Re: [ovs-discuss] Vlan & OVS basic concepts

Tue, 06 Jan 2015 10:58:13 -0800 

Just for information, the problem is SOLVED.
The issue is that I tried to put an IP Address on the TAP and test like that which is not working. After booting a VM machine with a TAP interface (where I put an IP Address) it is working ! 

I just figured out a strange behaviour :


If I set two tap devices on 2 VM (tap50 & tap60) and set tap50 tag=50 
and tap60 tag=60 on ovs I noticed that it is working well.
Each VM IP can ping each other on the same vlan, but if I erase one IP 
address on one vm and add a default gw to route all the traffic on the 
second tap interface I noticed that the other vm is still responding to 
the ping even if I am requestiing an ip address into the other vlan.



I check ip forwarding and ajust the rp_ & arp filter on my linux kernel 
and iptables forward to deny everything but is keeps respond to my ping.
I guess OVS is forwarding it properly to the VM but to the wrong tap 
interface.


Is there a way to harden the linux or change this behaviour?

The reason is that I am going to use my VM for routing (vlan) purpose 
and I need to deny everything by default.


Many thanks

On 29/12/2014 16:36, Flavio Leitner wrote:

On Saturday, December 27, 2014 11:19:05 AM Ben wrote:

Hi Flavio,

Many thanks for your quick reply.


-I can ping the tap0 and vswitch-trust interfaces from my linux box, but
my main issue is that if I don't put an IP address on my vswitch-trust
interface then I am unable to access to my tap0 IP address.

This indicates your Linux is forwarding packets between vswitch-trust and
tap0 and it's not using the bridge for that.

I think this is the main issue where all others my questions are related as 
well.
How can I test and be sure that it is my Linux which is forwarding and not my 
bridge?
Is it a conflit between my kernel & ovs? I tried to unactivate linux ipv4 
forwarding but it is the same story..

One easy way is simply remove the tap device from the bridge.
Another is to drop all flows and insert one that just drop everything.

fbl



_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss






















					Reply via email to