[ovs-dev] [PATCH] tnl-ports: Add destination IP and MAC address to the match.
Pravin Shelar
pshelar at nicira.com
Fri Sep 4 23:19:52 UTC 2015
On Fri, Sep 4, 2015 at 4:09 PM, Ben Pfaff <blp at nicira.com> wrote:
> On Fri, Sep 04, 2015 at 02:02:56PM -0700, Pravin Shelar wrote:
>> On Fri, Sep 4, 2015 at 1:50 PM, Ben Pfaff <blp at nicira.com> wrote:
>> > On Wed, Sep 02, 2015 at 09:03:15PM -0700, Pravin B Shelar wrote:
>> >> Currently tnl-port table wildcard destination ip and mac addresses
>> >> for given tunnel packet. That could result accepting tunnel
>> >> packets destined for other hosts. Following patch adds
>> >> support for matching for ip and mac address.
>> >> IP address upates to tnl-port table are piggybacked on
>> >> ovs-router updates.
>> >>
>> >> Reported-by: Ben Pfaff <blp at nicira.com>
>> >> Signed-off-by: Pravin B Shelar <pshelar at nicira.com>
>> >
>> > When I substitute this for my patch "ovn-controller: Attach local_ip to
>> > each tunnel." in my series at
>> > https://github.com/blp/ovs-reviews/tree/ovn-sandbox4, or if I use the
>> > two together, I get tons of dropped packets in the test that that series
>> > adds. With just my patch, it passes consistently.
>> >
>> > I haven't read the code in this patch yet. I'll try to figure what's
>> > happening.
>> >
>>
>> I guess it is missing /32 route for the interface ip-address.
>> On Linux every net-device has this route set. for example if you
>> configure 1.1.1.1 on br0, there would be a route 1.1.1.1/32. This
>> route is used to configure tnl-port table ip-address. If that does not
>> exist then OVS will drop these packet.
>> So for ovs-dummy netdevices you need to explicitly set these entries
>> in ovs-router, so that tnl-port table can use it. You can have look at
>> diff for tests/tunnel-push-pop.at.
>
> OK, that's the problem then. Now it works.
>
> Tested-by: Ben Pfaff <blp at nicira.com>
>
> It seems weird that I need the same route with two different prefix
> lengths though.
>
It work automatically for linux system devices. But It might not be
the case on other platforms. So
I am working on v2 which will not need such route.
More information about the dev
mailing list