I recently submitted two patches, one for master and the other for stable/2005, to fix an issue with L3 virtual interfaces not filter input packets with wrong unicast MAC address: https://gerrit.fd.io/r/c/vpp/+/27027 https://gerrit.fd.io/r/c/vpp/+/27311
Perhaps it is the issue you are hitting. Regards, John From: Nagaraju Vemuri <nagarajuiit...@gmail.com> Sent: Wednesday, June 03, 2020 1:06 PM To: John Lo (loj) <l...@cisco.com> Cc: vpp-dev@lists.fd.io Subject: Re: [vpp-dev] VPP forwarding packets not destined to it #vpp Hi John, Sorry, I should have been more clear. We are using Virtual machines(KVM based) on which VPP runs. KVM qemu creates bridge (using brctl) on physical machine and creates TAP interfaces from this bridge for Virtual Machines(VMs) networking. We run VPP on VMs and configure interfaces with L3 IP address. When we send traffic, this linux bridge forwards traffic from one interface of VM to another interface on a different VM. If the bridge has no mac-to-port binding info, it is forwarding packets to all interfaces, so all VPPs receive these packets. And the VPP whose MAC is not matching with this packet, just forwards this packet again. We want VPP to drop a packet if the destination MAC doesnt match with VPP interfaces MAC addresses. Hope I am clear now. Thanks, Nagaraju On Wed, Jun 3, 2020 at 8:53 AM John Lo (loj) <l...@cisco.com<mailto:l...@cisco.com>> wrote: Please clarify the following: > When the bridge has no binding info about MAC-to-port, bridge is flooding > packets to all interfaces. 1. Is this linux bridge that’s in the kernel so not a bridge domain inside VPP? 2. So packets are flooded to all interfaces in the bridge. Are you saying each of the interface is on a separate VPP instance? > Hence VPP receives some packets whose MAC address is owned by some other VPP > instance. > We want to drop such packets. By default VPP is forwarding these packets. 1. How is VPP receiving packets from its interface and forwarding them? 2. Is the interface in L3 mode with an IP address/subnet configured? 3. It can be helpful to provide “show interface addr” output or, even better, provide a packet trace from VPP on how one or more of the packet is received and forwarded. Regards, John From: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> On Behalf Of Nagaraju Vemuri Sent: Tuesday, June 02, 2020 8:13 PM To: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> Subject: [vpp-dev] VPP forwarding packets not destined to it #vpp Hi, We are using linux bridge to connect different interfaces owned by different VPP instances. When the bridge has no binding info about MAC-to-port, bridge is flooding packets to all interfaces. Hence VPP receives some packets whose MAC address is owned by some other VPP instance. We want to drop such packets. By default VPP is forwarding these packets. We tried using "set interface l2 forward <interface> disable", but this did not help. Please suggest what we can do. Thanks, Nagaraju -- Thanks, Nagaraju Vemuri
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#16641): https://lists.fd.io/g/vpp-dev/message/16641 Mute This Topic: https://lists.fd.io/mt/74640593/21656 Mute #vpp: https://lists.fd.io/mk?hashtag=vpp&subid=1480452 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
