Looks good.
Acked-by: Andy Zhou <az...@nicira.com>
On Mon, Dec 16, 2013 at 9:28 AM, Ben Pfaff <b...@nicira.com> wrote:
> This needs a review.
>
> On Mon, Nov 25, 2013 at 11:34:44AM -0800, Ben Pfaff wrote:
> > Signed-off-by: Ben Pfaff <b...@nicira.com>
> > ---
> > FAQ | 44 ++++++++++++++++++++++++++++++++++++++++++++
> > 1 file changed, 44 insertions(+)
> >
> > diff --git a/FAQ b/FAQ
> > index 2912ae3..df7b6ef 100644
> > --- a/FAQ
> > +++ b/FAQ
> > @@ -935,6 +935,50 @@ A: Yes. Use an "internal port" configured as an
> access port. For
> > ovs-vsctl add-port br0 vlan9 tag=9 -- set interface vlan9
> type=internal
> > ifconfig vlan9 192.168.0.7
> >
> > + See also the following question.
> > +
> > +Q: I configured one IP address on VLAN 0 and another on VLAN 9, like
> > + this:
> > +
> > + ovs-vsctl add-br br0
> > + ovs-vsctl add-port br0 eth0
> > + ifconfig br0 192.168.0.5
> > + ovs-vsctl add-port br0 vlan9 tag=9 -- set interface vlan9
> type=internal
> > + ifconfig vlan9 192.168.0.9
> > +
> > + but other hosts that are only on VLAN 0 can reach the IP address
> > + configured on VLAN 9. What's going on?
> > +
> > +A: RFC 1122 section 3.3.4.2 "Multihoming Requirements" describes two
> > + approaches to IP address handling in Internet hosts:
> > +
> > + - In the "Strong ES Model", where an ES is a host ("End
> > + System"), an IP address is primarily associated with a
> > + particular interface. The host discards packets that arrive
> > + on interface A if they are destined for an IP address that is
> > + configured on interface B. The host never sends packets from
> > + interface A using a source address configured on interface B.
> > +
> > + - In the "Weak ES Model", an IP address is primarily associated
> > + with a host. The host accepts packets that arrive on any
> > + interface if they are destined for any of the host's IP
> > + addresses, even if the address is configured on some
> > + interface other than the one on which it arrived. The host
> > + does not restrict itself to sending packets from an IP
> > + address associated with the originating interface.
> > +
> > + Linux uses the weak ES model. That means that when packets
> > + destined to the VLAN 9 IP address arrive on eth0 and are bridged to
> > + br0, the kernel IP stack accepts them there for the VLAN 9 IP
> > + address, even though they were not received on vlan9, the network
> > + device for vlan9.
> > +
> > + To simulate the strong ES model on Linux, one may add iptables rule
> > + to filter packets based on source and destination address and
> > + adjust ARP configuration with sysctls.
> > +
> > + BSD uses the strong ES model.
> > +
> > Q: My OpenFlow controller doesn't see the VLANs that I expect.
> >
> > A: The configuration for VLANs in the Open vSwitch database (e.g. via
> > --
> > 1.7.10.4
> >
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
>
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
