[ovs-discuss] MAC address rule blocking failure
mike.bursell at citrix.com
Thu Dec 22 10:35:50 PST 2011
I believe that there is nothing else going on at all.
The CLI tools were used to construct the rules: no DVSC in play.
Ben Pfaff <blp at nicira.com> wrote:
On Thu, Dec 22, 2011 at 04:35:45PM +0000, Mike Bursell wrote:
> We've discovered what we suspect is a bug, and are looking for
> thoughts, please!
> Observed behaviour:
> - Continuous pings being sent from laptop to vm1
> - vm2 is quiescent
> - Intermittently, the response to a ping from laptop is seen on vm2
Is anything else going on? Certain kinds of changes to a bridge
(adding and removing ports, etc.) can cause the MAC learning table, or
particular entries in it, to be flushed. If VMs are being brought up
or down, VLANs being created or destroyed, etc., one might expect to
see a need to re-learn MAC addresses immediately after those events.
I have not carefully looked over your flow table. Is this flow table
constructed by hand, generated by DVS, or generated by some other
controller? I ask because the "normal" action may not be an effective
way to enforce ACLs--it is an implementation of a MAC learning switch,
which is not itself an effective way to enforce ACLs--so I wonder what
assumptions lie behind this flow table construction.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the discuss