Hi Justin, my planned topology is not very complex, so implementing some set of static rules would be the best solution I guess.
I tried playwing with ovs-ofctl a bit. When I program flows directly from a machine to a machine (e.g. using dl_src/dl_dst conditions and switching packet for given src/dst pair to a particular port), I can indeed setup a full mesh topology. However, this is not very convenient: if a new machine is added to any point of the L2 network, I need to add more flows on all switches, so that new machine can communicate with other machines. It would be much better to program flows only using port numbers - basicly I just need to deny forwarding between two tunneled ports and allow forwarding between physical and tunneled ports. However, reading ovs-ofctl manual, I can't figure out how to accomplish that. If seems like there is only one "hook", and, using iptables analogy, it corresponds to PREROUTING. There is no POSTROUTING hook and thus I can't use conditions on outgoing port number. Is it currently possible to specify rule/ruleset like "for in_port X perform normal forwarding, but if the packet is going to be switched to port Y, drop it" ? Or perhaps I can code up a new action like "lookup destination MAC in a MAC table, determine outgoing port number and, if that is tunneled port, drop the packet, otherwise forward it"? Is it hard to implement? Where should I start? Best regards, Eugene 2016-04-09 9:22 GMT+03:00 Justin Pettit <jpet...@ovn.org>: > >> On Apr 8, 2016, at 8:33 AM, Eugene L. Vorokov <v...@pidarasy.org> wrote: >> >> Hi Scott, >> >> Thank you for your reply. >> According to my understanding of how STP works (please correct me if >> I'm wrong), it will just take down one of the links to break the >> circle. This way things will work, but that wouldn't be a working full >> mesh. For instance, STP may take down link between 2 and 3, and then >> packet from 2 to 3 will go through 1, which is exactly what I'm trying >> to avoid. > > Your understanding is correct. To get what you want, you need to have > something actively programming flows. If you have a simple topology, it > wouldn't be hard to just add appropriate flows using "ovs-ofctl". If you > want to do something more complex, you could look at a central > controller-based network virtualization solution. There are a few of them > out there. > > One option is OVN, which started shipping with OVS 2.5. It's still a work in > progress, but it has supported basic L2 connectivity over tunnels for about > year now. > > --Justin > > _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss