[ovs-discuss] Behavior when ping "internal" bridge interface ip with dpdk port attached
fbl at sysclose.org
Thu Sep 3 21:51:40 UTC 2015
On Wed, Aug 26, 2015 at 10:27:52PM +0800, Du, Fan wrote:
> After creating a user space ovs bridge, and assign an valid ip address
> after the "internal" bridge name, then add a physical interface, e.g.
> ens806f1 to the bridge. Ping the internal bridge ip address from the other
> host will work ok.
Just to be clear, the userspace doesn't provide a networking stack, so
there is no IP address, ping or arp replies. It does work because the
internal port is a TAP device so vswitchd can push data to the networking
stack in the kernel.
> But once I prevent all the packets reaching ens806f1 by iptable rules,
> Ping from the other host will not work. So my understanding is kernel
> network stack responds to the ARP request, in which case bypass ovs user
> space bridge.
> iptables -A INPUT -i ens806f1 -j DROP
> iptables -A FORWARD -i ens806f1 -j DROP
> But when attaching a dpdk type port(instead of the physical interface
> like ens806f1) to the bridge,I can tcpdump ARP_REPLY from the dummy
> mirroring port, but the ARP_REPLY packet didn't reach from the other host.
> So I'm puzzled, in scenario of dpdk port attached:
> a. which part of code build the ARP_REPLY packet?
> b. why the arp reply packet didn't hit on wire after setting arp with
> normal action flow?
You might want to look at flow and port stats to see what is going on.
More information about the discuss