On 5/5/22 04:14, Peng He wrote: > Hi, lic121 and Ilya, > > Ilya, it looks like I did not get the first reply from you.
I'm not sure what is happening with this thread. I'm also not receiving some emails from it. > > But it's ok, I now understand the solution, which is to restrict the > termination condition rather than specifying the mirror context, > and yes, this is a more general fix. I'm getting second thoughts about all this though. Having IP addresses on two bridge ports seems to be a misconfiguration. Why do you need an IP address on the mirror port? AFAICT, ovs-tcpdump doesn't set IP address to the mirror port, or am I missing something? Why I think it is a misconfiguration: In case of a kernel datapath and a normal tunneling decapsulation is happening outside of the OVS, so you will have 2 equal vxlan packets being sent to 2 bridge ports and they will enter the normal kernel in the same network namespace. So it's a DUP tunnel packet. They will likely both be decapsulated within that network namespace (because the destination interface is there), and we'll have a DUP icmp packet. I didn't try that though. The correct mirroring configuration would be to have a mirror port be one side of a veth pair with the other side in the different network namespace, or just a separate physical port. In both cases the mirror port doesn't need to have an IP address. What do you think? Does that make sense? Best regards, Ilya Maximets. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
