[ovs-dev] [PATCH] FAQ: Explain why allowing only unicast traffic breaks IP connectivity.
Justin Pettit
jpettit at nicira.com
Wed Sep 25 20:28:33 UTC 2013
Thanks for writing this up. I think the example may be clearer if you defined the flow in terms of IP addresses instead of MAC addresses, since those are typically the flows that are tripping people up.
--Justin
On Sep 25, 2013, at 1:14 PM, Ben Pfaff <blp at nicira.com> wrote:
> Signed-off-by: Ben Pfaff <blp at nicira.com>
> ---
> FAQ | 20 ++++++++++++++++++++
> 1 file changed, 20 insertions(+)
>
> diff --git a/FAQ b/FAQ
> index 5744d5a..91eb870 100644
> --- a/FAQ
> +++ b/FAQ
> @@ -1299,6 +1299,26 @@ A: Yes, OpenFlow requires a switch to ignore attempts to send a packet
> 2,3,4,5,6,\
> pop:NXM_OF_IN_PORT[]
>
> +Q: My bridge br0 has a host with MAC address 54:00:00:00:00:01 on port
> + 1 and a host with MAC address 54:00:00:00:00:02 on port 2. I set
> + up flows to forward only traffic destined to the other host and
> + drop other traffic, like this:
> +
> + priority=5,in_port=1,dl_dst=54:00:00:00:00:02,actions=2
> + priority=5,in_port=2,dl_dst=54:00:00:00:00:01,actions=1
> + priority=0,actions=drop
> +
> + But it doesn't work--I don't get any connectivity when I do this.
> + Why?
> +
> +A: Hosts broadcast the ARP packets needed to establish IP connectivity
> + on an Ethernet network. Your flows only allow unicast packets, so
> + the hosts can never establish connectivity. To solve the probelm,
> + you minimally need to add flows to allow ARP. But it's probably
> + better to add flows to allow all multicast and broadcast traffic:
> +
> + priority=5,in_port=1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00,actions=2
> + priority=5,in_port=2,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00,actions=1
>
> Contact
> -------
> --
> 1.7.10.4
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
More information about the dev
mailing list