0

I've two OVS bridges which they are connected to the 3rd v-switch using patch(es).

    Bridge br1
        Port br1
            Interface br1
                type: internal
        Port br1-ext
            Interface br1-ext
                type: patch
                options: {peer=ext-br1}
        Port veth573b5f8a
            Interface veth573b5f8a
    Bridge br2
        Port br2
            Interface br2
                type: internal
        Port vethe3fada17
            Interface vethe3fada17
        Port br2-ext
            Interface br2-ext
                type: patch
                options: {peer=ext-br2}
    Bridge ext
        Port physnet1
            Interface physnet1
        Port ext-br1
            Interface ext-br1
                type: patch
                options: {peer=br1-ext}
        Port ext
            Interface ext
                type: internal
        Port ext-br2
            Interface ext-br2
                type: patch
                options: {peer=br2-ext}

There's a DHCP server over physnet1. I need to isolate L2 traffic between these v-switches but allow DHCP traffic from physnet1. How i can achieve that?

Note: There's N v-switches IRL.

Improve this question

1 Answer 1

Reset to default
0

I found that I need to set rules in the flow table, I've achieved tenant isolation using these flows:

delete default flow on ext bridge and:


cookie=0x0, duration=84697.471s, table=0, n_packets=3486, n_bytes=987906, priority=100,in_port="ext-br1" actions=output:physnet1
cookie=0x0, duration=84687.469s, table=0, n_packets=1416, n_bytes=458415, priority=100,in_port="ext-br2" actions=output:physnet1
cookie=0x0, duration=84117.197s, table=0, n_packets=4884, n_bytes=1793355, priority=100,in_port=physnet1 actions=NORMAL
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .