> > > The switch will indeed start broadcasting all packets to an unlearned > MAC. If the sender spews them out at an uncontrolled rate, then you > will waste a lot of bandwidth across your entire subnet. But reasonable > senders will not do that (and TCP/IP is reasonable in this sense). >
Switch will broadcast ARP request, not the packets directly... A "lot" of data packets can come but the switch will only arp request or do nothing if the MAC is not in the switch's mac table. That will only affect the uplink port. If the switch broadcast all packets, a DoS attack will affect all connected switches. Not the only one that had the MAC address. (By packets I mean icmp, TCP, UDP... Data packets) I don't know what you mean by "packet of death" here. Flooding a > unicast packet across your subnet won't cause hosts any consternation. > They won't even see it unless their NICs are in promiscuous mode. > That "packet of death" is the amount of packets that can freeze or cause problems in OVS theorically speaking... Since it will send to all virtual ports/VMs, maybe if there is 100VMs into that hosts, "some" amount of packets can cause a crash or packet loss. Maybe its a little, maybe the problem will come before gets into OVS. Besides flood packets that can cause outages, comes the security problems when the OVS sends packets to all VMs. That will happen even is the physical switch is broadcasting data(in this case, that I think shouldn't be happening) or just sending to the port that had the MAC. -- []'s Luiz Henrique Ozaki
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss_openvswitch.org
