[ovs-dev] [PATCH] FAQ: Explain why allowing only unicast traffic breaks IP connectivity.

Ben Pfaff blp at nicira.com
Wed Sep 25 20:14:49 UTC 2013


Signed-off-by: Ben Pfaff <blp at nicira.com>
---
 FAQ |   20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/FAQ b/FAQ
index 5744d5a..91eb870 100644
--- a/FAQ
+++ b/FAQ
@@ -1299,6 +1299,26 @@ A: Yes, OpenFlow requires a switch to ignore attempts to send a packet
                                        2,3,4,5,6,\
                                        pop:NXM_OF_IN_PORT[]
 
+Q: My bridge br0 has a host with MAC address 54:00:00:00:00:01 on port
+   1 and a host with MAC address 54:00:00:00:00:02 on port 2.  I set
+   up flows to forward only traffic destined to the other host and
+   drop other traffic, like this:
+
+      priority=5,in_port=1,dl_dst=54:00:00:00:00:02,actions=2
+      priority=5,in_port=2,dl_dst=54:00:00:00:00:01,actions=1
+      priority=0,actions=drop
+
+   But it doesn't work--I don't get any connectivity when I do this.
+   Why?
+
+A: Hosts broadcast the ARP packets needed to establish IP connectivity
+   on an Ethernet network.  Your flows only allow unicast packets, so
+   the hosts can never establish connectivity.  To solve the probelm,
+   you minimally need to add flows to allow ARP.  But it's probably
+   better to add flows to allow all multicast and broadcast traffic:
+
+      priority=5,in_port=1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00,actions=2
+      priority=5,in_port=2,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00,actions=1
 
 Contact 
 -------
-- 
1.7.10.4




More information about the dev mailing list