Thanks for writing this up. I think the example may be clearer if you defined the flow in terms of IP addresses instead of MAC addresses, since those are typically the flows that are tripping people up.
--Justin On Sep 25, 2013, at 1:14 PM, Ben Pfaff <b...@nicira.com> wrote: > Signed-off-by: Ben Pfaff <b...@nicira.com> > --- > FAQ | 20 ++++++++++++++++++++ > 1 file changed, 20 insertions(+) > > diff --git a/FAQ b/FAQ > index 5744d5a..91eb870 100644 > --- a/FAQ > +++ b/FAQ > @@ -1299,6 +1299,26 @@ A: Yes, OpenFlow requires a switch to ignore attempts > to send a packet > 2,3,4,5,6,\ > pop:NXM_OF_IN_PORT[] > > +Q: My bridge br0 has a host with MAC address 54:00:00:00:00:01 on port > + 1 and a host with MAC address 54:00:00:00:00:02 on port 2. I set > + up flows to forward only traffic destined to the other host and > + drop other traffic, like this: > + > + priority=5,in_port=1,dl_dst=54:00:00:00:00:02,actions=2 > + priority=5,in_port=2,dl_dst=54:00:00:00:00:01,actions=1 > + priority=0,actions=drop > + > + But it doesn't work--I don't get any connectivity when I do this. > + Why? > + > +A: Hosts broadcast the ARP packets needed to establish IP connectivity > + on an Ethernet network. Your flows only allow unicast packets, so > + the hosts can never establish connectivity. To solve the probelm, > + you minimally need to add flows to allow ARP. But it's probably > + better to add flows to allow all multicast and broadcast traffic: > + > + > priority=5,in_port=1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00,actions=2 > + > priority=5,in_port=2,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00,actions=1 > > Contact > ------- > -- > 1.7.10.4 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > http://openvswitch.org/mailman/listinfo/dev _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
