Great - the rules works alot better after running ovs-vsctl del-controller xapi5 ;-) It looks like everything works now.
The rules for the XCP VMs to prevent mac/ip spoofing (although allowing dhcp) are then: /usr/bin/ovs-ofctl add-flow xapi5 "in_port=15 priority=39500 dl_type=udp tp_dst=67 dl_src=a6:1e:29:3d:69:51 idle_timeout=0 action=normal" /usr/bin/ovs-ofctl add-flow xapi5 "in_port=15 priority=39000 dl_type=0x0800 nw_src=10.10.8.73 dl_src=a6:1e:29:3d:69:51 idle_timeout=0 action=normal" /usr/bin/ovs-ofctl add-flow xapi5 "in_port=15 priority=38500 dl_type=0x0806 dl_src=a6:1e:29:3d:69:51 idle_timeout=0 action=normal" /usr/bin/ovs-ofctl add-flow xapi5 "in_port=15 priority=38000 idle_timeout=0 action=drop" If something could be improved, security/performance, I would be happy to know about it! ;-) Thanks for your help! Regards Kristoffer On Thu, May 5, 2011 at 5:39 PM, Justin Pettit <jpet...@nicira.com> wrote: > > On May 5, 2011, at 4:03 AM, Kristoffer Egefelt wrote: > > > From the pool master i get: > > > > #ovs-vsctl get-controller xapi5 > > ssl:10.10.3.250:6633 > > > > Probably because I tried the Citrix controller at some point - should it > work if I delete it with: > > > > #ovs-vsctl del-controller xapi5 > > > > is it safe? > > Yes. > > I assume by the Citrix controller, you mean their DVS (Distributed Virtual > Switch). If you don't want to run it anymore, you're likely going to want > to have OVS stop trying to connect to it over the management channel. You > may want to see if the DVS User Manual indicates a way to no longer > associate your switch with that controller. If not, we can share a script > with you that will remove the configuration from XAPI. > > > Running: > > ovs-vsctl get-fail-mode xapi5 > > returns nothing... > > That means you are using the default, which is standalone (fail-open). If > you don't need the controller connection, I'd recommend removing that rather > than messing with the fail-mode. > > --Justin > > >
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
