[ovs-discuss] CDP (cisco discovery protocol) packets being dropped by OVS

Field, Brian Brian_Field at cable.comcast.com
Tue Mar 31 11:47:36 UTC 2015

Thanks.  As you suggested, doing a "ovs-vsctl set bridge ovs-br0
other-config:forward-bpdu=true² resolved the issue.

One thing I¹m still grappling with is what¹s written in
ovs-vswitchd.conf.db(5) and the behavior I¹m seeing by setting this option
to true.  Namely, in http://openvswitch.org/ovs-vswitchd.conf.db.5.pdf
under "other_config : forward-bpdu: optional string, either true or
false², the last two sentences say "Default is disabled, set to true to
enable. The following destination MAC addresss will not be forwarded when
this option is enabled.²  And the CDP MAC is listed:

01:00:0c:cc:cc:cc Cisco Discovery Protocol (CDP), VLAN Trunking Protocol
(VTP), Dynamic Trunking
Protocol (DTP), Port Aggregation Protocol (PAgP), and others

So when I read this part of the doc, it seems to suggest that setting
forwarding-bpdu=true should cause CDP frames not to be forwarded‹ but in
reality setting this option to true enabled them to be forwarded.

What am I missing?


On 3/30/15, 10:42 AM, "Ben Pfaff" <blp at nicira.com> wrote:

>On Sun, Mar 29, 2015 at 01:44:58PM +0000, Field, Brian wrote:
>> I¹ve noticed the CDP frames are being dropped by OVS:
>> # ovs-dpctl dump-flows
>>c),eth_type(0/0xffff), packets:0, bytes:0, used:never, actions:drop
>> In http://benpfaff.org/~blp/ovs-fields.pdf, it mentions ³OpenFlow and
>>Open vSwitch only support LLC headers with DSAP and SSAP 0xaa and
>>control byte 0x03, which indicate that a SNAP header follows the LLC
>>header. In turn, OpenFlow and Open vSwitch only support a SNAP header
>>with organization 0x000000."
>> CDP frames use LLC/SNAP encapsulation with an organization code of
>>(0xc).  So it would appear this is why CDP frames are being dropped by
>No.  I expect it's because forward-bpdu is disabled.  Please see
>ovs-vswitchd.conf.db(5) for details.
>> Is the limitation to only support LLC/SNAP with org values of 0x0 a
>>limitation imposed on OVS because OpenFlow doesn¹t support orŠ ?
>It is true that OpenFlow does not support this, but the reason is
>primarily that no one has found this important enough to implement.
>For CDP, for example, you can alternatively match on the destination
>Ethernet address, which is 01:00:0c:cc:cc:cc for CDP.

More information about the discuss mailing list