On 5/1/20 12:37 PM, Girish Moodalbail wrote: > If we now look at table=12 (lr_in_arp_resolve) in the ingress pipeline > of Gateway Router-1, then you will see that there will be 2000 logical > flow entries...
> In the topology above, the only intended path is North-South between > each gateway router and the logical router. There is no east-west > traffic between the gateway routers > Is there an another way to solve the above problem with just keeping the > single join logical switch? Two thoughts: 1. In openshift-sdn, the bridge doesn't try to handle ARP itself. It just lets ARP requests pass through normally, and lets ARP replies pass through normally as long as they are correct (ie, it doesn't let spoofing through). This means fewer flows but more traffic. Maybe that's the right tradeoff? 2. In most places in ovn-kubernetes, our MAC addresses are programmatically related to the corresponding IP addresses, and in places where that's not currently true, we could try to make it true, and then perhaps the thousands of rules could just be replaced by a single rule? -- Dan _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
