[ovs-discuss] Traffic bypassing virtual switches

Reid Price rprice at nicira.com
Fri Jul 12 17:18:12 UTC 2013 

Hi Edu Serra,

The environment you describe seems straightforward and is known to work.
 Does the attached image really reflect your topology?  There seems to be
an issue somewhere in these statements:

   - The very first moment a machine had 2 interfaces up, some traffic
   would happen to be replicated
   - Also, between switches there is no patch, nor anything, and there is
   no forwarding on the VM machines of any type.
   - We turned off completly interfaces ifInt1 and ifInt2 from the VM's
   (what does 'turn off' mean?  mention actual commands)

You are missing useful information for bug reports. (e.g.:
https://github.com/enukane/ovs/blob/master/REPORTING-BUGS).  Is the VLAN
tagged on the VM or on the bridge?

I would check your VM configuration and make sure you understand how the IP
stack responds to incoming packets.

  -Reid


On Fri, Jul 12, 2013 at 7:39 AM, Edu Serra <eduser25 at gmail.com> wrote:

> Hi everyone,
>
> We have one topology we needed to recreate and we chose to try openvswitch
> for it. After reading a lot and several days through trial-and-error tests
> ,we decided we would post our case.
>
> Topology to be recreated is as the image (attachement) shows.
>
> First off, vlan100 shall be used for management purposes and should be
> seen througout the whole network (outside from the very same host), and
> vlan150 should be an internal, virtualized lan that would be only used for
> traffic shapping tests.
>
> The very first moment a machine had 2 interfaces up, some traffic would
> happen to be replicated and the VM's and even the host would eventually die
> due to cpu overload. We found that to avoid this, we had to at least have
> STP to avoid loops in our topology. We also tweaked several ARP options in
> unix kernel to avoid certain ARP announcements and responses be made
> through unproper interfaces.
>
> When we finally got to have the topology and all connectivity seemed fine,
> we started our traffic shaping tests, and we found that the traffic going
> through the Internal Vlan was kinda weird. We checked (through
> tcpdump/wireshark) the traffic recieved on the Int switch's interfaces and
> we found out that most of the traffic from VLAN 100 was getting "somehow"
> to the other switch.
>
> To further test this, we repliacted the same case, but this time we turned
> off completly interfaces ifInt1 and ifInt2 from the VM's, which would lead
> to see only the traffic generated by the Switch Int (only STP?) , but to
> our surprise, in this situation the traffic from the other switch was
> getting through this switch and its interfaces as well.
>
> There is no controller attached to neither of them (should them be working
> as learning switches). Also, between switches there is no patch, nor
> anything, and there is no forwarding on the VM machines of any type.
>
> Any help would be greatfully appreciated-
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20130712/9a7f8da1/attachment-0001.html>

More information about the discuss mailing list