[ovs-dev] [PATCH] FAQ: Describe weak and strong ES models.

Ben Pfaff blp at nicira.com
Mon Nov 25 19:34:44 UTC 2013 

Signed-off-by: Ben Pfaff <blp at nicira.com>
---
 FAQ |   44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/FAQ b/FAQ
index 2912ae3..df7b6ef 100644
--- a/FAQ
+++ b/FAQ
@@ -935,6 +935,50 @@ A: Yes.  Use an "internal port" configured as an access port.  For
        ovs-vsctl add-port br0 vlan9 tag=9 -- set interface vlan9 type=internal
        ifconfig vlan9 192.168.0.7
 
+   See also the following question.
+
+Q: I configured one IP address on VLAN 0 and another on VLAN 9, like
+   this:
+
+       ovs-vsctl add-br br0
+       ovs-vsctl add-port br0 eth0
+       ifconfig br0 192.168.0.5
+       ovs-vsctl add-port br0 vlan9 tag=9 -- set interface vlan9 type=internal
+       ifconfig vlan9 192.168.0.9
+
+   but other hosts that are only on VLAN 0 can reach the IP address
+   configured on VLAN 9.  What's going on?
+
+A: RFC 1122 section 3.3.4.2 "Multihoming Requirements" describes two
+   approaches to IP address handling in Internet hosts:
+
+       - In the "Strong ES Model", where an ES is a host ("End
+         System"), an IP address is primarily associated with a
+         particular interface.  The host discards packets that arrive
+         on interface A if they are destined for an IP address that is
+         configured on interface B.  The host never sends packets from
+         interface A using a source address configured on interface B.
+
+       - In the "Weak ES Model", an IP address is primarily associated
+         with a host.  The host accepts packets that arrive on any
+         interface if they are destined for any of the host's IP
+         addresses, even if the address is configured on some
+         interface other than the one on which it arrived.  The host
+         does not restrict itself to sending packets from an IP
+         address associated with the originating interface.
+
+   Linux uses the weak ES model.  That means that when packets
+   destined to the VLAN 9 IP address arrive on eth0 and are bridged to
+   br0, the kernel IP stack accepts them there for the VLAN 9 IP
+   address, even though they were not received on vlan9, the network
+   device for vlan9.
+
+   To simulate the strong ES model on Linux, one may add iptables rule
+   to filter packets based on source and destination address and
+   adjust ARP configuration with sysctls.
+
+   BSD uses the strong ES model.
+
 Q: My OpenFlow controller doesn't see the VLANs that I expect.
 
 A: The configuration for VLANs in the Open vSwitch database (e.g. via
-- 
1.7.10.4

More information about the dev mailing list