Cool, thanks a lot for checking! Just build VPP off the latest master or latest stable/2005 - the fix is in both branches already, so it should “just work correctly”.
--a > On 3 Jun 2020, at 19:52, Nagaraju Vemuri <nagarajuiit...@gmail.com> wrote: > > > Sure Andrew. > I will help with that. > > Do I need to configure something in VPP with this patch to drop such packets? > > Thanks, > Nagaraju > > >> On Wed, Jun 3, 2020 at 10:48 AM Andrew 👽 Yourtchenko <ayour...@gmail.com> >> wrote: >> 20.05.1. The fix was ready just a little bit too late to be a safe to merge >> right at the moment of the release, so given the size of the patch and that >> the issue was there for a couple of releases already I made a call to >> postpone it till the first dot release. >> >> As for the timing for the 20.05.1 - still TBD. >> >> Would you be able to build the VPP in your own environment and give the >> feedback whether John’s fix addresses the issue you are seeing ? >> >> --a >> >>>> On 3 Jun 2020, at 19:23, Nagaraju Vemuri <nagarajuiit...@gmail.com> wrote: >>>> >>> >>> Thanks John. >>> >>> Which release will have your fixes? >>> >>> >>>> On Wed, Jun 3, 2020 at 10:21 AM John Lo (loj) <l...@cisco.com> wrote: >>>> I recently submitted two patches, one for master and the other for >>>> stable/2005, to fix an issue with L3 virtual interfaces not filter input >>>> packets with wrong unicast MAC address: >>>> >>>> https://gerrit.fd.io/r/c/vpp/+/27027 >>>> >>>> https://gerrit.fd.io/r/c/vpp/+/27311 >>>> >>>> >>>> >>>> Perhaps it is the issue you are hitting. >>>> >>>> >>>> >>>> Regards, >>>> >>>> John >>>> >>>> >>>> >>>> From: Nagaraju Vemuri <nagarajuiit...@gmail.com> >>>> Sent: Wednesday, June 03, 2020 1:06 PM >>>> To: John Lo (loj) <l...@cisco.com> >>>> Cc: vpp-dev@lists.fd.io >>>> Subject: Re: [vpp-dev] VPP forwarding packets not destined to it #vpp >>>> >>>> >>>> >>>> Hi John, >>>> >>>> >>>> >>>> Sorry, I should have been more clear. >>>> >>>> >>>> >>>> We are using Virtual machines(KVM based) on which VPP runs. >>>> >>>> KVM qemu creates bridge (using brctl) on physical machine and creates TAP >>>> interfaces from this bridge for Virtual Machines(VMs) networking. >>>> >>>> >>>> >>>> We run VPP on VMs and configure interfaces with L3 IP address. >>>> >>>> When we send traffic, this linux bridge forwards traffic from one >>>> interface of VM to another interface on a different VM. >>>> >>>> If the bridge has no mac-to-port binding info, it is forwarding packets to >>>> all interfaces, so all VPPs receive these packets. >>>> >>>> And the VPP whose MAC is not matching with this packet, just forwards this >>>> packet again. >>>> >>>> We want VPP to drop a packet if the destination MAC doesnt match with VPP >>>> interfaces MAC addresses. >>>> >>>> >>>> >>>> Hope I am clear now. >>>> >>>> >>>> >>>> Thanks, >>>> >>>> Nagaraju >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Wed, Jun 3, 2020 at 8:53 AM John Lo (loj) <l...@cisco.com> wrote: >>>> >>>> Please clarify the following: >>>> >>>> >>>> >>>> > When the bridge has no binding info about MAC-to-port, bridge is >>>> > flooding packets to all interfaces. >>>> >>>> Is this linux bridge that’s in the kernel so not a bridge domain inside >>>> VPP? >>>> So packets are flooded to all interfaces in the bridge. Are you saying >>>> each of the interface is on a separate VPP instance? >>>> >>>> >>>> > Hence VPP receives some packets whose MAC address is owned by some other >>>> > VPP instance. >>>> > We want to drop such packets. By default VPP is forwarding these packets. >>>> >>>> How is VPP receiving packets from its interface and forwarding them? >>>> Is the interface in L3 mode with an IP address/subnet configured? >>>> It can be helpful to provide “show interface addr” output or, even better, >>>> provide a packet trace from VPP on how one or more of the packet is >>>> received and forwarded. >>>> >>>> >>>> Regards, >>>> >>>> John >>>> >>>> >>>> >>>> From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of Nagaraju >>>> Vemuri >>>> Sent: Tuesday, June 02, 2020 8:13 PM >>>> To: vpp-dev@lists.fd.io >>>> Subject: [vpp-dev] VPP forwarding packets not destined to it #vpp >>>> >>>> >>>> >>>> Hi, >>>> >>>> We are using linux bridge to connect different interfaces owned by >>>> different VPP instances. >>>> When the bridge has no binding info about MAC-to-port, bridge is flooding >>>> packets to all interfaces. >>>> Hence VPP receives some packets whose MAC address is owned by some other >>>> VPP instance. >>>> We want to drop such packets. By default VPP is forwarding these packets. >>>> >>>> We tried using "set interface l2 forward <interface> disable", but this >>>> did not help. >>>> >>>> Please suggest what we can do. >>>> >>>> >>>> Thanks, >>>> Nagaraju >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Thanks, >>>> Nagaraju Vemuri >>>> >>> >>> >>> -- >>> Thanks, >>> Nagaraju Vemuri >>> > > > -- > Thanks, > Nagaraju Vemuri
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#16645): https://lists.fd.io/g/vpp-dev/message/16645 Mute This Topic: https://lists.fd.io/mt/74640593/21656 Mute #vpp: https://lists.fd.io/mk?hashtag=vpp&subid=1480452 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
