Hello,
I have a couple of physical machines on the Internet, connected together
with IPsec-GRE tunnels. The tunnels are executed from my OpenVSwitch bridge
'tunnels', on which I have a dedicated port '1' that connects local
machines (VMs sitting on another ovs bridge actually, but it's out of scope
of the problem).
The bridge configuration looks like this:
Bridge tunnels
Port "patch0"
Interface "patch0"
type: patch
options: {peer="patch1"}
Port "gre6"
Interface "gre6"
type: ipsec_gre
options: {psk="secret", remote_ip="1.1.1.1"}
Port "gre4"
Interface "gre4"
type: ipsec_gre
options: {psk="secret", remote_ip="2.2.2.2"}
Port tunnels
Interface tunnels
type: internal
As each of the tunnels link to the other physical machine "directly"
through the Internet, forming a full-mesh logical topology, I have no use
of Spanning-Tree - this would make all traffic pass through a single
physical machine elected as the root bridge. So, what I did was:
ovs-ofctl del-flows tunnels
ovs-ofctl add-flow tunnels "in_port=1 actions=normal"
ovs-ofctl add-flow tunnels "actions=output:1"
In my view this was supposed to handle my specific use case - when traffic
comes from my local network, it is passed along normal MAC-learning port,
so flooding the tunnels with ARP request, response would get through one of
the tunnel-ports, and would be directed to the local network (port 1).
Traffic following it would be directed to the appropriate port, since the
bridge would learn on which port the MAC address sits.
However, it seems that when actions=output:1 is specified, the bridge does
not learn the MAC address of the incoming frame, and all the traffic from
port 1 is always flooding all the tunnels.
I found the very good set of examples in the provided "Tutorial.md" file,
which seems to cover this case, but it seems to require very complex rule
definition for something that seems pretty easy - just tell the switch to
learn the MAC before putting it through.
Is it possible to make NORMAL action learn source MAC addresses and tell it
which port to direct the traffic at the same time? Something like:
ovs-ofctl add-flow tunnels "actions=learn(src_mac),1"
If this setup does require re-writing the NORMAL action, is it possible to
display the flow rules that govern the NORMAL action internally?
Best regards,
Bolesław Tokarski
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
