[ovs-discuss] Anti-spoof rules with vlans on XCP (XENSERVER)...
Justin Pettit
jpettit at nicira.com
Thu May 5 07:28:18 UTC 2011
I think Ben is suggesting that you may have a controller configured, even if you're not running one. Do you see anything when you run the following?
ovs-vsctl get-controller xapi5
I don't know that the behavior changed, but you can change the fail mode to not "fail open" by running the following:
ovs-vsctl set-fail-mode xapi5 secure
--Justin
On May 5, 2011, at 12:13 AM, Kristoffer Egefelt wrote:
> Ah, that could be the problem.
> I don't have a controller - I think the fail-open default changed from xcp 0.5 to 1.0.
>
> Anybody using a controller for xcp/xenserver which is pool-aware and capable of setting up antispoofing rules? Any ideas or suggestions would be appreciated.
>
> Thanks :-)
>
> Regards
> Kristoffer
>
>
>
>
> On Mon, May 2, 2011 at 10:01 PM, Ben Pfaff <blp at nicira.com> wrote:
> On Mon, May 02, 2011 at 01:43:36PM +0200, Kristoffer Egefelt wrote:
> > I'm trying to add rules to ovs to prevent virtual machines stealing ip
> > addresses from each other.
> > Using XCP, based on XENSERVER 5.6fp1 with ovs version 1.0.2.
>
> Your setup looks OK to me. I see that none of your rules have any
> hits. That's odd--it seems likely that the switch has fallen into
> "fail open" mode. Do you have a controller configured?
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss
More information about the discuss
mailing list