[ovs-discuss] OVS learned duplicated FDB entries on two different Virtual Machine interfaces

Chen, Weiwen wei-wen.chen at hpe.com
Fri Jul 15 16:30:37 UTC 2016 

Hi Ben,

I think I am closer to the issue. The problem is the somehow VM gets plugged to the vswitch internal interface, not really vnet0 port, so it can hear all mac addresses. Not sure a bug in virsh or OVS. On another setup I have 2 vswitches: cs-eno1 and cs-eno2 with internal interfaces on port 4 and port 1 respectively. I am surprised to see vswitch cs-eno1 has the FDB entries on cs-eno2/port 1. Seems a bug for OVS?

# ovs-appctl fdb/show cs-eno1
 port  VLAN  MAC                Age
    1  1304  00:50:56:88:e3:e7  134
    1     0  00:50:56:88:5f:c9  128
    1     0  be:c8:a0:e0:03:77  116
    1     0  00:50:56:88:22:42  116
    1     0  be:c8:a0:e0:03:85  115 

# ovs-dpctl show
system at ovs-system:
        lookups: hit:694659076 missed:99684211 lost:1003
        flows: 196
        masks: hit:4482180901 total:18 hit/pkt:5.64
        port 0: ovs-system (internal)
        port 1: cs-eno2 (internal)
        port 2: eno2
        port 3: vnet0
        port 4: cs-eno1 (internal)
        port 5: eno1



-----Original Message-----
From: Ben Pfaff [mailto:blp at ovn.org] 
Sent: Wednesday, July 13, 2016 4:32 PM
To: Chen, Weiwen <wei-wen.chen at hpe.com>
Cc: discuss at openvswitch.org
Subject: Re: [ovs-discuss] OVS learned duplicated FDB entries on two different Virtual Machine interfaces

Before, you said "I thought VM interface should be access port."  If they are actually trunk ports, then I do not understand your environment.

OVS only learns MACs that it actually receives from a port, within the VLANs associated with the packets.  If you see the same MAC learned on multiple VLANs, then it is because that MAC was observed within multiple VLANs.

On Wed, Jul 13, 2016 at 09:47:29PM +0000, Chen, Weiwen wrote:
> Hi Ben,
> 
> Unfortunately I need to configure the port as trunk mode as I need to bring up VLAN subinterfaces inside the VM. However, I do not expect OVS will learn the MAC of VM2 on port of VM1, right?
> 
> In addition, I double checked there is no real duplicated MAC existing in my env.
> 
> Thanks & Regards
> -weiwen
> 
> -----Original Message-----
> From: Ben Pfaff [mailto:blp at ovn.org]
> Sent: Wednesday, July 13, 2016 3:21 PM
> To: Chen, Weiwen <wei-wen.chen at hpe.com>
> Cc: discuss at openvswitch.org
> Subject: Re: [ovs-discuss] OVS learned duplicated FDB entries on two 
> different Virtual Machine interfaces
> 
> On Tue, Jul 12, 2016 at 04:03:33AM +0000, Chen, Weiwen wrote:
> > I have RHEL KVM host with both OVS 2.50/2.31 (on different systems) 
> > but experienced the VM interface has a large forward entries. I 
> > thought VM interface should be access port and with single VM MAC in 
> > FDB. Is this a bug in OVS? If not, please let me what is configured 
> > wrong.
> > 
> > Thanks a lot!
> > 
> > Here are my configuration:
> > 
> > # ovs-vsctl show
> >     Bridge "cs-eno1"
> >         Port "vnet5"
> >             Interface "vnet5"
> >         Port "cs-eno1"
> >             Interface "cs-eno1"
> >                 type: internal
> >         Port "vnet3"
> >             Interface "vnet3"
> >         Port "vnet8"
> >             Interface "vnet8"
> >         Port "vnet4"
> >             Interface "vnet4"
> >         Port conf
> >             Interface conf
> >                 type: internal
> >         Port "eno1"
> >             Interface "eno1"
> >         Port "vnet1"
> >             Interface "vnet1"
> >         Port "vnet2"
> >             Interface "vnet2"
> >         Port "vnet0"
> >             Interface "vnet0"
> > ovs_version: "2.5.0"
> 
> OVS certainly supports access ports, but all of the above are configured as trunks.  To configure an OVS port as an access port, one must set the "tag" column to a VLAN ID (and this would show up in "ovs-vsctl show"
> output), either at the time of adding the port or later.
> 
> The ovs-vsctl manpage explains how to set an access VLAN at the time of adding a port:
> 
>        [--may-exist] add-port bridge port [column[:key]=value]...
>               Creates on bridge a new port named port from the network  device
>               of the same name.
> 
>               Optional  arguments set values of column in the Port record cre‐
>               ated by the command.  For example, tag=9 would make the port  an
>               access  port for VLAN 9.  The syntax is the same as that for the
>               set command (see Database Commands below).
> 
>               Without --may-exist, attempting to create a port that exists  is
>               an  error.   With --may-exist, this command does nothing if port
>               already exists on bridge and is not a bonded port.
>

More information about the discuss mailing list