[ovs-dev] [PATCH] packets: First-hop router redundancy protocol MAC addresses are not BPDUs.

Ben Pfaff blp at nicira.com
Thu Jul 26 04:47:42 UTC 2012


The third byte of the Cisco MACs was just a typo in the commit message,
it wasn't present where it counted.

On Wed, Jul 25, 2012 at 06:28:07PM -0700, Ben Basler wrote:
> Ben,
> 
> Your third byte of the Cisco MAC is incorrect - should read
> 01:00:0c:c.:c.:c. instead of 01:00:00:c.:c.:c.
> 
> Also have to be a bit more specific on the EDP/EAPS/ESRP MACs (i.e. let
> 00:e0:2b:00:00:02 & 00:e0:2b:00:00:08 pass since those are for ESRP) which
> OVS shouldn't block. Only MACs ending with 00/04/06 should be dropped.
> 
> Cheers,
> Ben
> 
> -----Original Message-----
> From: Ethan Jackson [mailto:ethan at nicira.com]
> Sent: Wednesday, July 25, 2012 1:14 PM
> To: Ben Pfaff
> Cc: Mehak Mahajan; dev at openvswitch.org; Ben Basler
> Subject: Re: [ovs-dev] [PATCH] packets: First-hop router redundancy
> protocol MAC addresses are not BPDUs.
> 
> Ok, I'd like to review it too.
> 
> Ethan
> 
> On Wed, Jul 25, 2012 at 1:13 PM, Ben Pfaff <blp at nicira.com> wrote:
> > I'm waiting for Ben Basler to review it.
> >
> > On Wed, Jul 25, 2012 at 01:12:45PM -0700, Ethan Jackson wrote:
> >> Can you hold off on merging this a bit, I want to think about it.
> >>
> >> Ethan
> >>
> >> On Wed, Jul 25, 2012 at 1:12 PM, Mehak Mahajan <mmahajan at nicira.com>
> wrote:
> >> > Hey Ben,
> >> >
> >> > The patch looks good to me.
> >> >
> >> > As a side note, I do not see the documentation about OVS not
> >> > forwarding the Extreme Discovery Protocol bpdus in vswitch.xml
> >> >
> >> > thanx!
> >> > mehak
> >> >
> >> >
> >> > On Wed, Jul 25, 2012 at 12:59 PM, Ben Pfaff <blp at nicira.com> wrote:
> >> >>
> >> >> Commit c93f9a78c349 (packets: Update the reserved protocols list.)
> >> >> added a number of first-hop router redundancy protocol MAC
> >> >> addresses to the list of BPDU MAC addresses.  This means that
> >> >> packets destined to those MAC addresses are dropped when
> >> >> other-config:forward-bpdu is set to false on a bridge (the default
> setting).
> >> >>
> >> >> However, this behavior is incorrect, because these MAC addresses
> >> >> are not special in the way that, say, STP frames are special.  STP
> >> >> is a switch-to-switch protocol that end hosts have no use for, but
> >> >> end hosts do speak directly to routers on the MAC addresses
> >> >> assigned by VRRP and the other protocols in this category.
> >> >> Therefore, dropping packets in this category means that end hosts
> >> >> can no longer talk to their first-hop router, if that router is
> >> >> running one of these protocols.
> >> >>
> >> >> Following this commit, OVS drops the following protocols when
> >> >> other-config:forward-bpdu is false:
> >> >>
> >> >>     - 01:08:c2:00:00:0x (STP, pause frames, other IEEE reserved
> >> >> protocols).
> >> >>     - 00:e0:2b:00:0x:xx (Extreme Discovery Protocol).
> >> >>     - 01:00:0c:00:00:00 (Cisco Inter Switch Link).
> >> >>     - 01:00:00:c.:c.:c. where each . is either c or d (CDP, VTP,
> >> >> DTP, PAgP,
> >> >>       PVSTP+, STP Uplink Fast, and others).
> >> >>
> >> >> Bug #12618.
> >> >> CC: Ben Basler <bbasler at nicira.com>
> >> >> Signed-off-by: Ben Pfaff <blp at nicira.com>
> >> >> ---
> >> >>  lib/packets.c        |   25 ++-----------------------
> >> >>  vswitchd/vswitch.xml |   16 ----------------
> >> >>  2 files changed, 2 insertions(+), 39 deletions(-)
> >> >>
> >> >> diff --git a/lib/packets.c b/lib/packets.c index 5729167..37a8593
> >> >> 100644
> >> >> --- a/lib/packets.c
