Re: [ovs-dev] [PATCH v3 2/2] ovn: Add address_set() support for ACLs.

Hi Han, I am sorry, I must have missed it. I will include it in v5. Thank you, Babu On Monday 27 June 2016 10:59 PM, Han Zhou wrote: On Sun, Jun 26, 2016 at 11:29 PM, Babu Shanmugam > wrote: > > > > On Thursday 23 June 2016 12:03 PM, Han Zhou wrote: >> >> It may b

Re: [ovs-dev] [PATCH v3 2/2] ovn: Add address_set() support for ACLs.

On Sun, Jun 26, 2016 at 11:29 PM, Babu Shanmugam wrote: > > > > On Thursday 23 June 2016 12:03 PM, Han Zhou wrote: >> >> It may be good to have column "external_ids", so that external names, such as security-group name in neutron, can be recognized easily. > > Han, do you want the external_ids to

Re: [ovs-dev] [PATCH v3 2/2] ovn: Add address_set() support for ACLs.

On Thursday 23 June 2016 12:03 PM, Han Zhou wrote: It may be good to have column "external_ids", so that external names, such as security-group name in neutron, can be recognized easily. Han, do you want the external_ids to be present in the table in OVN SouthBound DB? I feel that it would be

Re: [ovs-dev] [PATCH v3 2/2] ovn: Add address_set() support for ACLs.

Hi Flavio, Thanks for reviewing. My comments are below. On Thursday 23 June 2016 10:33 PM, Flaviof wrote: On Thu, Jun 23, 2016 at 1:05 AM, > wrote: From: Russell Bryant mailto:russ...@ovn.org>> +/* Return true if the address sets match, false otherwise.

Re: [ovs-dev] [PATCH v3 2/2] ovn: Add address_set() support for ACLs.

> > +/* Remember the names of all address sets currently in > > expr_address_sets > > + * so we can detect address sets that have been deleted. */ > > +struct sset cur_address_sets = SSET_INITIALIZER(&cur_address_sets); > > > This sset is not an address_set, but address_set names (or k

Re: [ovs-dev] [PATCH v3 2/2] ovn: Add address_set() support for ACLs.

On Thu, Jun 23, 2016 at 1:05 AM, wrote: > From: Russell Bryant > > This feature was originally proposed here: > > http://openvswitch.org/pipermail/dev/2016-March/067440.html > > A common use case for OVN ACLs involves needing to match a set of IP > addresses. > >outport == "lp1" && ip4.src

Re: [ovs-dev] [PATCH v3 2/2] ovn: Add address_set() support for ACLs.

On Thu, Jun 23, 2016 at 1:05 AM, wrote: > From: Russell Bryant > > This feature was originally proposed here: > > http://openvswitch.org/pipermail/dev/2016-March/067440.html > > A common use case for OVN ACLs involves needing to match a set of IP > addresses. > >outport == "lp1" && ip4.src

Re: [ovs-dev] [PATCH v3 2/2] ovn: Add address_set() support for ACLs.

Hi Han, On Thursday 23 June 2016 12:03 PM, Han Zhou wrote: Thanks Babu for taking over this. I'd like to repost my comment here: On Wed, Jun 22, 2016 at 10:05 PM, > wrote: > diff --git a/ovn/ovn-sb.ovsschema b/ovn/ovn-sb.ovsschema > index 06e8a07..22f7ad0 100644 >

Re: [ovs-dev] [PATCH v3 2/2] ovn: Add address_set() support for ACLs.

Hi Zong Kai, Li, My comments below. On Thursday 23 June 2016 02:34 PM, Zong Kai YL Li wrote: Hi, Babu. I get a few questions about this patch: - 1, About SB DB. It says to support ACLs, so why do we need a identical table exists in both NB DB and NB DB? I can figure that out, please give some

Re: [ovs-dev] [PATCH v3 2/2] ovn: Add address_set() support for ACLs.

Thanks Babu for taking over this. I'd like to repost my comment here: On Wed, Jun 22, 2016 at 10:05 PM, wrote: > diff --git a/ovn/ovn-sb.ovsschema b/ovn/ovn-sb.ovsschema > index 06e8a07..22f7ad0 100644 > --- a/ovn/ovn-sb.ovsschema > +++ b/ovn/ovn-sb.ovsschema > @@ -1,7 +1,7 @@ > { > "name"

[ovs-dev] [PATCH v3 2/2] ovn: Add address_set() support for ACLs.

From: Russell Bryant This feature was originally proposed here: http://openvswitch.org/pipermail/dev/2016-March/067440.html A common use case for OVN ACLs involves needing to match a set of IP addresses. outport == "lp1" && ip4.src == {10.0.0.5, 10.0.0.25, 10.0.0.50} This example match o