Comment 6 for bug 1498397

R2.0 only supports routing of IP packets. VRouter proxies with VRRP MAC 00:00:5e:00:01:00 for all VM IP-Address. When VRouter receives IP packet, the packet is routed only if the destination-mac is VRRP MAC (00:00:5e:00:01:00).

A bug was introduced In commit https://github.com/Juniper/contrail-controller/commit/b72913ed45eb921b11e8f2f2742bdb1242851a08, where ARP requests for unknown IP addresses in flooded. When ARP packets are flooded, the receiving VMs will learn "real" ARP address for the source.

Subsequently, packets destined for ARP learned will be bridged instead of getting routed (since destination-mac is not 00:00:5e:00:01:00). Bridged packets do not go thru flow processing in R2.0.

Due to learning of real MAC, we can have following cases for communication between VM1 and VM2
Case-1 : Routed from VM1 to VM2, Routed from VM2 to VM1
Case-2 : Routed from VM1 to VM2, Bridged from VM2 to VM1
Case-3 : Bridged from VM1 to VM2, Routed from VM2 to VM1
Case-4 : Bridged from VM1 to VM2, Bridged from VM2 to VM1

Out of these only Case-1 is valid scenario. Case-2, Case-3 and Case-4 can result in packet drops.

As a fix for R2.0, a control is added to avoid flooding of ARP packets.