[one-users] BLACK and WHITE_PORTS with open vswitch
Oriol Martí
omarti at cesca.cat
Mon Feb 18 04:24:50 PST 2013
Hi Jaime,
looking at the file /var/lib/one/remotes/vnm/ovswitch/OpenvSwitch.rb
My idea is to add that black_ports look for : and do the command
add_flow("tcp,dl_dst=#{@nic[:mac]},tp_dst=#{p}",:drop)
for every port in the range.
With the white_port, the normal behaviour is all closed but the
indicated ports? my idea is to do the drop for all the ports but the
indicated ports.
Is this correct? I'm not sure if this big amount of rules can add extra
load to the node or it can derive to problems...
Thanks,
On 02/18/2013 12:33 PM, Jaime Melis wrote:
> Hi Oriol,
>
> yes, WHITE_PORTS is not implement, and neither are port ranges with
> semi-colon:
> http://opennebula.org/documentation:rel3.8:openvswitch#network_filtering
>
> The reason is because iptables filters won't work with Open vSwitch,
> so port filtering is implemented via OpenFlow. If you find a way to
> improve the drivers it would be really nice. Let me know if I can help
> in any way.
>
> cheers,
> Jaime
>
>
> On Mon, Feb 18, 2013 at 11:52 AM, Oriol Martí <omarti at cesca.cat
> <mailto:omarti at cesca.cat>> wrote:
>
> Hi,
> I'm deploying the Open vswitch driver and when I create one VM
> with the BLACK and WHITE_PORTS it doesn't work.
>
> I've seen the code and I'm not sure, but I think that white port
> is not implemented and the black ports only is doing a strip for
> "," not by ":", then if you want to configure a VM with all the
> ports closed and only opened the 80 is very difficult to do
> because you would have to write all the ports, one by one, and is
> impossible to indicate a range of ports like 80:65535
>
> I'm thinking to write the code necessary to do that, but I'm not
> sure, because I don't know the reason why is not finished.... Does
> anybody know something about that?
>
> Best regards,
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org <mailto:Users at lists.opennebula.org>
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
>
>
> --
> Jaime Melis
> Project Engineer
> OpenNebula - The Open Source Toolkit for Cloud Computing
> www.OpenNebula.org <http://www.OpenNebula.org> | jmelis at opennebula.org
> <mailto:jmelis at opennebula.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130218/3c5fd4ec/attachment.htm>
More information about the Users
mailing list