Folks,
I'm using the a k8s CNI based on the OVN architectural, and I tried to add
a filter between all ports, like:
Client <======> Filter <======> Server
so the filter can intercept the traffic between the client/server in this
scenario.
I did add couples of OpenFlow rules to intercept traffic between virtual
ports, like:
function add_flow() {
local filter=$1;
local actions=$2;
ovs-ofctl --strict --name add-flow $vswitch "$filter $actions";
}
add_flow "table=18,priority=50,metadata=0x3,ip,reg14=$filter_nic_idx"
"actions=resubmit(,19)";
add_flow "table=64,priority=50,metadata=0x3,reg14=$filter_nic_idx"
"actions=resubmit(,65)";
add_flow "table=64,priority=50,metadata=0x3,arp"
"actions=resubmit(,65)";
These rules work well for the internal virtual ports, but I encounter a
problem, the external traffic becomes unstable.
Do folks have any suggestions?
--
Best,
Yu-Han Lin
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
