yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #94583
[Bug 2080347] Re: Openvswitch Port Security for unicast traffic of other instances
Hi Saeed,
This ticket sounds more like a question for team and maintainers of
ML2/OVS than a bug per se. I would like to suggest you to send it as an
email to the openstack-discuss@xxxxxxxxxxxxxxxxxxx (with the [neutron]
tag in the subject) or join us at #openstack-neutron on the OFTC IRC
network and ask that question.
Please feel free to reopen this bug if you think this should be treated
as a bug.
** Changed in: neutron
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2080347
Title:
Openvswitch Port Security for unicast traffic of other instances
Status in neutron:
Invalid
Bug description:
I run some scenarios with ML2/OVN and ML2/OVS (in all tests security-
group has no rule)
With the OVN backend, when port security is enabled I can NOT watch
the unicast traffic of other instances by tcpdump, but when port
security is disabled I can watch other unicast traffic for other
instances.
I also run the same scenarios when the backend is Openvswitch only
(not OVN) I can watch unicast traffic of other instances (enabling or
disabling port security has no impact).
Is there any link or reference that explicitly explains this issue and
the impact of OVN in OpenStack for dropping other traffic?
I dump flow rules from openvswitch and compare them, and I'm pretty
sure that the OVN adds some rules to drop other unicast traffic.
Can I drop the unicast traffic of other instances in Openvswitch when I do not use OVN as the backend?
(automatically or by configuration)
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2080347/+subscriptions
References