> On Oct 18, 2016, at 2:38 AM, Tom Gajewski <tom.gajew...@paperspace.com> wrote:
> Ben, you had asked about my flow table. I've tried this with a
> completely clear table and not -- same behavior. There has to be some
> logic I'm missing here. Back story is that I'm trying to compensate
> for the inability to populate local mac-table with this flow as I want
> to run ports in 'no-flood' mode. I just tried with a clear flow table
> and even flood enabled but once I set this:
> cookie=0x0, duration=260.750s, table=0, n_packets=81, n_bytes=8054,
> idle_age=0, dl_dst=so:me:ma:cc actions=output:13
> The weird thing is I actually see this flow working in tcpdump.
> Meaning, without the above a flow and without a mac-table entry for
> so:me:ma:cc the vif/port is dead silent. Once I add the above flow
> tcpdump looks correct -- heck, I even see the incoming ICMP packet
> inside the VM but the ping never completes, it never makes its way
> back all I see is one way ICMP echo requests. So am I being stupid
> here do I need another flow to facilitate the return? (mac-table still
> doesn't have an entry when I observe ICMP request within VM).
It sounds like you have a flow table that allows traffic toward port 13, but,
if you've flushed all the other flows, are you allowing the return traffic?
Also, if you've flushed the flow table, you may need to handle broadcast mac
addresses for things like ARP requests.
discuss mailing list