[ovs-discuss] questions about fake-bridge

Ben Pfaff blp at nicira.com
Mon Nov 25 19:34:40 UTC 2013 

On Mon, Nov 25, 2013 at 08:10:40PM +0800, chen zhang wrote:
> hi dear all!
> is fake-bridge just devised for the ports in with the same vlan tag in
> real-bridge?
> 
> i make it like this:
> ovs-vsctl add-br br0
> ovs-vsctl add-br br1 br0 2
> ovs-vsctl add-port br0 eth1(connecting with host 1,172.16.0.1)
> 
> ifconfig br0 172.16.0.10
> ifconfig br1 172.16.0.11
> 
> it succeeded when host 1 pings br1,i can understand because br1 is an
> "internal" port which just works as a host with an IP connecting to the
> real-bridge.
> 
> but when i set port br1 tag=100,host 1 can still ping with br1 . how does
> fake-bridge itself communicate with real-bridge?

Q: I configured one IP address on VLAN 0 and another on VLAN 9, like
   this:

       ovs-vsctl add-br br0
       ovs-vsctl add-port br0 eth0
       ifconfig br0 192.168.0.5
       ovs-vsctl add-port br0 vlan9 tag=9 -- set interface vlan9 type=internal
       ifconfig vlan9 192.168.0.9

   but other hosts that are only on VLAN 0 can reach the IP address
   configured on VLAN 9.  What's going on?

A: RFC 1122 section 3.3.4.2 "Multihoming Requirements" describes two
   approaches to IP address handling in Internet hosts:

       - In the "Strong ES Model", where an ES is a host ("End
         System"), an IP address is primarily associated with a
         particular interface.  The host discards packets that arrive
         on interface A if they are destined for an IP address that is
         configured on interface B.  The host never sends packets from
         interface A using a source address configured on interface B.

       - In the "Weak ES Model", an IP address is primarily associated
         with a host.  The host accepts packets that arrive on any
         interface if they are destined for any of the host's IP
         addresses, even if the address is configured on some
         interface other than the one on which it arrived.  The host
         does not restrict itself to sending packets from an IP
         address associated with the originating interface.

   Linux uses the weak ES model.  That means that when packets
   destined to the VLAN 9 IP address arrive on eth0 and are bridged to
   br0, the kernel IP stack accepts them there for the VLAN 9 IP
   address, even though they were not received on vlan9, the network
   device for vlan9.

   To simulate the strong ES model on Linux, one may add iptables rule
   to filter packets based on source and destination address and
   adjust ARP configuration with sysctls.

   BSD uses the strong ES model.

More information about the discuss mailing list