[ovs-discuss] [OVN] flow explosion in lr_in_arp_resolve table
Dan Winship
danwinship at redhat.com
Fri May 1 21:02:25 UTC 2020
On 5/1/20 12:37 PM, Girish Moodalbail wrote:
> If we now look at table=12 (lr_in_arp_resolve) in the ingress pipeline
> of Gateway Router-1, then you will see that there will be 2000 logical
> flow entries...
> In the topology above, the only intended path is North-South between
> each gateway router and the logical router. There is no east-west
> traffic between the gateway routers
> Is there an another way to solve the above problem with just keeping the
> single join logical switch?
Two thoughts:
1. In openshift-sdn, the bridge doesn't try to handle ARP itself. It
just lets ARP requests pass through normally, and lets ARP replies pass
through normally as long as they are correct (ie, it doesn't let
spoofing through). This means fewer flows but more traffic. Maybe that's
the right tradeoff?
2. In most places in ovn-kubernetes, our MAC addresses are
programmatically related to the corresponding IP addresses, and in
places where that's not currently true, we could try to make it true,
and then perhaps the thousands of rules could just be replaced by a
single rule?
-- Dan
More information about the discuss
mailing list