[ovs-discuss] MAC Antispoof OVS Builtin

Luiz Ozaki luiz.ozaki at locaweb.com.br
Tue Mar 13 11:44:31 PDT 2012


On 3/13/12 3:18 PM, Ben Pfaff wrote:
> Here's what I have in mind.  Presumably you are working with some kind
> of hypervisor or CMS or whatever that has a database of VMs.  That
> database would normally include the MAC address that the VM "owns";
> perhaps it also includes an IP address.
>
> Now suppose that your controller knows how to talk to the database of
> VMs as well as to an OpenFlow switch and to OVSDB.  When a new port
> appears through OpenFlow, the controller figures out which VM it is
> associated with (via the "external-ids" in the OVSDB row for the
> interface), looks it up in the database of VMs, and sets up the proper
> ACLs via OpenFlow to allow the VM to talk on its own MAC (and possibly
> IP) but not on others.
>
> Does that make sense?

Yep, makes sense.

I was just missing how the controller could get which VM is connected to 
that port and querying the OVSDB solves that.

Thanks Ben !


More information about the discuss mailing list