Ewan Mellor
0a56ae6fa2
If domain 0 has an IP address on a given bridge, then add a flow rule to allow traffic to leave that port. This allows for the case where domain 0 and the tenant network are sharing a bridge, which is useful in non-production environments. At the same time, simplify the interface to ovs_configure_base_rules.py. There is no need to pass the bridge in, because it's implicit in the selection of the physical interface, and can be obtained using ovs-vsctl iface-to-br. Having made these two changes, it's now reasonable to apply flow rules to all interfaces as a default (if not overridden in the sysconfig file). Change-Id: I2a33ed55246d49b0e4f57db909e1b40351d27602
16 lines
778 B
Plaintext
16 lines
778 B
Plaintext
# The interfaces that you want to apply base OVS rules to. If this is
|
|
# unspecified then rules are applied to all eth* interfaces, which is a good
|
|
# default.
|
|
#
|
|
# If you are worried about the performance of having rules on interfaces
|
|
# that aren't carrying tenant traffic, or you want to do something
|
|
# custom, then here you can explicitly choose the interfaces that should have
|
|
# rules applied.
|
|
#
|
|
# Note that if there is an IP address on the bridge in domain 0 (i.e. the
|
|
# xenbrX interface) then a rule will be applied that allows traffic to it.
|
|
# Make sure that this is what you want. If you don't want tenant traffic
|
|
# to be able to reach domain 0 -- the usual case -- then you should have
|
|
# tenant traffic and domain 0 on entirely separate bridges.
|
|
#INTERFACES="eth0 eth1"
|