ARP loop in a OVS topology

inesl

New Member
Dec 4, 2019
2
0
1
24
Good afternoon,

I hope the community could help me with my problem.

I have 3 VMs, each one with an OVS with bridge "br0". The VM1 and VM2 are connected via a GRE tunnel to the Server and via VXLAN tunnels between both.

arploop-Page-2 (1).jpg

Whenever I run:

arping -I br0 10.0.1.10 (or)
arping -I br0 10.0.1.20

from the server, an ARP loop takes place and the network become unusable, since all bridges become full with forwarded ARP requests and replies.


In the network environment I'm trying to create, I don't want the VM1 br0 and the VM2 br0 to send ARPs to each other, in order to prevent this loop.

So, In both VMs, I installed the following flow entry:

ovs-ofctl -O openflow13 add-flow br0 priority=65535,arp,in_port=<vxlan_tunnel>,arp_spa=10.0.1.0/24,action=drop

which I thought would drop the ARP packets that are being infinitely forwarded due to the connection between VM1 and VM2. But it did not.

Even if I drop the request packets coming from the tunnel GRE, with ARP destination different from the bridge receiving the ARP request, like the following:

ovs-ofctl -O openflow13 add-flow br0 priority=65535,arp,in_port=gre1,arp_spa=10.0.1.50,arp_tpa=10.0.1.20,action=drop

the flow entry is ignored, and the ARP loop continues.


What is the correct way to formulate the flow entries so that ARP packets coming from the server, that are not destined to the bridge, are dropped? And how can I block ARP packets of the 10.0.1.0/24 network coming from the vxlan tunnel?

Note: I've already enabled STP in the VM1 and VM2 bridges, but the problem persists.

Thank you for reading
 
Hi,

you can use filter it with arptables.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!