On Fri, Jul 2, 2021 at 4:39 PM Ben Pfaff <b...@ovn.org> wrote:
>
> On Wed, Jun 23, 2021 at 08:35:19PM -0400, Ihar Hrachyshka wrote:
> > This allows L3+ ACLs to match against double tagged vlan traffic on
> > vlan-passthru switches.
> >
> > The default in OVS is vlan-limit=1 for backwards compatibility. This
> > means packets are not "parsed" deeper than one tag level.
> >
> > This patch sets it to 0, which means "parse as deep as OVS supports".
> > Right now it's effectively the same as setting it to "2", which is the
> > maximum number of tag levels that OVS supports right now.
> >
> > It is already set to 2 in puppet-vswitch that is used in some OpenStack
> > distributions:
> >
> > https://opendev.org/openstack/puppet-vswitch/commit/14011d69c18e628a3466fa71db25cefb7adff425
> >
> > Signed-off-by: Ihar Hrachyshka <ihrac...@redhat.com>
>
> Thanks! This is a good idea, I think.
>
> I think that the following is going to always submit a transaction to
> update vlan-limit, even if it's already correct. That's going to be
> wasteful. I think it would be better to check whether it's already set
> to 0:
Hi Ihar,
Does it need a v2 addressing Ben's comments ?
Thanks
Numan
>
> > + /* Enable ACL matching for double tagged traffic. */
> > + if (ovs_idl_txn) {
> > + const struct ovsrec_open_vswitch *cfg =
> > + ovsrec_open_vswitch_table_first(ovs_table);
> > + ovsrec_open_vswitch_update_other_config_setkey(
> > + cfg, "vlan-limit", "0");
> > + }
> _______________________________________________
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
