[ovs-discuss] LSC does not affect traffic flow
blp at ovn.org
Thu May 2 17:21:08 UTC 2019
How is the ICMP traffic entering the system?
On Thu, May 02, 2019 at 09:13:42AM -0500, Christopher Seeley wrote:
> That would make sense, but the problem isn't different vlans coming
> through. When the bridge is down traffic is still flowing through it. The
> ovsdb is not updating the change in link state. Would that cause the
> problem? If so, what can be done to remedy this?
> On Wed, May 1, 2019 at 6:39 PM Ben Pfaff <blp at ovn.org> wrote:
> > On Wed, May 01, 2019 at 01:02:41PM -0500, Christopher Seeley wrote:
> > > Good afternoon. I have run across a problem using version 2.9.2 on Ubuntu
> > > 18.04.2. When the bridge is set to a down state, traffic is still flowing
> > > through it. Is there a configuration that I have missed?
> > >
> > > Steps to reproduce:
> > > 1) Clean Ubuntu 18.04.2 install
> > > 2) sudo apt update && sudo apt upgrade -y
> > > 3) sudo apt install openvswitch-switch openvswitch-common -y
> > > 4) sudo ovs-vsctl add-br br0 -- add-port br0 eth0 -- add-port br0
> > > intern-extern -- set interface intern-extern type=internal
> > > 5) sudo ip addr flush dev eth0 && sudo dhclient intern-extern
> > > 6) sudo ip link set down dev br0
> > > 7) run ping and still get a response
> > >
> > >
> > > Any assitance you can give me with this would be appreciated.
> > Sounds like the same issue described in the FAQ, possibly same solution.
> > Q: I configured one IP address on VLAN 0 and another on VLAN 9, like this::
> > $ ovs-vsctl add-br br0
> > $ ovs-vsctl add-port br0 eth0
> > $ ip addr add 192.168.0.5/24 dev br0
> > $ ip link set br0 up
> > $ ovs-vsctl add-port br0 vlan9 tag=9 -- set interface vlan9
> > type=internal
> > $ ip addr add 192.168.0.9/24 dev vlan9
> > $ ip link set vlan9 up
> > but other hosts that are only on VLAN 0 can reach the IP address
> > configured on
> > VLAN 9. What's going on?
> > A: `RFC 1122 section 22.214.171.124 "Multihoming Requirements"
> > <https://tools.ietf.org/html/rfc1122>`__ describes two approaches to
> > IP
> > address handling in Internet hosts:
> > - In the "Strong ES Model", where an ES is a host ("End System"), an IP
> > address is primarily associated with a particular interface. The
> > host
> > discards packets that arrive on interface A if they are destined for
> > an
> > IP address that is configured on interface B. The host never sends
> > packets from interface A using a source address configured on
> > interface
> > B.
> > - In the "Weak ES Model", an IP address is primarily associated with a
> > host. The host accepts packets that arrive on any interface if they
> > are
> > destined for any of the host's IP addresses, even if the address is
> > configured on some interface other than the one on which it
> > arrived. The
> > host does not restrict itself to sending packets from an IP address
> > associated with the originating interface.
> > Linux uses the weak ES model. That means that when packets destined
> > to the
> > VLAN 9 IP address arrive on eth0 and are bridged to br0, the kernel IP
> > stack accepts them there for the VLAN 9 IP address, even though they
> > were
> > not received on vlan9, the network device for vlan9.
> > To simulate the strong ES model on Linux, one may add iptables rule to
> > filter packets based on source and destination address and adjust ARP
> > configuration with sysctls.
> > BSD uses the strong ES model.
> Christopher Seeley
> Software Developer
> M: (618) 975-6324
> 1472 North Green Mount Road
> O'Fallon, IL 62269
More information about the discuss