Good afternoon, I hope someone could help me with the problem I'm going to describe.
I have 3 virtual machines, each one with an OVS bridge "br0", which is isolated. The VM1 and VM2 are connected via a GRE tunnel to the Server and via VXLAN tunnels between both. The br0 of the Server (10.0.1.50) is the default gateway of the two VMS. https://i.stack.imgur.com/GDdqJ.jpg [https://i.stack.imgur.com/GDdqJ.jpg] Whenever I run: $ arping -I br0 10.0.1.10 (or) $ arping -I br0 10.0.1.20 from the server, an ARP loop takes place and the network become unusable, since all bridges become full with forwarded ARP requests and replies. In the network environment I'm trying to create, I don't want the VM1 br0 and the VM2 br0 to send ARPs to each other, in order to prevent this loop. So, in both VMs, I installed the following flow entries, once at a time, to see if any of them would solve the loop: $ ovs-ofctl -O openflow13 add-flow br0 priority=65535,arp,in_port=<vxlan_tunnel>,arp_spa=10.0.1.0/24,action=drop $ ovs-ofctl -O openflow13 add-flow br0 priority=65535,arp,in_port=gre1,arp_spa=10.0.1.50,arp_tpa=10.0.1.20,action=drop (same for gre2 and 10.0.1.10) $ ovs-ofctl -O openflow13 add-flow br0 priority=65535,arp,in_port=<vxlan>,arp_tha=ff:ff:ff:ff:ff:ff,action=drop No success, the ARP loop persists and most of the time, these flow entries are ignored (no n_bytes counting). What is the correct way to formulate the flow entries so that ARP packets coming from the server, that are not destined to the bridge, are dropped? And how can I block ARP packets of the 10.0.1.0/24 network coming from the vxlan tunnel? In conclusion, how can I prevent this loop? Note: I've already enabled STP in the VM1 and VM2 bridges, but the problem persists. Thank you for your time and stay safe, Ines
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
