How is the ICMP traffic entering the system? On Thu, May 02, 2019 at 09:13:42AM -0500, Christopher Seeley wrote: > That would make sense, but the problem isn't different vlans coming > through. When the bridge is down traffic is still flowing through it. The > ovsdb is not updating the change in link state. Would that cause the > problem? If so, what can be done to remedy this? > > On Wed, May 1, 2019 at 6:39 PM Ben Pfaff <[email protected]> wrote: > > > On Wed, May 01, 2019 at 01:02:41PM -0500, Christopher Seeley wrote: > > > Good afternoon. I have run across a problem using version 2.9.2 on Ubuntu > > > 18.04.2. When the bridge is set to a down state, traffic is still flowing > > > through it. Is there a configuration that I have missed? > > > > > > Steps to reproduce: > > > 1) Clean Ubuntu 18.04.2 install > > > 2) sudo apt update && sudo apt upgrade -y > > > 3) sudo apt install openvswitch-switch openvswitch-common -y > > > 4) sudo ovs-vsctl add-br br0 -- add-port br0 eth0 -- add-port br0 > > > intern-extern -- set interface intern-extern type=internal > > > 5) sudo ip addr flush dev eth0 && sudo dhclient intern-extern > > > 6) sudo ip link set down dev br0 > > > 7) run ping and still get a response > > > > > > > > > Any assitance you can give me with this would be appreciated. > > > > Sounds like the same issue described in the FAQ, possibly same solution. > > > > Q: I configured one IP address on VLAN 0 and another on VLAN 9, like this:: > > > > $ ovs-vsctl add-br br0 > > $ ovs-vsctl add-port br0 eth0 > > $ ip addr add 192.168.0.5/24 dev br0 > > $ ip link set br0 up > > $ ovs-vsctl add-port br0 vlan9 tag=9 -- set interface vlan9 > > type=internal > > $ ip addr add 192.168.0.9/24 dev vlan9 > > $ ip link set vlan9 up > > > > but other hosts that are only on VLAN 0 can reach the IP address > > configured on > > VLAN 9. What's going on? > > > > A: `RFC 1122 section 3.3.4.2 "Multihoming Requirements" > > <https://tools.ietf.org/html/rfc1122>`__ describes two approaches to > > IP > > address handling in Internet hosts: > > > > - In the "Strong ES Model", where an ES is a host ("End System"), an IP > > address is primarily associated with a particular interface. The > > host > > discards packets that arrive on interface A if they are destined for > > an > > IP address that is configured on interface B. The host never sends > > packets from interface A using a source address configured on > > interface > > B. > > > > - In the "Weak ES Model", an IP address is primarily associated with a > > host. The host accepts packets that arrive on any interface if they > > are > > destined for any of the host's IP addresses, even if the address is > > configured on some interface other than the one on which it > > arrived. The > > host does not restrict itself to sending packets from an IP address > > associated with the originating interface. > > > > Linux uses the weak ES model. That means that when packets destined > > to the > > VLAN 9 IP address arrive on eth0 and are bridged to br0, the kernel IP > > stack accepts them there for the VLAN 9 IP address, even though they > > were > > not received on vlan9, the network device for vlan9. > > > > To simulate the strong ES model on Linux, one may add iptables rule to > > filter packets based on source and destination address and adjust ARP > > configuration with sysctls. > > > > BSD uses the strong ES model. > > > > > -- > Christopher Seeley > Software Developer > M: (618) 975-6324 > [image: > https://ci4.googleusercontent.com/proxy/N6FGWffGoRzwldCSUGY-TdS5283f1qufOUeSehWDEk0uSdTmwAA_U1NgdVoRvGNVWfWD0QpLQ4RcZ-UwUP30TUtlCy-HzoMxZUua7hmgR_NZwQTVmRIezA=s0-d-e1-ft#http://cybercents.com/assets/img/cybercents_logo_dark-ab5b14ef.png] > 1472 North Green Mount Road > O'Fallon, IL 62269
_______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
