On Wed, Jun 8, 2016 at 3:43 PM, Justin Pettit <jpet...@ovn.org> wrote:
> > > On Jun 8, 2016, at 11:42 AM, Flaviof <fla...@flaviof.com> wrote: > > > > On Wed, Jun 8, 2016 at 2:10 PM, Darrell Ball <dlu...@gmail.com> wrote: > > > > On Wed, Jun 8, 2016 at 6:38 AM, Flaviof <fla...@flaviof.com> wrote: > > > > As a continuation of the topic on ICMP reply rules [ml], I could not > help but notice that in the logical flow, there is a match not only for the > logical routers's IP address but also for the L3 broadcast (op->bcast) of > the subnet [1]. So I -- the curious cat -- had to try it out. ;) > > > >> It is common to not respond to directed broadcast by default and enable > it only by configuration; > >> adding configuration ability for this would be an added requirement > with dubious value. > >> The reasons are obviously related to DOS. > >> It may be here by default for special and/or historical reasons in NSX > or Openstack. > >> Unless there is some "extra specialness" usage or above historical > reasons, I would > >> say the disadvantages outweigh the meager advantages of responding to > directed broadcasts. > >> > >>> Make sense; and I agree. I'll propose the simplification in ovs-dev > and bring this up in the > >>> OVN meeting tomorrow (Jun/9); to see if anybody has a diverging > opinion and/or suggestion. > > Coincidentally, over the weekend, I also noticed that we were responding > to broadcast pings. I was planning to send a patch to disable this > behavior due to DOS concerns. (I agree with Darrell that it's not worth > providing a configuration option at this time.) Let's confirm at the OVN > meeting tomorrow, but if no one objects, I think it makes sense. Did you > want to prepare the patch? > > Hi Justin, I just pushed the patch to ovs-dev [1]. There is little room for messing that up, but then again that is often when I do. ;) Just for the fun of it, I will have a patch with option C (splitting the logical rule into 2) in standby; in case folks scream at my simplification and/or accuse me of being lazy. Thanks, -- flaviof [1]: https://patchwork.ozlabs.org/patch/632474/ > --Justin > > >
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
