Great, thanks for the feedback!
I'm working on the implementation of address sets for OVN now. It's still
incomplete, but I'd like to post something by the end of the week.
https://github.com/russellb/ovs/commits/ovn-address-sets
--
Russell Bryant
On Tue, Mar 22, 2016 at 3:26 PM, Salvatore Or
As I am doing some integration between OVN and Kubernetes, there is a
similar problem there where the introduction of this concept can be very
beneficial.
To provide some context a Kubernetes network policy [1] might have several
"from" clauses which might translate into a great number of IP addre
On Wed, Mar 09, 2016 at 04:12:07PM -0500, Russell Bryant wrote:
>
> One use case for OVN ACLs includes matching on a set of IP addresses. A
> simple example:
>
> inport == "lport1" && ip.src == {10.0.0.1, 10.0.0.3, 10.0.7}
>
> This is only 3 addresses, but it could easily be hundreds of add
It’s a great idea. From an OpenStack point of view, this will make NB ACL
transaction sets O(1) instead of O(N) when combined with the delta ACL
computation patch that is currently under review.
I agree with Ryan’s SB extension. Since Address_Set will be a new table, the
conditional_monitor cod
On Thu, Mar 10, 2016 at 1:45 AM, Han Zhou wrote:
> This is a great idea!! Just like what ipset has helped for iptables.
>
Thanks for the feedback. Yes, ipset was what inspired the idea. :-)
> And I agree with the "additional step" (as pointed out by Ryan) that we
> should enable this for SB
On Wed, Mar 9, 2016 at 1:32 PM, Ryan Moats wrote:
>
>
>
> "dev" wrote on 03/09/2016 03:12:07 PM:
>
> > From: Russell Bryant
> > To: ovs dev
> > Date: 03/09/2016 03:12 PM
> > Subject: [ovs-dev] [RFC] OVN northbound address sets
> > Sent b
"dev" wrote on 03/09/2016 03:12:07 PM:
> From: Russell Bryant
> To: ovs dev
> Date: 03/09/2016 03:12 PM
> Subject: [ovs-dev] [RFC] OVN northbound address sets
> Sent by: "dev"
>
> I'd like to propose a new feature for the OVN northbound d
I'd like to propose a new feature for the OVN northbound database. If we
reach some consensus, I will implement it.
Overview:
One use case for OVN ACLs includes matching on a set of IP addresses. A
simple example:
inport == "lport1" && ip.src == {10.0.0.1, 10.0.0.3, 10.0.7}
This is only 3