Hi Yimin, The behavior you describe would emerge from the flows you choose to utilize, and may not necessarily be a single modification. One way to think about this is as a side effect of the flow table being processed a single time. Since the matching only occurs on the packet entering the switch (rather than leaving it), actions which filter based upon in_port are usually trivial. There is no native correspondence for output actions, though it often straightforward to do so. In this case, you are relying upon the normal action for forwarding decisions, which spans the entire bridge. This probably will not offer you enough granularity to do what you desire, since AFAIK, you can't say
priority=100, tp_dst=80, action=NORMAL(all ports) priority=50, action=NORMAL(all ports except port 3) Hope this clarifies. -Reid On Thu, Jul 12, 2012 at 5:56 PM, YIMIN CHEN <ymchen.n...@gmail.com> wrote: > Hi, > > I am experimenting with OVS 1.4.2, using openflow entries to control > traffic b/w VMs. VM1 (11.1.1.4) and VM2 (11.1.1.5) connected to OVS > via tap0 (openflow port 2) and tap1 (of port 3). > > I am a little confused about how to specify an inbound rule. How can I > specify an openflow entry for VM2 saying allowing incoming pkts to VM2 > only allowed on tcp port 80, but not others? > "in_port=3,tp_dst=80,action=normal" will work? To me, it sounds like > saying "If VM2 send a pkt to port 80, allow it", instead of "if VM2 > receives a pkt to port 80, allow it". I am a little confused. > > Could anyone please clarify for me? > > Thanks! > Yimin > _______________________________________________ > discuss mailing list > discuss@openvswitch.org > http://openvswitch.org/mailman/listinfo/discuss >
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
