Page History

...

Flows rules for bridge connected to logical router with patch port port (e.g. bridge for tier 1 network on host 1): will need additional rules to deal with patch port and ensure:

...

Below diagram depicts the pipeline processing setup with flow rules.

logical router:

Flows rules for bridge acting as logical router:

Flows are setup in pipeline processing model as depicted in below diagram, to emulate packet processing on the VPC VR. A default rule with least priority (0) is set in egress ACL's table to forward packets to lookup table. Flow rules are added to egress ACL table with high priority (to overrider default rule) to drop packets corresponding to egress network ACL's for the tier. Route look up is done in table 1 which is pre populated to resubmit to next level ingress ACL table depending on the destination subnet.  A default rule with least priority (0) is set in ingress ACL's table to output packets to a port. Flow rules are added to ingress ACL table with high priority (to overrider default rule) to drop packets corresponding to ingree network ACL's for the tier. 

Lets assume tier1, tier 2 and tier3 has subnets 10.1.1.0/24, 10.1.2.0/24 and 10.1.3.0/24 respectively. 

...