Hi Justin,

my planned topology is not very complex, so implementing some set of
static rules would be the best solution I guess.
I tried playwing with ovs-ofctl a bit. When I program flows directly
from a machine to a machine (e.g. using dl_src/dl_dst conditions and
switching packet for given src/dst pair to a particular port), I can
indeed setup a full mesh topology. However, this is not very
convenient: if a new machine is added to any point of the L2 network,
I need to add more flows on all switches, so that new machine can
communicate with other machines.

It would be much better to program flows only using port numbers -
basicly I just need to deny forwarding between two tunneled ports and
allow forwarding between physical and tunneled ports. However, reading
ovs-ofctl manual, I can't figure out how to accomplish that. If seems
like there is only one "hook", and, using iptables analogy, it
corresponds to PREROUTING. There is no POSTROUTING hook and thus I
can't use conditions on outgoing port number. Is it currently possible
to specify rule/ruleset like "for in_port X perform normal forwarding,
but if the packet is going to be switched to port Y, drop it" ?

Or perhaps I can code up a new action like "lookup destination MAC in
a MAC table, determine outgoing port number and, if that is tunneled
port, drop the packet, otherwise forward it"? Is it hard to implement?
Where should I start?

Best regards,
Eugene

2016-04-09 9:22 GMT+03:00 Justin Pettit <jpet...@ovn.org>:
>
>> On Apr 8, 2016, at 8:33 AM, Eugene L. Vorokov <v...@pidarasy.org> wrote:
>>
>> Hi Scott,
>>
>> Thank you for your reply.
>> According to my understanding of how STP works (please correct me if
>> I'm wrong), it will just take down one of the links to break the
>> circle. This way things will work, but that wouldn't be a working full
>> mesh. For instance, STP may take down link between 2 and 3, and then
>> packet from 2 to 3 will go through 1, which is exactly what I'm trying
>> to avoid.
>
> Your understanding is correct.  To get what you want, you need to have 
> something actively programming flows.  If you have a simple topology, it 
> wouldn't be hard to just add appropriate flows using "ovs-ofctl".  If you 
> want to do something more complex, you could look at a central 
> controller-based network virtualization solution.  There are a few of them 
> out there.
>
> One option is OVN, which started shipping with OVS 2.5.  It's still a work in 
> progress, but it has supported basic L2 connectivity over tunnels for about 
> year now.
>
> --Justin
>
>
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Reply via email to