So I guess pkts makes most sense for ACLs, but has anyone used this for
ACLs, it does not seem to be working for me, what would be reasonable
values for rate and burst?
I created a meter as follows:
ovn-nbctl meter-add acl_drop drop 2 pktps 1
And applied it to an ACL:
ovn-nbctl --type=switch --name=vcn0617480_drg-ext_deny --meter=acl_drop
acl-add ls_vcn0617480_external_drg from-lport 32000 'inport ==
"ls_vcn0617480_external_drg-lr_vcn0617480_drg" && ip4.dst ==
$vcn0617480_drg_deny' drop
Then did a ping using -i 0.2
23 packets transmitted, 0 received, 100% packet loss, time 4568ms
All of these were recorded in the ovn-controller.log
Brendan
On 20/11/2023 18:47, Brendan Doyle via discuss wrote:
Hi Folks,
ovn-nbctl(8) says:
ACL Commands
The --meter=meter option is used to rate-limit packet logging.
The meter argument names a meter configured by meter-add.
But the Meter Commands sections says:
The unit specifies the unit for the rate argument; valid values are
kbps and pktps for kilobits per second and packets per second,
respectively.
What should used for ACLs meters?
Thanks
Brendan
_______________________________________________
discuss mailing list
[email protected]
https://urldefense.com/v3/__https://mail.openvswitch.org/mailman/listinfo/ovs-discuss__;!!ACWV5N9M2RV99hQ!LIFGKlONE7bpnlB-7kOdfD_fggCAQ2oEGXOhH-y4FIuRyxQuyDTJs65paj7gnXA04pTvBU7AbEP2JuF3YLETwEyc1RhXtw$
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