> >> >> +++ b/lib/packets.c
> >> >> @@ -43,9 +43,8 @@ dpid_from_string(const char *s, uint64_t *dpidp)
> >> >>      return *dpidp != 0;
> >> >>  }
> >> >>
> >> >> -/* Returns true if 'ea' is a reserved multicast address, that a
> >> >> bridge must
> >> >> - * never forward, false otherwise.  Includes some proprietary
> >> >> vendor protocols
> >> >> - * that shouldn't be forwarded as well.
> >> >> +/* Returns true if 'ea' is a reserved address, that a bridge must
> >> >> +never
> >> >> + * forward, false otherwise.
> >> >>   *
> >> >>   * If you change this function's behavior, please update
> corresponding
> >> >>   * documentation in vswitch.xml at the same time. */ @@ -62,26
> >> >> +61,6 @@ eth_addr_is_reserved(const uint8_t ea[ETH_ADDR_LEN])
> >> >>              {0x01, 0x08, 0xc2, 0x00, 0x00, 0x00},
> >> >>              {0xff, 0xff, 0xff, 0xff, 0xff, 0xf0}},
> >> >>
> >> >> -        { /* VRRP IPv4. */
> >> >> -            {0x00, 0x00, 0x5e, 0x00, 0x01, 0x00},
> >> >> -            {0xff, 0xff, 0xff, 0xff, 0xff, 0x00}},
> >> >> -
> >> >> -        { /* VRRP IPv6. */
> >> >> -            {0x00, 0x00, 0x5e, 0x00, 0x02, 0x00},
> >> >> -            {0xff, 0xff, 0xff, 0xff, 0xff, 0x00}},
> >> >> -
> >> >> -        { /* HSRPv1. */
> >> >> -            {0x00, 0x00, 0x0c, 0x07, 0xac, 0x00},
> >> >> -            {0xff, 0xff, 0xff, 0xff, 0xff, 0x00}},
> >> >> -
> >> >> -        { /* HSRPv2. */
> >> >> -            {0x00, 0x00, 0x0c, 0x9f, 0xf0, 0x00},
> >> >> -            {0xff, 0xff, 0xff, 0xff, 0xf0, 0x00}},
> >> >> -
> >> >> -        { /* GLBP. */
> >> >> -            {0x00, 0x07, 0xb4, 0x00, 0x00, 0x00},
> >> >> -            {0xff, 0xff, 0xff, 0x00, 0x00, 0x00}},
> >> >> -
> >> >>          { /* Extreme Discovery Protocol. */
> >> >>              {0x00, 0xE0, 0x2B, 0x00, 0x00, 0x00},
> >> >>              {0xff, 0xff, 0xff, 0xff, 0xf0, 0x00}}, diff --git
> >> >> a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml index
> >> >> e6ea844..ed92de1 100644
> >> >> --- a/vswitchd/vswitch.xml
> >> >> +++ b/vswitchd/vswitch.xml
> >> >> @@ -569,22 +569,6 @@
> >> >>            <dt><code>01:80:c2:00:00:0<var>x</var></code></dt>
> >> >>            <dd>Other reserved protocols.</dd>
> >> >>
> >> >> -
> <dt><code>00:00:5e:00:01:<var>x</var><var>x</var></code></dt>
> >> >> -          <dd> VRRP IPv4 virtual router MAC address. </dd>
> >> >> -
> >> >> -
> <dt><code>00:00:5e:00:02:<var>x</var><var>x</var></code></dt>
> >> >> -          <dd> VRRP IPv6 virtual router MAC address. </dd>
> >> >> -
> >> >> -
> <dt><code>00:00:0c:07:ac:<var>x</var><var>x</var></code></dt>
> >> >> -          <dd> HSRP Version 1. </dd>
> >> >> -
> >> >> -
> >> >> <dt><code>00:00:0c:9f:f<var>x</var>:<var>x</var><var>x</var></code>
> >> >> -          </dt>
> >> >> -          <dd> HSRP Version 2. </dd>
> >> >> -
> >> >> -
> >> >>
> <dt><code>00:07:b4:<var>x</var><var>x</var>:<var>x</var><var>x</var>:<var>
> x</var><var>x</var></code></dt>
> >> >> -          <dd> GLBP. </dd>
> >> >> -
> >> >>            <dt><code>01:00:0c:cc:cc:cc</code></dt>
> >> >>            <dd>
> >> >>              Cisco Discovery Protocol (CDP), VLAN Trunking
> >> >> Protocol (VTP),
> >> >> --
> >> >> 1.7.2.5
> >> >>
> >> >> _______________________________________________
> >> >> dev mailing list
> >> >> dev at openvswitch.org
> >> >> http://openvswitch.org/mailman/listinfo/dev
> >> >
> >> >
> >> >
> >> > _______________________________________________
> >> > dev mailing list
> >> > dev at openvswitch.org
> >> > http://openvswitch.org/mailman/listinfo/dev
> >> >



More information about the dev mailing list