neutron/neutron/plugins
LIU Yulong 7ce65c9478
Local mac direct flow for non-openflow firewall
When there is no openflow firewall, aka the ovs agent security group
is disabled or Noop/HybridIptable, this patch will introduce a different
ingress pipeline for bridge ports which will avoid ingress flood:
(1) table=0,  in_port=patch_bridge,dl_vlan=physical_vlan action=mod_vlan:local_vlan,goto:60 (original)
(2) table=60, in_port=patch_bridge                       action=goto:61                     (new)
(3) table=61, dl_dst=local_port_mac,dl_vlan=local_vlan,  action=strip_vlan,output:<ofport>  (changes)

And changes the local ports pipeline:
(1) table=0,  in_port=local_ofport                       action=goto:25                  (original)
(2) table=25, in_port=local_ofport,dl_src=local_port_mac action=goto:60                  (original)
(3) table=60, in_port=local_ofport,dl_src=local_port_mac action=local_vlan->reg6,goto:61 (changes)
(4) table=61, dl_dst=local_port_mac,reg6=local_vlan,     action=output:<ofport>          (changes)

Closes-Bug: #1884708
Closes-Bug: #1881070
Related-Bug: #1732067
Related-Bug: #1866445
Related-Bug: #1883321

Conflicts:
    neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py
    neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/openflow/native/test_br_int.py

Change-Id: Iecf9cffaf02616342f1727ad7db85545d8adbec2
(cherry picked from commit 959d8b6d73)
2020-11-04 16:15:37 +01:00
..
common use plugin utils from neutron-lib 2018-07-12 08:13:05 -06:00
ml2 Local mac direct flow for non-openflow firewall 2020-11-04 16:15:37 +01:00
__init__.py Finish off rebranding of the Nicira NVP plugin 2014-03-01 18:14:52 -08:00