At which interface GBP rules are applied in compute node

asked 2017-10-01 03:31:47 -0500

Rajesh Ramachandran gravatar image

With an Openstack environment integrated with Cisco ACI for networking,

If we are going with Group based policy for security rules for instances, at which interface the GBP policy is applied in the compute node :

Output of hypervisor with single instance running on it :

# ip a | grep -i tap
23: tapd3b51c87-5e: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN qlen 1000
#


# ovs-vsctl show
931c18f8-9544-469c-a38b-ba3b6792110b
    Bridge br-int
        fail_mode: secure
        Port of-svc-ovsport
            Interface of-svc-ovsport
        Port "enp8s0"
            Interface "enp8s0"
        Port br-int
            Interface br-int
                type: internal
        Port "tapd3b51c87-5e"
            Interface "tapd3b51c87-5e"
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
    ovs_version: "2.5.0"
edit retag flag offensive close merge delete