Benoit, I should have refreshed my memory with a quick Google search before commenting. Sorry about that, my earlier comments to Ben were incorrect. Based on the Cisco IOS implementation, your original proposal makes sense. That said, the Cisco NXOS implementation is slightly different for the Promiscuous Port assignment on a specific interface as it requires both the primary pvlan as well as the isolated & community vlans to be called out specifically.
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/guide_c07-665160.html#wp9000735 However, I like the simplicity of your approach where the act of tagging the port with the already defined VLAN tag (66=promiscuous, 68=isolated or 70=community in your example) is enough to realize the desired pvlan mode. pf ________________________________ Paul Fazzone | Nicira Networks, Inc. VP, Product Management pfazz...@nicira.com 917-301-7800 On Mar 21, 2012, at 2:03 PM, Ben Pfaff wrote: > [adding back the list, adding Paul Fazzone. Paul, I hope you will > respond since I know little about PVLAN.] > > On Wed, Mar 21, 2012 at 09:14:28PM +0100, Benoît Canet wrote: >>> The implementation below seems to be making that distinction per >>> secondary vlan rather than per port. >>> >> >> My understanding of the RFC 5517 is that ports get their properties >> (isolated or community) from their belonging to a particular secondary vlan. >> (not sure about promiscuous port yet) >> >> Cisco's documentation on the pvlan feature is similar to the proposal. >> http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a008017acad.shtml >> >> This tutorial on Cisco pvlan seem go do it the same way. >> http://blog.alwaysthenetwork.com/tutorials/private-vlan-tutorial/ >> >> My work is very focused around Cisco's implementation in order to be >> compatible with their gear. >> (802.1Q trunk) >> >> Maybe we are not talking about the same pvlan implementations ? >> >> Should the command line be specific about being a Cisco related >> implementation ? >> (ex: ovs-vsctl add-5517-pvlan) >> >> I am curious about other implementations, does Paul have any links ? >> >> However if you feel this is the wrong way of doing I'll change the proposal. >> >> Best regards >> >> Benoît _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
