Hi,
thanks for adding me to this list. I have a fairly strange problem and I am
not sure if it is a design flaw in my setup or a bug.
I want to use OpenVSwitch and KVMs to create some testnetworks that have
Internet access but are strictly separated otherwise, so that I have VLAN
functionality and packets from different networks do not interfere with each
other.
My setup is as following:
I have one host and I use one instance of ovs 2.3.0 and pox with the
l2_learning module as
controller on every bridge.
I have a bridge br0 that should be used for the access to the outer network.
This bridge has an IP address on the host and also the physical devices
added
as a bond. Also one interface from a KVM (KVM0) is added to this bridge.
Bridge "br0"
Controller "tcp:127.0.0.1:6633"
is_connected: true
Port "tap0"
Interface "tap0"
Port "br0"
Interface "br0"
type: internal
Port "bond0"
Interface "p12p2"
Interface "p10p1"
Interface "p12p1"
I have access to the outer network from KVM0. Now I added a second bridge
br1000. This device is not up on the host and only used in ovs. I
start some KVMs and connect the tap devices to this bridge br1000 and
also some
interfaces from KVM0. So basically, KVM0
is connected to br0 and br1000. I use IP forwarding on KVM0 to enable
access for all the other KVMs on br1000. This does also work.
Bridge "br1000"
Controller "tcp:127.0.0.1:6633"
is_connected: true
Port "br1000"
Interface "br1000"
type: internal
Port "tap4"
Interface "tap4"
Port "tap1"
Interface "tap1"
Port "tap3"
Interface "tap3"
Port "tap2"
Interface "tap2"
What happens now is, that I can see ARP requests and other traffic from
the outer network on
br1000, which should (in my understanding) not be visible on br1000. It
should
only be visible on br0. I can also see this traffic from inside the KVMs
connected to br1000 only.
Some experiments I did:
Removing KVM0's interface tap0 from br0 and adding it to br1000 fixes the
problem that I can see other traffic, but of course, access to the outer
network is not available from all KVMs.
Adding a patch connection between br0 and br1000 of course lets the traffic
appear again on both bridges and I have again internet access.
I cannot see why my KVM0 should forward ARP requests to a different
Layer 3 network?!
Can anyone point me in the right direction on what is going wrong here?
Is the
setup in general ok? How can I achieve that I have isolated networks and
only
IP forwarding between my outer network and the KVM networks?
If any further information is needed, I am happy to give it to you. I
have this setup
ready and can do tests if needed.
Thank you in advance.
Best regards,
Peter
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
