[ovs-discuss] Scary flow forwarding packets across ovs bridges
Justin Pettit
jpettit at nicira.com
Sat Aug 29 20:53:15 UTC 2015
> On Aug 29, 2015, at 1:40 PM, Chen Weiwen <chenww at hotmail.com> wrote:
>
> Dear Experts,
>
> Need your help on OVS to explain this scary flow forwarding on Debian OS with OVS 2.3. You can see a SNAP packet received on br-ex bridge port 2 got forwarded to br-int and br-data bridges below. How could this happen?
>
> # ovs-dpctl dump-flows
> skb_priority(0),in_port(2),eth(src=00:9c:02:79:1b:75,dst=01:14:c2:44:1e:cc),eth_type(0/0xffff), packets:0, bytes:0, used:never, actions:1,3,5,4
>
> # ovs-dpctl show
> system at ovs-system:
> lookups: hit:0 missed:3913 lost:0
> flows: 0
> masks: hit:2009 total:0 hit/pkt:0.51
> port 0: ovs-system (internal)
> port 1: br-ex (internal)
> port 2: eth4
> port 3: br-int (internal)
> port 4: br-data (internal)
> port 5: eth3
>
> # ovs-vsctl show
> f53f59be-9e8b-4e65-bc96-8334b25a3510
> Bridge br-ex
> Port br-ex
> Interface br-ex
> type: internal
> Port phy-br-ex
> Interface phy-br-ex
> type: patch
> options: {peer=int-br-ex}
> Port "eth4"
> Interface "eth4"
> Bridge br-data
> Port phy-br-data
> Interface phy-br-data
> type: patch
> options: {peer=int-br-data}
> Port "eth3"
> Interface "eth3"
> Port br-data
> Interface br-data
> type: internal
> Bridge br-int
> fail_mode: secure
> Port int-br-ex
> Interface int-br-ex
> type: patch
> options: {peer=phy-br-ex}
> Port int-br-data
> Interface int-br-data
> type: patch
> options: {peer=phy-br-data}
> Port br-int
> Interface br-int
> type: internal
> ovs_version: "2.3.0"
It looks like you have patch ports connecting all those bridges. You didn't show your OpenFlow tables, but if they just have normal L2 forwarding, I would expect this behavior.
--Justin
More information about the discuss
mailing list