On Tue, May 17, 2016 at 4:05 AM, Ramu Ramamurthy <[email protected]> wrote:
> Tested-by: Ramu Ramamurthy <[email protected]> > > I tested v5 of this patchset to work end-to-end with openstack (using > your openstack changes which are also under review). The options tested > include dns-server and classless-static-route. > > A question I have is why you program these out-acl flows at prio 34000, > whereas you did not need to program the corresponding in-acl flow ? > table=1( ls_out_acl), priority=34000, match=(eth.src == > fa:16:3e:94:07:40 && ip4.src == 10.0.2.1 && udp && udp.src == 67 && > udp.dst == 68), action=(ct_commit; next;) > > Thanks Ramu for testing it out. The reason for not adding the flow in IN_ACL is because the CMS can add flows to allow or drop DHCP traffic on a logical port if it wants to. In the case of OpenStack networking-ovn, it is adding the below flows for each logical port. table=4( ls_in_acl), priority= 2002, match=(ct.new && (inport == "2636f285-6d1a-4ad9-89db-c3323349c554" && ip4)), action=(ct_commit; next;) table=4( ls_in_acl), priority= 2002, match=(ct.new && (inport == "2636f285-6d1a-4ad9-89db-c3323349c554" && ip6)), action=(ct_commit; next;) table=4( ls_in_acl), priority= 2001, match=(inport == "2636f285-6d1a-4ad9-89db-c3323349c554" && ip), action=(drop;) Actually if we want we can remove the 34000 OUT_ACL flow from ovn-northd and let CMS add it. I initially thought its good to take care of it on ovn-northd. But now I am not sure whats the best approach. Please let me know your comments. Thanks Numan > On Mon, May 16, 2016 at 2:23 AM, Numan Siddique <[email protected]> > wrote: > > OVN implements a native DHCP support which caters to the common > > use case of providing an IP address to a booting instance by > > providing stateless replies to DHCP requests based on statically > > configured address mappings. To do this it allows a short list of > > DHCP options to be configured and applied at each compute host > > running ovn-controller. > > > _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
