changluyi
commented
3 weeks ago the reason is that , when vm is stopped , the lsp is not deleted yet. then the flow related is also existed
when other pod send arp request, ovn will do arp proxy response
Open changluyi opened 3 weeks ago
changluyi
commented
3 weeks ago the reason is that , when vm is stopped , the lsp is not deleted yet. then the flow related is also existed
when other pod send arp request, ovn will do arp proxy response
zhangzujian
commented
2 weeks ago OVN Post v24.03.0
zhangzujian
commented
2 weeks ago In NB_Global table:
options : ignore_lsp_down: optional string
If set to false, ARP/ND reply flows for logical switch
ports will be installed only if the port is up, i.e.
claimed by a Chassis. If set to true, these flows are
installed regardless of the status of the port, which can
result in a situation that ARP request to an IP is
resolved even before the relevant VM/container is running.
For environments where this is not an issue, setting it to
true can reduce the load and latency of the control plane.
The default value is true.In Logical_Switch_Port table:
enabled: optional boolean
This column is used to administratively set port state. If
this column is empty or is set to true, the port is
enabled. If this column is set to false, the port is
disabled. A disabled port has all ingress and egress
traffic dropped.
Kube-OVN Version
1.13.0
Kubernetes Version
v1.26.1
Operation-system/Kernel Version
Linux bogon 3.10.0-1160.83.1.el7.x86_64
Description
This behavior doesn’t feel very common sense. when vm1 is stopped, vm2 ping the stopped VM's IP, He can still get the arp of vm2
Steps To Reproduce
it can also reproduce in a kind cluster
Current Behavior
can get the arp response from the ovn.
Expected Behavior
can't get the arp response from ovn.