[ovs-dev] [PATCH] FAQ: Describe weak and strong ES models.
Ben Pfaff
blp at nicira.com
Mon Dec 16 17:28:55 UTC 2013
This needs a review.
On Mon, Nov 25, 2013 at 11:34:44AM -0800, Ben Pfaff wrote:
> Signed-off-by: Ben Pfaff <blp at nicira.com>
> ---
> FAQ | 44 ++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 44 insertions(+)
>
> diff --git a/FAQ b/FAQ
> index 2912ae3..df7b6ef 100644
> --- a/FAQ
> +++ b/FAQ
> @@ -935,6 +935,50 @@ A: Yes. Use an "internal port" configured as an access port. For
> ovs-vsctl add-port br0 vlan9 tag=9 -- set interface vlan9 type=internal
> ifconfig vlan9 192.168.0.7
>
> + See also the following question.
> +
> +Q: I configured one IP address on VLAN 0 and another on VLAN 9, like
> + this:
> +
> + ovs-vsctl add-br br0
> + ovs-vsctl add-port br0 eth0
> + ifconfig br0 192.168.0.5
> + ovs-vsctl add-port br0 vlan9 tag=9 -- set interface vlan9 type=internal
> + ifconfig vlan9 192.168.0.9
> +
> + but other hosts that are only on VLAN 0 can reach the IP address
> + configured on VLAN 9. What's going on?
> +
> +A: RFC 1122 section 3.3.4.2 "Multihoming Requirements" describes two
> + approaches to IP address handling in Internet hosts:
> +
> + - In the "Strong ES Model", where an ES is a host ("End
> + System"), an IP address is primarily associated with a
> + particular interface. The host discards packets that arrive
> + on interface A if they are destined for an IP address that is
> + configured on interface B. The host never sends packets from
> + interface A using a source address configured on interface B.
> +
> + - In the "Weak ES Model", an IP address is primarily associated
> + with a host. The host accepts packets that arrive on any
> + interface if they are destined for any of the host's IP
> + addresses, even if the address is configured on some
> + interface other than the one on which it arrived. The host
> + does not restrict itself to sending packets from an IP
> + address associated with the originating interface.
> +
> + Linux uses the weak ES model. That means that when packets
> + destined to the VLAN 9 IP address arrive on eth0 and are bridged to
> + br0, the kernel IP stack accepts them there for the VLAN 9 IP
> + address, even though they were not received on vlan9, the network
> + device for vlan9.
> +
> + To simulate the strong ES model on Linux, one may add iptables rule
> + to filter packets based on source and destination address and
> + adjust ARP configuration with sysctls.
> +
> + BSD uses the strong ES model.
> +
> Q: My OpenFlow controller doesn't see the VLANs that I expect.
>
> A: The configuration for VLANs in the Open vSwitch database (e.g. via
> --
> 1.7.10.4
>
More information about the dev
mailing list