[openstack-dev] [neutron] br-int to use registers instead of ovsdb tags (was: Re: Enable arp_responder without l2pop)

Miguel Angel Ajo Pelayo majopela at redhat.com
Wed Feb 22 19:00:51 UTC 2017


On Wed, Feb 22, 2017 at 1:53 PM, Thomas Morin <thomas.morin at orange.com>
wrote:

> Wed Feb 22 2017 11:13:18 GMT-0500 (EST), Anil Venkata:
>
>
> While relevant, I think this is not possible until br-int allows to match
> the network a packet belongs to (the ovsdb port tags don't let you do that
> until the packet leaves br-int with a NORMAL action).
>
>> Ajo has told me yesterday that the OVS firewall driver uses registers
>> precisely to do that. Making this generic (and not specific to the OVS
>> firewall driver) would be a prerequisite before you can add ARP responder
>> rules in br-int.
>>
>>
> [...] Spoke to Ajo on this. He said we can follow above suggestion i.e do
> the same what firewall driver is doing  in br-int, or wait till OVS flow
> extension is implemented(but this will take time as lack of resources)
>
>
> I think using registers instead of ovsdb port tags should be seen as a
> common pre-requisite for both ARP responder in br-int and doing the OVS
> flow extension work.
> So waiting for resource on the later should not be seen as the problem..
> although you still need some resource to use register in br-int...
>
>
Those port/net tagging parts were designed as some of the fixed stages of
the openflow pipeline. If we wanted to pursue this I feel we may need to
wait for the pipeline to eventually be ready.

An alternative option would be moving the port/net tagging to a common
place for ovs firewall and hybrid firewall. But I'm not sure how complex
that could be.




> -Thomas
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170222/64f23b30/attachment.html>


More information about the OpenStack-dev mailing list