Comment 2 for bug 1720734

After discussion, the proposed solution was not accepted.

Instead, we will start by implementing the port-behind-port solution, with the following notes:

1. Allowed Address Pair functionality is not removed. However, it's (OpenFlow) priority is reduced so that other methods will take precedence.

2. Detecting port-behind-port will be done heuristically, on the Neutron Server side.

3. port-behind-port will only be detected if the port already exists when allowed address pairs is updated.

4. The Trunk application will be extended to support port-behind-port. The algorithm:

4.1 . The 'Front' port is the port connected to the virtual switch. The 'Back' port is the port behind it (e.g. the MACVLAN port).

4.2. (Classification) For packets from the 'Front' port, if they match the IP/MAC of the back port, then the source port and network will be updated for the 'Back' port. The packet will continue its pipeline from there as usual.

4.3. (Dispatch) For packets to the 'Back' port, if they match the IP/MAC (and network) of the back port, then the packets will be dispatched to the 'Front' port. The metadata (e.g. reg7) will be updated, but the packet data will not be changed.

4.4. Nested Allowed Address Pairs and (nested) port-behind-port is not supported. All 'Back' ports should be directly behind the 'Front' port. Dragonflow doesn't care about the internal topology behind the 'Front' port anyway.