[ovs-discuss] MAC Antispoof OVS Builtin
luiz.ozaki at locaweb.com.br
Tue Mar 13 11:44:31 PDT 2012
On 3/13/12 3:18 PM, Ben Pfaff wrote:
> Here's what I have in mind. Presumably you are working with some kind
> of hypervisor or CMS or whatever that has a database of VMs. That
> database would normally include the MAC address that the VM "owns";
> perhaps it also includes an IP address.
> Now suppose that your controller knows how to talk to the database of
> VMs as well as to an OpenFlow switch and to OVSDB. When a new port
> appears through OpenFlow, the controller figures out which VM it is
> associated with (via the "external-ids" in the OVSDB row for the
> interface), looks it up in the database of VMs, and sets up the proper
> ACLs via OpenFlow to allow the VM to talk on its own MAC (and possibly
> IP) but not on others.
> Does that make sense?
Yep, makes sense.
I was just missing how the controller could get which VM is connected to
that port and querying the OVSDB solves that.
Thanks Ben !
More information about the discuss