[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvswitch-discuss
Subject:    [ovs-discuss] Restrict IP address dst to an Openvswitch port
From:       jpettit () nicira ! com (Justin Pettit)
Date:       2015-07-27 16:59:31
Message-ID: 4024A5B3-C1BC-478D-9D27-174C56B915C9 () nicira ! com
[Download RAW message or body]


> On Jul 18, 2015, at 3:36 PM, Benoit GEORGELIN - Association Web4all \
> <benoit.georgelin at web4all.fr> wrote: 
> Hi openvswitch community , 
> 
> Since few weeks i'm using OpenVswitch , I'm looking to build a virtual network for \
> lxc containers.  I would like to use OpenVswitch to restrict communication on a \
> specific port.  
> In my example I have two containers A and B 
> Each containers are linked to an OpenVswitch Interface ( int-A et int-B ) 
> 
> A have an IP address : 10.0.0.1 configured inside the container
> B have an IP address: 10.0.0.2 configured inside the container
> 
> I would like to allow only destination 10.0.0.1 to int-A and 10.0.0.2 to int-B
> 
> Can I do it this by Openflow ? Any example would be appreciated. 

Yes.  Take a look at the ovs-ofctl man page.  You'll want to look at the "nw_dst" \
match in particular.

--Justin


[prev in list] [next in list] [prev in thread] [next in thread]