[ovs-discuss] MAC address rule blocking failure
blp at nicira.com
Thu Dec 22 09:42:58 PST 2011
On Thu, Dec 22, 2011 at 04:35:45PM +0000, Mike Bursell wrote:
> We've discovered what we suspect is a bug, and are looking for
> thoughts, please!
> Observed behaviour:
> - Continuous pings being sent from laptop to vm1
> - vm2 is quiescent
> - Intermittently, the response to a ping from laptop is seen on vm2
Is anything else going on? Certain kinds of changes to a bridge
(adding and removing ports, etc.) can cause the MAC learning table, or
particular entries in it, to be flushed. If VMs are being brought up
or down, VLANs being created or destroyed, etc., one might expect to
see a need to re-learn MAC addresses immediately after those events.
I have not carefully looked over your flow table. Is this flow table
constructed by hand, generated by DVS, or generated by some other
controller? I ask because the "normal" action may not be an effective
way to enforce ACLs--it is an implementation of a MAC learning switch,
which is not itself an effective way to enforce ACLs--so I wonder what
assumptions lie behind this flow table construction.
More information about the discuss