As I said before, flows have two directions and you are only matching
on one with the drop rule.
On Mon, May 20, 2013 at 11:00 PM, ananthan wrote:
> Ok, How about this,Why do we need nw_dst and dl_dst as packets can reach
> destination with out being dropped by default drop rule.ie in_port=2
> ac
Ok, How about this,Why do we need *nw_dst* and *dl_dst* as packets can
reach destination with out being dropped by default drop rule.ie *in_port=2
actions=drop.*Hope my question is clear,in my case with out nw_dst and
dl_dst packets everything is working.
On Tue, May 21, 2013 at 1:05 AM, Jesse Gr
On Mon, May 20, 2013 at 8:40 AM, ananthan wrote:
>
> Could you tell me how can this flow work with out nw_dstand dl_dst?
>
> 1.priority=400,arp,in_port=2,dl_src=6a:3b:ad:97:c9:8a,nw_src=5.x.x.12,arp_sha=6a:3b:ad:97:c9:8a
> actions=NORMAL
>
> 2.priority=399,ip,in_port=2,dl_src=6a:3b:ad:97:c9:8a,nw
Could you tell me how can this flow work with out *nw_dst*and *dl_dst?*
1.priority=400,arp,in_port=2,dl_src=6a:3b:ad:97:c9:8a,nw_src=5.x.x.12,arp_sha=6a:3b:ad:97:c9:8a
actions=NORMAL
2.priority=399,ip,in_port=2,dl_src=6a:3b:ad:97:c9:8a,nw_src=5.x.x.12
actions=NORMAL
3.priority=398,in_port=2 act
On Tue, May 14, 2013 at 11:25 PM, ananthan wrote:
> Thanks for your reply,but now things are more complicated,please go through
> this,i have also added tcpdump output.
You need to ask a concise question. Nobody is going to analyze your
situation for you.
_
Thanks for your reply,but now things are more complicated,please go through
this,i have also added tcpdump output.
i deleted flow with priority 303 and 304 ie now no flow with *nw_dst* and *
dl_dst* for ARP and IP.
and only using these 3 rules and now packets are going in both
direction,but how?.I
On Tue, May 14, 2013 at 7:26 AM, ananthan wrote:
> But in case of Method2:
> My understanding became completely wrong,even though ip stealing prevention
> worked no other things worked.And to make situation worse traffic to vm
> worked with out rules priority 304 and 303.how can an additional in
Hi,
Running OVS 1.0.99 on xenserver 6.0.2.
*Tried ip stealing prevention,port filtering using two methods :*
Both worked when used First method but with second method tcp_port
filtering didnt work.Difference was *in_port *based drop policy and global
drop policy.
Method 1:
#*Dropped all regar
