I've two OVS bridges which they are connected to the 3rd v-switch using patch(es).
Bridge br1
Port br1
Interface br1
type: internal
Port br1-ext
Interface br1-ext
type: patch
options: {peer=ext-br1}
Port veth573b5f8a
Interface veth573b5f8a
Bridge br2
Port br2
Interface br2
type: internal
Port vethe3fada17
Interface vethe3fada17
Port br2-ext
Interface br2-ext
type: patch
options: {peer=ext-br2}
Bridge ext
Port physnet1
Interface physnet1
Port ext-br1
Interface ext-br1
type: patch
options: {peer=br1-ext}
Port ext
Interface ext
type: internal
Port ext-br2
Interface ext-br2
type: patch
options: {peer=br2-ext}
There's a DHCP server over physnet1
. I need to isolate L2 traffic between these v-switches but allow DHCP traffic from physnet1. How i can achieve that?
Note: There's N v-switches IRL.
I found that I need to set rules in the flow table, I've achieved tenant isolation using these flows:
delete default flow on ext bridge and: