Replyin to ARP request of ECMP source only if VM is hosted
When an ARP request is received on compute node on fabric interface from
an ECMP source, ARP response is sent with Vhost mac even though the ARP
request is not meant for any VM on that compute node. Because of this,
even if BMS pings another BMS, every compute node receiving this ARP
request is responding with Vhost mac leading to ARP cache poisoning in
BMS.
As a fix, only if ARP request is meant for a VM on compute node, the
response is sent with Vhost mac.
No source IP lookup for ARP requests from BMS
For the packets from VM to an ECMP destination we are forcing the
packets to be L3 routed. When ARP request comes for that VM from one of
the ECMP sources, though we have the stiching for VM's IP we give
Vhost's MAC to route the packets as packets need to be routed in this
direction as well. This functioanlity is added with the fix for the bug
1472796.
But the fix for the above bug should not handle the ARP request coming
from BMS (in TSN) as TSN is never a gateway for BMS. Such ARP request
should be flooded. So the fix is to not force the L3 if ARP request is
from BMS.
Reviewed: https:/ /review. opencontrail. org/17480 github. org/Juniper/ contrail- vrouter/ commit/ 806037a7bc25ad1 f4dfff9e4713b41 4be62c38b2
Committed: http://
Submitter: Zuul
Branch: R2.20.x
commit 806037a7bc25ad1 f4dfff9e4713b41 4be62c38b2
Author: Divakar <email address hidden>
Date: Tue Sep 22 21:59:40 2015 +0530
Replyin to ARP request of ECMP source only if VM is hosted
When an ARP request is received on compute node on fabric interface from
an ECMP source, ARP response is sent with Vhost mac even though the ARP
request is not meant for any VM on that compute node. Because of this,
even if BMS pings another BMS, every compute node receiving this ARP
request is responding with Vhost mac leading to ARP cache poisoning in
BMS.
As a fix, only if ARP request is meant for a VM on compute node, the
response is sent with Vhost mac.
No source IP lookup for ARP requests from BMS
For the packets from VM to an ECMP destination we are forcing the
packets to be L3 routed. When ARP request comes for that VM from one of
the ECMP sources, though we have the stiching for VM's IP we give
Vhost's MAC to route the packets as packets need to be routed in this
direction as well. This functioanlity is added with the fix for the bug
1472796.
But the fix for the above bug should not handle the ARP request coming
from BMS (in TSN) as TSN is never a gateway for BMS. Such ARP request
should be flooded. So the fix is to not force the L3 if ARP request is
from BMS.
Change-Id: I4036dcd6eaf757 b579de8ae391855 aa7269a9ac1
closes-bug: #1485804
closes-bug: #1491644