我有两个 OVS 桥,它们使用补丁连接到第三个 v-switch。
Bridge br1
Port br1
Interface br1
type: internal
Port br1-ext
Interface br1-ext
type: patch
options: {peer=ext-br1}
Port veth573b5f8a
Interface veth573b5f8a
Bridge br2
Port br2
Interface br2
type: internal
Port vethe3fada17
Interface vethe3fada17
Port br2-ext
Interface br2-ext
type: patch
options: {peer=ext-br2}
Bridge ext
Port physnet1
Interface physnet1
Port ext-br1
Interface ext-br1
type: patch
options: {peer=br1-ext}
Port ext
Interface ext
type: internal
Port ext-br2
Interface ext-br2
type: patch
options: {peer=br2-ext}
上面有一个 DHCP 服务器physnet1。我需要隔离这些 v-switches 之间的 L2 流量,但允许来自 physnet1 的 DHCP 流量。我该如何实现?
注意:现实生活中有 N 个 v-switches。
答案1
我发现我需要在流表中设置规则,我已经使用这些流实现了租户隔离:
删除分机桥上的默认流并:
cookie=0x0, duration=84697.471s, table=0, n_packets=3486, n_bytes=987906, priority=100,in_port="ext-br1" actions=output:physnet1
cookie=0x0, duration=84687.469s, table=0, n_packets=1416, n_bytes=458415, priority=100,in_port="ext-br2" actions=output:physnet1
cookie=0x0, duration=84117.197s, table=0, n_packets=4884, n_bytes=1793355, priority=100,in_port=physnet1 actions=NORMAL