On Tue, Aug 13, 2019 at 01:34:04PM -0300, Flavio Leitner via dev wrote: > When a packet needs to be encapsulated in userspace, the endpoint > address needs to be resolved to fill in the headers. If it is not, > then currently OvS sends either a Neighbor Solicitation (IPv6) > or an ARP Query (IPv4) to resolve it. > > The problem is that the NS/ARP packet will go through the flow > rules in the new bridge, but inheriting the ofproto table version > from the original packet to be encapsulated. When those versions > don't match, the result is unexpected because no flow rules might > be visible, which would cause the default table rule to be used > to drop the packet. Or only part of the flow rules would be visible > and so on. > > Since the NS/ARP packet is created by OvS and will be injected in > the outgoing bridge, use the corresponding ofproto version instead.
Hi, Please backport this up to 2.9 at least. Thanks, fbl _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
