[ovs-discuss] Anti-spoof rules with vlans on XCP (XENSERVER)...

Kristoffer Egefelt dr.fersken at gmail.com
Thu May 5 11:03:17 UTC 2011


>From the pool master i get:

#ovs-vsctl get-controller xapi5
ssl:10.10.3.250:6633

Probably because I tried the Citrix controller at some point - should it
work if I delete it with:

#ovs-vsctl del-controller xapi5

is it safe?

Running:
ovs-vsctl get-fail-mode xapi5
returns nothing...

Thanks

On Thu, May 5, 2011 at 9:28 AM, Justin Pettit <jpettit at nicira.com> wrote:

> I think Ben is suggesting that you may have a controller configured, even
> if you're not running one.  Do you see anything when you run the following?
>
>        ovs-vsctl get-controller xapi5
>
> I don't know that the behavior changed, but you can change the fail mode to
> not "fail open" by running the following:
>
>        ovs-vsctl set-fail-mode xapi5 secure
>
> --Justin
>
>
> On May 5, 2011, at 12:13 AM, Kristoffer Egefelt wrote:
>
> > Ah, that could be the problem.
> > I don't have a controller - I think the fail-open default changed from
> xcp 0.5 to 1.0.
> >
> > Anybody using a controller for xcp/xenserver which is pool-aware and
> capable of setting up antispoofing rules? Any ideas or suggestions would be
> appreciated.
> >
> > Thanks :-)
> >
> > Regards
> > Kristoffer
> >
> >
> >
> >
> > On Mon, May 2, 2011 at 10:01 PM, Ben Pfaff <blp at nicira.com> wrote:
> > On Mon, May 02, 2011 at 01:43:36PM +0200, Kristoffer Egefelt wrote:
> > > I'm trying to add rules to ovs to prevent virtual machines stealing ip
> > > addresses from each other.
> > > Using XCP, based on XENSERVER 5.6fp1 with ovs version 1.0.2.
> >
> > Your setup looks OK to me.  I see that none of your rules have any
> > hits.  That's odd--it seems likely that the switch has fallen into
> > "fail open" mode.  Do you have a controller configured?
> >
> > _______________________________________________
> > discuss mailing list
> > discuss at openvswitch.org
> > http://openvswitch.org/mailman/listinfo/discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20110505/db28f401/attachment.html>


More information about the discuss mailing list