Sure Andrew. I will help with that. Do I need to configure something in VPP with this patch to drop such packets?
Thanks, Nagaraju On Wed, Jun 3, 2020 at 10:48 AM Andrew 👽 Yourtchenko <ayour...@gmail.com> wrote: > 20.05.1. The fix was ready just a little bit too late to be a safe to > merge right at the moment of the release, so given the size of the patch > and that the issue was there for a couple of releases already I made a call > to postpone it till the first dot release. > > As for the timing for the 20.05.1 - still TBD. > > Would you be able to build the VPP in your own environment and give the > feedback whether John’s fix addresses the issue you are seeing ? > > --a > > On 3 Jun 2020, at 19:23, Nagaraju Vemuri <nagarajuiit...@gmail.com> wrote: > >  > Thanks John. > > Which release will have your fixes? > > > On Wed, Jun 3, 2020 at 10:21 AM John Lo (loj) <l...@cisco.com> wrote: > >> I recently submitted two patches, one for master and the other for >> stable/2005, to fix an issue with L3 virtual interfaces not filter input >> packets with wrong unicast MAC address: >> >> https://gerrit.fd.io/r/c/vpp/+/27027 >> >> https://gerrit.fd.io/r/c/vpp/+/27311 >> >> >> >> Perhaps it is the issue you are hitting. >> >> >> >> Regards, >> >> John >> >> >> >> *From:* Nagaraju Vemuri <nagarajuiit...@gmail.com> >> *Sent:* Wednesday, June 03, 2020 1:06 PM >> *To:* John Lo (loj) <l...@cisco.com> >> *Cc:* vpp-dev@lists.fd.io >> *Subject:* Re: [vpp-dev] VPP forwarding packets not destined to it #vpp >> >> >> >> Hi John, >> >> >> >> Sorry, I should have been more clear. >> >> >> >> We are using Virtual machines(KVM based) on which VPP runs. >> >> KVM qemu creates bridge (using brctl) on physical machine and creates TAP >> interfaces from this bridge for Virtual Machines(VMs) networking. >> >> >> >> We run VPP on VMs and configure interfaces with L3 IP address. >> >> When we send traffic, this linux bridge forwards traffic from one >> interface of VM to another interface on a different VM. >> >> If the bridge has no mac-to-port binding info, it is forwarding packets >> to all interfaces, so all VPPs receive these packets. >> >> And the VPP whose MAC is not matching with this packet, just forwards >> this packet again. >> >> We want VPP to drop a packet if the destination MAC doesnt match with VPP >> interfaces MAC addresses. >> >> >> >> Hope I am clear now. >> >> >> >> Thanks, >> >> Nagaraju >> >> >> >> >> >> >> >> On Wed, Jun 3, 2020 at 8:53 AM John Lo (loj) <l...@cisco.com> wrote: >> >> Please clarify the following: >> >> >> >> > When the bridge has no binding info about MAC-to-port, bridge is >> flooding packets to all interfaces. >> >> 1. Is this linux bridge that’s in the kernel so not a bridge domain >> inside VPP? >> 2. So packets are flooded to all interfaces in the bridge. Are you >> saying each of the interface is on a separate VPP instance? >> >> >> >> > Hence VPP receives some packets whose MAC address is owned by some >> other VPP instance. >> > We want to drop such packets. By default VPP is forwarding these >> packets. >> >> 1. How is VPP receiving packets from its interface and forwarding >> them? >> 2. Is the interface in L3 mode with an IP address/subnet configured? >> 3. It can be helpful to provide “show interface addr” output or, even >> better, provide a packet trace from VPP on how one or more of the packet >> is >> received and forwarded. >> >> >> >> Regards, >> >> John >> >> >> >> *From:* vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> *On Behalf Of *Nagaraju >> Vemuri >> *Sent:* Tuesday, June 02, 2020 8:13 PM >> *To:* vpp-dev@lists.fd.io >> *Subject:* [vpp-dev] VPP forwarding packets not destined to it #vpp >> >> >> >> Hi, >> >> We are using linux bridge to connect different interfaces owned by >> different VPP instances. >> When the bridge has no binding info about MAC-to-port, bridge is flooding >> packets to all interfaces. >> Hence VPP receives some packets whose MAC address is owned by some other >> VPP instance. >> We want to drop such packets. By default VPP is forwarding these packets. >> >> We tried using "set interface l2 forward <interface> disable", but this >> did not help. >> >> Please suggest what we can do. >> >> >> Thanks, >> Nagaraju >> >> >> >> >> -- >> >> Thanks, >> Nagaraju Vemuri >> > > > -- > Thanks, > Nagaraju Vemuri > > > -- Thanks, Nagaraju Vemuri
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#16644): https://lists.fd.io/g/vpp-dev/message/16644 Mute This Topic: https://lists.fd.io/mt/74640593/21656 Mute #vpp: https://lists.fd.io/mk?hashtag=vpp&subid=1480452 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
