[ovs-discuss] Arp and Duplicate IP
blp at nicira.com
Thu Oct 15 17:11:40 UTC 2015
On Thu, Oct 15, 2015 at 02:59:20PM +0300, Владимир Терентьев wrote:
> Hi. I have problem with openvswitch.
> I have server (172.16.0.32) and client(172.16.0.222). On server installed
> Openvswitch 2.3.0.
> On server:
> ifconfig eth0 0
> ovs-vsctl add-br main-sw
> ovs-vsctl add-port main-sw eth0
> ovs-vsctl add-port br0 vm1 -- set interface vm1 type=internal
> ovs-vsctl add-port br0 vm2 -- set interface vm2 type=internal
> ovs-vsctl add-port br0 vm3 -- set interface vm3 type=internal
> ifconfig main-sw 172.16.0.32/16 up
> ifconfig vm1 0 up
> ifconfig vm2 0 up
> ifconfig vm3 0 up
> When i try arp-scan 172.16.0.32/32 from client i have 4 arp-replays from
> ports of openvswitch.(same ip, different mac). This get problem-sometimes i
> cant ping server.(client get server mac from vm2, for example and wireshark
> get error-Duplicate ip).
This is the same issue reported in this entry in the FAQ.
### Q: I configured one IP address on VLAN 0 and another on VLAN 9, like
ovs-vsctl add-br br0
ovs-vsctl add-port br0 eth0
ifconfig br0 192.168.0.5
ovs-vsctl add-port br0 vlan9 tag=9 -- set interface vlan9 type=internal
ifconfig vlan9 192.168.0.9
but other hosts that are only on VLAN 0 can reach the IP address
configured on VLAN 9. What's going on?
A: RFC 1122 section 126.96.36.199 "Multihoming Requirements" describes two
approaches to IP address handling in Internet hosts:
- In the "Strong ES Model", where an ES is a host ("End
System"), an IP address is primarily associated with a
particular interface. The host discards packets that arrive
on interface A if they are destined for an IP address that is
configured on interface B. The host never sends packets from
interface A using a source address configured on interface B.
- In the "Weak ES Model", an IP address is primarily associated
with a host. The host accepts packets that arrive on any
interface if they are destined for any of the host's IP
addresses, even if the address is configured on some
interface other than the one on which it arrived. The host
does not restrict itself to sending packets from an IP
address associated with the originating interface.
Linux uses the weak ES model. That means that when packets
destined to the VLAN 9 IP address arrive on eth0 and are bridged to
br0, the kernel IP stack accepts them there for the VLAN 9 IP
address, even though they were not received on vlan9, the network
device for vlan9.
To simulate the strong ES model on Linux, one may add iptables rule
to filter packets based on source and destination address and
adjust ARP configuration with sysctls.
BSD uses the strong ES model.
More information about the discuss