Page History

...

[8]https://cwiki.apache.org/confluence/display/CLOUDSTACK/Enhancements+to+GRE-based+SDN+overlay

[9]http://archive.openflow.org/documents/openflow-spec-v1.1.0.pdf

Document History

...

• priority:1200 :- allow all incoming broadcast (dl_dst=ff:ff:ff:ff:ff:ff) and multicast (nw_dst=224.0.0.0/24) traffic from the VIF's that are connected to the VM's
• priority:1100 :-permit broadcast (dl_dst=ff:ff:ff:ff:ff:ff) and multicast (nw_dst=224.0.0.0/24) traffic to be sent out ONLY on the VIF's that are connect to VM's (i.e excluding the tunnel interfaces)
• priority:1000 :- suppress all broadcast/multicast ingress traffic on GRE tunnels
• priority:0 :- do NORMAL 'normal' (openflow action) processing on the rest of the flows. this rule will ensure (due to NORMAL processing) new mac address seen from a interface is learned'normal' action)  mac address learning and switching

Flows rules for bridge connected to logical router with patch port (e.g. bridge for tier 1 network on host 1): will need additional rules to deal with patch port and ensure:

• explicitly do MAC learning only on VIF's connected to the VM's and on tunnel interfaces. So MAC learning on patch port (to avoid learning the gateway MAC address for the subnet corresponding to tier) is excluded
• for unknown mac address flood packets only on VIF's connected to the VM's and on tunnel interfaces excluding the ingress port and patch port
• on patch port only permit traffic destined to other subnets of VPC and with destination MAC address of gateway for the subnet.

Below diagram depicts the pipeline processing setup with flow [9] setup with openflow rules.

logical router: Flows rules for bridge acting as logical router:

...