 addresses, but it could easily be hundreds of addresses.
>
> I'd like to add a new table to OVN_Northbound called something like
> "Address_Set".
>
> + "Address_Set": {
> + "columns": {
> + "name": {"type": "string"},
> + "addresses": {"type": {"key": "string",
> + "min": 0,
> + "max": "unlimited"}}},
> + "indexes": [["name"]],
> + "isRoot": false},
>
> I'd also like to be able to refer to an address set by name in an ACL
> match. I'm not sure about the syntax, but as an example:
I support this. It matches some sketchy plans I had when I started
designing the OVN matching language.
I support Ryan's suggestion to extend this to the southbound database.
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
