[ovs-discuss] LSC does not affect traffic flow

Ben Pfaff blp at ovn.org
Thu May 2 17:21:08 UTC 2019


How is the ICMP traffic entering the system?

On Thu, May 02, 2019 at 09:13:42AM -0500, Christopher Seeley wrote:
> That would make sense, but the problem isn't different vlans coming
> through. When the bridge is down traffic is still flowing through it. The
> ovsdb is not updating the change in link state. Would that cause the
> problem? If so, what can be done to remedy this?
> 
> On Wed, May 1, 2019 at 6:39 PM Ben Pfaff <blp at ovn.org> wrote:
> 
> > On Wed, May 01, 2019 at 01:02:41PM -0500, Christopher Seeley wrote:
> > > Good afternoon. I have run across a problem using version 2.9.2 on Ubuntu
> > > 18.04.2. When the bridge is set to a down state, traffic is still flowing
> > > through it. Is there a configuration that I have missed?
> > >
> > > Steps to reproduce:
> > > 1) Clean Ubuntu 18.04.2 install
> > > 2) sudo apt update && sudo apt upgrade -y
> > > 3) sudo apt install openvswitch-switch openvswitch-common -y
> > > 4) sudo ovs-vsctl add-br br0 -- add-port br0 eth0 -- add-port br0
> > > intern-extern -- set interface intern-extern type=internal
> > > 5) sudo ip addr flush dev eth0 && sudo dhclient intern-extern
> > > 6) sudo ip link set down dev br0
> > > 7) run ping  and still get a response
> > >
> > >
> > > Any assitance you can give me with this would be appreciated.
> >
> > Sounds like the same issue described in the FAQ, possibly same solution.
> >
> > Q: I configured one IP address on VLAN 0 and another on VLAN 9, like this::
> >
> >     $ ovs-vsctl add-br br0
> >     $ ovs-vsctl add-port br0 eth0
> >     $ ip addr add 192.168.0.5/24 dev br0
> >     $ ip link set br0 up
> >     $ ovs-vsctl add-port br0 vlan9 tag=9 -- set interface vlan9
> > type=internal
> >     $ ip addr add 192.168.0.9/24 dev vlan9
> >     $ ip link set vlan9 up
> >
> > but other hosts that are only on VLAN 0 can reach the IP address
> > configured on
> > VLAN 9.  What's going on?
> >
> >     A: `RFC 1122 section 3.3.4.2 "Multihoming Requirements"
> >     <https://tools.ietf.org/html/rfc1122>`__ describes two approaches to
> > IP
> >     address handling in Internet hosts:
> >
> >     - In the "Strong ES Model", where an ES is a host ("End System"), an IP
> >       address is primarily associated with a particular interface.  The
> > host
> >       discards packets that arrive on interface A if they are destined for
> > an
> >       IP address that is configured on interface B.  The host never sends
> >       packets from interface A using a source address configured on
> > interface
> >       B.
> >
> >     - In the "Weak ES Model", an IP address is primarily associated with a
> >       host.  The host accepts packets that arrive on any interface if they
> > are
> >       destined for any of the host's IP addresses, even if the address is
> >       configured on some interface other than the one on which it
> > arrived.  The
> >       host does not restrict itself to sending packets from an IP address
> >       associated with the originating interface.
> >
> >     Linux uses the weak ES model.  That means that when packets destined
> > to the
> >     VLAN 9 IP address arrive on eth0 and are bridged to br0, the kernel IP
> >     stack accepts them there for the VLAN 9 IP address, even though they
> > were
> >     not received on vlan9, the network device for vlan9.
> >
> >     To simulate the strong ES model on Linux, one may add iptables rule to
> >     filter packets based on source and destination address and adjust ARP
> >     configuration with sysctls.
> >
> >     BSD uses the strong ES model.
> >
> 
> 
> -- 
> Christopher Seeley
> Software Developer
> M: (618) 975-6324
> [image:
> https://ci4.googleusercontent.com/proxy/N6FGWffGoRzwldCSUGY-TdS5283f1qufOUeSehWDEk0uSdTmwAA_U1NgdVoRvGNVWfWD0QpLQ4RcZ-UwUP30TUtlCy-HzoMxZUua7hmgR_NZwQTVmRIezA=s0-d-e1-ft#http://cybercents.com/assets/img/cybercents_logo_dark-ab5b14ef.png]
> 1472 North Green Mount Road
> O'Fallon, IL 62269




More information about the discuss mailing list