[ovs-discuss] MAC address rule blocking failure

Mike Bursell mike.bursell at citrix.com
Thu Dec 22 08:35:45 PST 2011 

A Merry Christmas to all of you!

We've discovered what we suspect is a bug, and are looking for thoughts, please!

Observed behaviour:
- Continuous pings being sent from laptop to vm1
- vm2 is quiescent
- Intermittently, the response to a ping from laptop is seen on vm2

Hypotheses:
1. as vm2 is quiescent, maybe the switch loses its MAC address, and it is disassociated with the relevant port on the switch.  For some reason, packets are sent to it.
2. from time to time, OVS loses track of where to send the ping responses (the default gw), and therefore they end up being broadcast to all ports, which means that tcpdump picks them up on vm2.

Details below.

I've not yet had a chance to try to reproduce this behaviour, but we think that hypothesis 2 is more likely.  As a short-term work-around, how about a rule directing all packets known _not_ to originate from one of the VMs to be sent by default to the port which is connected externally?

-Mike.


Here's the set-up:
--------------------------
xenhost)
eth0 -> xenbr0 -> dom0
eth1 -> xenbr1 -> vm's

vm1)
mac=00:16:3e:16:3e:16
IP=212.227.35.227
port=3

vm2)
mac=00:16:3e:16:3e:18
IP=212.227.35.231
port=5

laptop) 
mac=?
IP=172.17.17.223

Default_gw=00:00:0c:9f:f0:00
----------------------------

Rules
--------------------------
$ofctl dump-flows xenbr1:

NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=836.613s, table_id=0, n_packets=14, n_bytes=588, priority=3,arp,in_port=3,dl_src=00:16:3e:16:3e:16,nw_src=212.227.35.227,arp_sha=00:16:3e:16:3e:16 actions=NORMAL
 cookie=0x0, duration=834.456s, table_id=0, n_packets=0, n_bytes=0, priority=3,arp,in_port=5,dl_src=00:16:3e:16:3e:18,nw_src=0.0.0.0,arp_sha=00:16:3e:16:3e:18 actions=NORMAL
 cookie=0x0, duration=834.464s, table_id=0, n_packets=17, n_bytes=714, priority=3,arp,in_port=5,dl_src=00:16:3e:16:3e:18,nw_src=212.227.35.231,arp_sha=00:16:3e:16:3e:18 actions=NORMAL
 cookie=0x0, duration=836.603s, table_id=0, n_packets=0, n_bytes=0, priority=3,arp,in_port=3,dl_src=00:16:3e:16:3e:16,nw_src=0.0.0.0,arp_sha=00:16:3e:16:3e:16 actions=NORMAL
 cookie=0x0, duration=836.623s, table_id=0, n_packets=0, n_bytes=0, priority=39500,udp,in_port=3,dl_src=00:16:3e:16:3e:16,dl_dst=ff:ff:ff:ff:ff:ff,tp_dst=67 actions=NORMAL
 cookie=0x0, duration=834.472s, table_id=0, n_packets=0, n_bytes=0, priority=39500,udp,in_port=5,dl_src=00:16:3e:16:3e:18,dl_dst=ff:ff:ff:ff:ff:ff,tp_dst=67 actions=NORMAL
 cookie=0x0, duration=834.449s, table_id=0, n_packets=1327, n_bytes=117198, priority=3,ip,in_port=5,dl_src=00:16:3e:16:3e:18,nw_src=212.227.35.231 actions=NORMAL
 cookie=0x0, duration=836.594s, table_id=0, n_packets=2703, n_bytes=335078, priority=3,ip,in_port=3,dl_src=00:16:3e:16:3e:16,nw_src=212.227.35.227 actions=NORMAL
 cookie=0x0, duration=834.434s, table_id=0, n_packets=282, n_bytes=27299, priority=1,in_port=5 actions=drop
 cookie=0x0, duration=834.441s, table_id=0, n_packets=6132, n_bytes=527511, priority=2,in_port=1 actions=NORMAL
 cookie=0x0, duration=836.576s, table_id=0, n_packets=204, n_bytes=22682, priority=1,in_port=3 actions=drop
 cookie=0x0, duration=1911257.572s, table_id=0, n_packets=4168683, n_bytes=406562795, priority=0 actions=NORMAL


tcpdump output
-----
tcpdump on vm1 shows traffic from vm2 (outgoing, icmp-replies while running an mtr from 172.17.17.223 to vm2(212.227.35.231)


linuxtestvm1:~# tcpdump -nei eth0 "ether host not 00:16:3e:16:3e:16 and ether host not ff:ff:ff:ff:ff:ff and ether host not 33:33:00:00:00:66"

14:11:26.511267 00:16:3e:16:3e:18 > 00:00:0c:9f:f0:00, ethertype IPv4 (0x0800), length 78: 212.227.35.231 > 172.17.17.223: ICMP echo reply, id 26121, seq 134, length 44
14:11:27.516488 00:16:3e:16:3e:18 > 00:00:0c:9f:f0:00, ethertype IPv4 (0x0800), length 78: 212.227.35.231 > 172.17.17.223: ICMP echo reply, id 26121, seq 1670, length 44
14:11:28.520643 00:16:3e:16:3e:18 > 00:00:0c:9f:f0:00, ethertype IPv4 (0x0800), length 78: 212.227.35.231 > 172.17.17.223: ICMP echo reply, id 26121, seq 3206, length 44
14:11:29.525771 00:16:3e:16:3e:18 > 00:00:0c:9f:f0:00, ethertype IPv4 (0x0800), length 78: 212.227.35.231 > 172.17.17.223: ICMP echo reply, id 26121, seq 4742, length 44
14:11:30.530851 00:16:3e:16:3e:18 > 00:00:0c:9f:f0:00, ethertype IPv4 (0x0800), length 78: 212.227.35.231 > 172.17.17.223: ICMP echo reply, id 26121, seq 6278, length 44
14:11:31.535663 00:16:3e:16:3e:18 > 00:00:0c:9f:f0:00, ethertype IPv4 (0x0800), length 78: 212.227.35.231 > 172.17.17.223: ICMP echo reply, id 26121, seq 7814, length 44
14:11:32.541616 00:16:3e:16:3e:18 > 00:00:0c:9f:f0:00, ethertype IPv4 (0x0800), length 78: 212.227.35.231 > 172.17.17.223: ICMP echo reply, id 26121, seq 9350, length 44
14:11:33.547110 00:16:3e:16:3e:18 > 00:00:0c:9f:f0:00, ethertype IPv4 (0x0800), length 78: 212.227.35.231 > 172.17.17.223: ICMP echo reply, id 26121, seq 10886, length 44
14:11:34.551334 00:16:3e:16:3e:18 > 00:00:0c:9f:f0:00, ethertype IPv4 (0x0800), length 78: 212.227.35.231 > 172.17.17.223: ICMP echo reply, id 26121, seq 12422, length 44
14:11:35.558228 00:16:3e:16:3e:18 > 00:00:0c:9f:f0:00, ethertype IPv4 (0x0800), length 78: 212.227.35.231 > 172.17.17.223: ICMP echo reply, id 26121, seq 13958, length 44
14:11:36.561956 00:16:3e:16:3e:18 > 00:00:0c:9f:f0:00, ethertype IPv4 (0x0800), length 78: 212.227.35.231 > 172.17.17.223: ICMP echo reply, id 26121, seq 15494, length 44

More information about the discuss mailing list