On Fri, Jun 09, 2017 at 11:09:08AM +0200, Eelco Chaudron wrote: > This is a follow up patch for an earlier patch send by Cascardo, > however I think this patch might not be needed... > > This patch will make sure VXLAN tunnels with and without the group > based policy (gbp) option enabled can not coexist on the same > destination udp port. > > However the interface ports for VXLAN have to be unique on the same > destination port, i.e. they need a different VNI. Looking at the > datapath code (only Linux seems to support this), this is not a > problem for the ingress/egress path. For egress based on the > configuration the correct header is build. For ingress, if gbp is not > configured and a gbp VXLAN is received the packet is dropped. If gbp > is enabled and a non gbp packet is received its accepted (meaning > default group policy as per the draft rfc). > > Can some one that worked more in depth on the VXLAN side confirm this > patch can be tossed in the bin? If I missed some specific > configuration / use case why it is needed, please review the patch. > > Signed-off-by: Eelco Chaudron <echau...@redhat.com>
I've read this commit message a few times and I'm still not confident that I understand. Let me restate it and you can correct me if I'm wrong. I *think* that you are saying that the Linux datapath handles GBP and non-GBP tunnels that are otherwise the same in a sensible way, so that there is no need to add code to reject them. Is that right? Thanks, Ben. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev