...
- Straightforward for VMware to enable PVLAN feature.
- For OVS, flow table need following modifications:
1. For each VM:
Outgoing tag with pvlan: priority=50,dl_src=<VM MAC> actions=mod_vlan_vid:<secondary isolated vlan>,output:<trunk port>
2. For each VM in the same host as DHCP server:
<a> Allow communitcation with DHCP server(e.g. DNS): priority=100,dl_src=<VM MAC>,dl_dst=<DHCP MAC> actions=NORMAL
<b> Allow DHCP request: priority=60,udp,dl_src=<VM MAC>,nw_dst=255.255.255.255,tp_dst=67 actions=NORMAL
4 3. For each host has DHCP server:
<a> ARP for DHCP server from outside: priority=160,arp,dl_vlan=<secondary isolated vlan>, nw_dst=<DHCP IP> actions=mod_vlan_vid:<primary vlan>,NORMAL
<b> ARP for DHCP server: priority=150,arp,nw_dst=<DHCP IP> actions=NORMAL
<c> Accept packets from outside(e.g. DNS): priority=100,dl_vlan=<secondary isolated vlan>,dl_dst=<DHCP MAC> actions=mod_vlan_vid:<primary vlan>,NORMAL
<d> Accept DHCP request from outside: priority=60,udp,dl_vlan=<secondary isolated vlan>,nw_dst=255.255.255.255,tp_dst=67 actions=mod_vlan_vid:<primary vlan>,NORMAL - The VM migration and host restart would affect the rules, need to be reprogrammed.
...
{"serverDuration": 213, "requestCorrelationId": "da1248491457fe3f"}