Hello again ! =D Continuing testing OVS on XS 5.6 I think I found another bug... Or seems so.
By the way, this pre-release came in a great time... I was trying to build the source from the HEAD yesterday to see if this situation dissapeared (bug fixed already) but I was getting some problems with packages versions of autoconf. Well, here goes: /etc/init.d/openvswitch version ovsdb-server (Open vSwitch) 1.1.0pre1 Compiled Sep 1 2010 06:58:14 ovs-vswitchd (Open vSwitch) 1.1.0pre1 Compiled Sep 1 2010 06:58:24 OpenFlow versions 0x1:0x1 ovs-brcompatd (Open vSwitch) 1.1.0pre1 Compiled Sep 1 2010 06:58:24 I had a ping into that IP 10.20.62.100. * TCPDUMP FROM A VM (10.20.62.100) 08:24:39.834621 IP x.x.x.x > 10.20.62.100: ICMP echo request, id 1024, seq 56759, length 40 08:24:39.834632 IP 10.20.62.100 > x.x.x.x: ICMP echo reply, id 1024, seq 56759, length 40 08:24:40.834627 IP x.x.x.x > 10.20.62.100: ICMP echo request, id 1024, seq 57271, length 40 08:24:40.834637 IP 10.20.62.100 > x.x.x.x: ICMP echo reply, id 1024, seq 57271, length 40 No problem... All working fine. In the same Host I boot another VM with 10.20.62.31. And started pinging that too. .. All good. Then when I shutdown the VM 10.20.62.31 the other VM in the same Host starts receiving some ping requests from the other IP. 08:24:45.834609 IP x.x.x.x > 10.20.62.100: ICMP echo request, id 1024, seq 59831, length 40 08:24:45.834619 IP 10.20.62.100 > x.x.x.x: ICMP echo reply, id 1024, seq 59831, length 40 08:24:46.840751 IP x.x.x.x > 10.20.62.100: ICMP echo request, id 1024, seq 60343, length 40 08:24:46.840763 IP 10.20.62.100 > x.x.x.x: ICMP echo reply, id 1024, seq 60343, length 40 08:24:47.390737 IP x.x.x.x > 10.20.62.31: ICMP echo request, id 1024, seq 60599, length 40 08:24:47.835606 IP x.x.x.x > 10.20.62.100: ICMP echo request, id 1024, seq 60855, length 40 08:24:47.835612 IP 10.20.62.100 > x.x.x.x: ICMP echo reply, id 1024, seq 60855, length 40 08:24:48.835579 IP x.x.x.x > 10.20.62.100: ICMP echo request, id 1024, seq 61111, length 40 08:24:48.835586 IP 10.20.62.100 > x.x.x.x: ICMP echo reply, id 1024, seq 61111, length 40 08:24:49.835576 IP x.x.x.x > 10.20.62.100: ICMP echo request, id 1024, seq 61367, length 40 08:24:49.835583 IP 10.20.62.100 > x.x.x.x: ICMP echo reply, id 1024, seq 61367, length 40 08:24:50.835586 IP x.x.x.x > 10.20.62.100: ICMP echo request, id 1024, seq 61623, length 40 08:24:50.835592 IP 10.20.62.100 > x.x.x.x: ICMP echo reply, id 1024, seq 61623, length 40 08:24:51.835583 IP x.x.x.x > 10.20.62.100: ICMP echo request, id 1024, seq 61879, length 40 08:24:51.835590 IP 10.20.62.100 > x.x.x.x: ICMP echo reply, id 1024, seq 61879, length 40 08:24:52.824045 IP x.x.x.x > 10.20.62.31: ICMP echo request, id 1024, seq 62135, length 40 08:24:52.835561 IP x.x.x.x > 10.20.62.100: ICMP echo request, id 1024, seq 62391, length 40 08:24:52.835568 IP 10.20.62.100 > x.x.x.x: ICMP echo reply, id 1024, seq 62391, length 40 08:24:53.835642 IP x.x.x.x > 10.20.62.100: ICMP echo request, id 1024, seq 62647, length 40 08:24:53.835648 IP 10.20.62.100 > x.x.x.x: ICMP echo reply, id 1024, seq 62647, length 40 If I had two or more VMs into that Host, after I shutdown that VM, all the others starts receiving some packets. SETUP: bond nics + VMs in a networked VLAN HP FLEX-10 Switch Net card: The Broadcom BCM57711 10-Gigabit Dual-Port If I boot this powered off VM in the other hosts, this residual packets disapear. But When I shut it down, packages starts coming to other VMs. ==== insight === Well, while I was writing this, I've checked all my hosts and this ping packets goes all over the physical ports, passes to OVS and then to the VMs... Seems a physical switch problem... Hmmm... Then goes another question: Shouldn't OVS have blocked these packets to be sent to all VMs ? 08:54:35.295628 30:37:a6:01:42:44 > 2e:db:bd:66:d1:fa, ethertype IPv4 (0x0800), length 74: x.x.x.x > 10.20.62.31: ICMP echo request, id 1024, seq 698, length 40 08:54:35.295648 30:37:a6:01:42:44 > 2e:db:bd:66:d1:fa, ethertype IPv4 (0x0800), length 74: x.x.x.x > 10.20.62.31: ICMP echo request, id 1024, seq 698, length 40 08:54:35.300448 30:37:a6:01:42:44 > 12:e4:9b:bc:f4:3c, ethertype IPv4 (0x0800), length 74: x.x.x.x > 10.20.62.100: ICMP echo request, id 1024, seq 954, length 40 08:54:35.300454 12:e4:9b:bc:f4:3c > 30:37:a6:01:42:44, ethertype IPv4 (0x0800), length 74: 10.20.62.100 > x.x.x.x : ICMP echo reply, id 1024, seq 954, length 40 Afterall, t his MAC 2e:db:bd:66:d1:fa doesn't exist anymore in the hosts/OVS... This needed to be solved into the physical switch, but OVS, sending packets that doesn't belongs to the VMs connected to it seems a bug(imo)... Well, i don't know if this can be considered a bug in OVS since the problem comes to the physical switch... But can come from some sort of attack maybe, and OVS will pass throught. At least, these packets are only received by the VMs into the same VLAN.. Others VLANs doesn't receive that. Now, I'm just checking if this is a problem that we should be worried about or forgotten... I'll go check with the network team here to dig around the physical switch. ============= Any more info, debug, etc. please, be welcome. Best regards, * -- []'s Luiz Henrique Ozaki
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss_openvswitch.org
