[ovs-dev] [PATCH] FAQ: Describe weak and strong ES models.

Ben Pfaff blp at nicira.com
Mon Dec 16 17:28:55 UTC 2013


This needs a review.

On Mon, Nov 25, 2013 at 11:34:44AM -0800, Ben Pfaff wrote:
> Signed-off-by: Ben Pfaff <blp at nicira.com>
> ---
>  FAQ |   44 ++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 44 insertions(+)
> 
> diff --git a/FAQ b/FAQ
> index 2912ae3..df7b6ef 100644
> --- a/FAQ
> +++ b/FAQ
> @@ -935,6 +935,50 @@ A: Yes.  Use an "internal port" configured as an access port.  For
>         ovs-vsctl add-port br0 vlan9 tag=9 -- set interface vlan9 type=internal
>         ifconfig vlan9 192.168.0.7
>  
> +   See also the following question.
> +
> +Q: I configured one IP address on VLAN 0 and another on VLAN 9, like
> +   this:
> +
> +       ovs-vsctl add-br br0
> +       ovs-vsctl add-port br0 eth0
> +       ifconfig br0 192.168.0.5
> +       ovs-vsctl add-port br0 vlan9 tag=9 -- set interface vlan9 type=internal
> +       ifconfig vlan9 192.168.0.9
> +
> +   but other hosts that are only on VLAN 0 can reach the IP address
> +   configured on VLAN 9.  What's going on?
> +
> +A: RFC 1122 section 3.3.4.2 "Multihoming Requirements" describes two
> +   approaches to IP address handling in Internet hosts:
> +
> +       - In the "Strong ES Model", where an ES is a host ("End
> +         System"), an IP address is primarily associated with a
> +         particular interface.  The host discards packets that arrive
> +         on interface A if they are destined for an IP address that is
> +         configured on interface B.  The host never sends packets from
> +         interface A using a source address configured on interface B.
> +
> +       - In the "Weak ES Model", an IP address is primarily associated
> +         with a host.  The host accepts packets that arrive on any
> +         interface if they are destined for any of the host's IP
> +         addresses, even if the address is configured on some
> +         interface other than the one on which it arrived.  The host
> +         does not restrict itself to sending packets from an IP
> +         address associated with the originating interface.
> +
> +   Linux uses the weak ES model.  That means that when packets
> +   destined to the VLAN 9 IP address arrive on eth0 and are bridged to
> +   br0, the kernel IP stack accepts them there for the VLAN 9 IP
> +   address, even though they were not received on vlan9, the network
> +   device for vlan9.
> +
> +   To simulate the strong ES model on Linux, one may add iptables rule
> +   to filter packets based on source and destination address and
> +   adjust ARP configuration with sysctls.
> +
> +   BSD uses the strong ES model.
> +
>  Q: My OpenFlow controller doesn't see the VLANs that I expect.
>  
>  A: The configuration for VLANs in the Open vSwitch database (e.g. via
> -- 
> 1.7.10.4
> 



More information about the dev mailing list