Page History

...

Flows rules for bridge connected to VPC VR: no new additional flow rules are added to such bridges apart from what is added by OVS tunnel manager currently.  Bridge will just act as a mac learning L2 switch with rules to handle broadcast/multicast traffic. To recap from [4] below are the flow rules. there is single table 0 for all the rows.

...

Flows rules for bridge connected to logical router with patch port will need additional rules to deal with patch port and ensure:

• explicitly do MAC learning only on VIF's connected to the VM's and on tunnel interfaces. So MAC learning on patch port (to avoid learning the gateway MAC address for the subnet corresponding to tier) is excluded
• for unknown mac address flood packets only on VIF's connected to the VM's and on tunnel interfaces
• on patch port only permit traffic destined to other subnets of VPC

Below are the flow rules:

• priority 1200:- allow all incoming broadcast (dl_dst=ff:ff:ff:ff:ff:ff) and multicast (nw_dst=224.0.0.0/24) traffic from the VIF's that are connected to the VM's
• priority 1100 :-permit broadcast (dl_dst=ff:ff:ff:ff:ff:ff) and multicast (nw_dst=224.0.0.0/24) traffic to be sent out ONLY on the VIF's that are connect to VM's (i.e excluding the tunnel and patch interfaces)
• priority 1000 :- suppress all broadcast/multicast ingress traffic on GRE tunnels
• priority 1: all incoming packets on patch port, just flood
• priority:0 :- do NORMAL processing on the rest of the flows. this rule will ensure (due to NORMAL processing) new mac address seen from a interface is learned

...