On Wed, Aug 26, 2015 at 10:27:52PM +0800, Du, Fan wrote: > After creating a user space ovs bridge, and assign an valid ip address > after the "internal" bridge name, then add a physical interface, e.g. > ens806f1 to the bridge. Ping the internal bridge ip address from the other > host will work ok.
Just to be clear, the userspace doesn't provide a networking stack, so there is no IP address, ping or arp replies. It does work because the internal port is a TAP device so vswitchd can push data to the networking stack in the kernel. > But once I prevent all the packets reaching ens806f1 by iptable rules, > Ping from the other host will not work. So my understanding is kernel > network stack responds to the ARP request, in which case bypass ovs user > space bridge. > iptables -A INPUT -i ens806f1 -j DROP > iptables -A FORWARD -i ens806f1 -j DROP > > But when attaching a dpdk type port(instead of the physical interface > like ens806f1) to the bridge,I can tcpdump ARP_REPLY from the dummy > mirroring port, but the ARP_REPLY packet didn't reach from the other host. > > So I'm puzzled, in scenario of dpdk port attached: > a. which part of code build the ARP_REPLY packet? > b. why the arp reply packet didn't hit on wire after setting arp with > normal action flow? You might want to look at flow and port stats to see what is going on. fbl _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
