[ovs-discuss] Isolated traffic with VLAN ?

krakydark krakydark at gmail.com
Sat Aug 10 12:13:45 UTC 2019


Hi,

I have 3 VM (qemu), 2 on vlan 10 and 1 on vlan 66 on the same lab1 
OpenVSwitch. The first VM is connected via a tap interface on port 
lab1vm1. The second has 2 network interfaces connected on port lab1dhcp 
and lab1dhcpmaster and the third VM on port dhcpmaster.

|------------- ----------------------- -------------- | VM 1 | | VM2 | | 
VM3 | |10.10.10.3 | |10.8.6.1 10.10.10.13| | 10.10.10.2 | ------------- 
----------------------- -------------- | | | | | | | | 
------------------------------------------------------------------ 
|lab1vm1 lab1dhcp lab1dhcpadm dhcpmaster OVS lab1| |tag 10 tag 10 tag 66 
tag 66 | ------------------------------------------------------------------ |

The OpenVSwitch is configured as follow :

|Bridge"lab1"Port"lab1vm1"tag:10Interface"lab1vm1"Port"lab1"tag:10Interface"lab1"type:internal 
Port"lab1dhcp"tag:10Interface"lab1dhcp"Port"lab1dhcpadm"tag:66Interface"lab1dhcpadm"Portdhcpmaster 
tag:66Interfacedhcpmaster ovs_version:"2.9.2"|

The problem: VM1 can ping VM3!

  * If I power off VM2 or shutdown lab1dhcp or lab1dhcpadm interface,
    the ping doesn't work.
  * If I shutdown the two network interfaces of VM2 (eth0 and eth1),
    ping works !

I assume that the packet is intercepted by the linux kernel which 
forward the traffic directly to dhcpmaster ovs interface, without pass 
through the OVS

Why I have build this lab ? I want to distribute IP with DHCP server on 
VM2 to vlan 10 and with a DHCP on VM3 to vlan 66. But as the traffic is 
not isolated, VM on vlan 10 can get IP from DHCP on VM3 (from another VLAN).


How can I solve this problem ?

Best regard

Flo.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20190810/f55d1125/attachment.html>


More information about the discuss mailing list