Bug 1830283 - [OVN][RFE] Enhance port group support to allow matching on port group ID
Summary: [OVN][RFE] Enhance port group support to allow matching on port group ID
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux Fast Datapath
Classification: Red Hat
Component: OVN
Version: FDP 20.C
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: OVN Team
QA Contact: Jianlin Shi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-05-01 13:34 UTC by Dumitru Ceara
Modified: 2023-07-13 07:25 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FD-627 0 None None None 2022-05-01 12:14:43 UTC

Description Dumitru Ceara 2020-05-01 13:34:57 UTC
Description of problem:

Enhance OVN to support match expressions of the form "get_group_id(PG)" where PG is a PortGroup that has been configured with an additional (new) option "use_group_id_metadata".

Also add support for match expressions of the form "src_group_id".

get_group_id(PG): is a function that can be translated to an ID that maps to PG in the Southbound DB.

src_group_id is always populated in a register (in tunnel header as well when sending to remote), if the src port belongs to a group that has "use_group_id_metadata" = True.

This will allow CMSs to simplify their network policies and will also generate less openflow rules when used in ACLs such as:

match = "outport == @pg_B && src_group_id == get_group_id(pg_A)"
action = "allow"/"drop"/etc

Limitations:
A logical switch port can only be part of at most one Port_Group that has "use_group_id_metadata"=True.

Additional info:

https://mail.openvswitch.org/pipermail/ovs-discuss/2020-April/049888.html
https://mail.openvswitch.org/pipermail/ovs-discuss/2020-April/049932.html


Note You need to log in before you can comment on or make changes to this bug.