Jingyun He
2010-Feb-01 05:55 UTC
[Xen-users] the bridge send all traffic to every vps when one vps starts
Hello, I noticed that when one vps starts, it will cause the bridge send all incoming traffic to every vps for a few seconds, is this normal behavior? Thank you _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Jingyun He
2010-Feb-01 21:00 UTC
[Xen-users] Re: the bridge send all traffic to every vps when one vps starts
Feb 2 04:47:03 server1 kernel: eth0: topology change detected, propagating Feb 2 04:47:03 server1 kernel: eth0: port 32(test2) entering forwarding state I found that the bridge will send all incoming traffic to all interfaces after port 32 entering forwarding state, And it lasts almost 20 seconds, How can I avoid this? Any help appreciated. Thank you. On Mon, Feb 1, 2010 at 6:55 AM, Jingyun He <jingyun.ho@gmail.com> wrote:> Hello, > I noticed that when one vps starts, it will cause the bridge send all > incoming traffic to every vps for a few seconds, is this normal > behavior? > > Thank you >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Simon Gottschlag
2010-Feb-02 00:37 UTC
Re: [Xen-users] Re: the bridge send all traffic to every vps when one vps starts
I''m no expert, but I belive the bridge works as a hub. Maybe you should try Open vSwitch? http://openvswitch.org/ Greetings, Simon On Mon, Feb 1, 2010 at 10:00 PM, Jingyun He <jingyun.ho@gmail.com> wrote:> Feb 2 04:47:03 server1 kernel: eth0: topology change detected, propagating > Feb 2 04:47:03 server1 kernel: eth0: port 32(test2) entering forwarding > state > > I found that the bridge will send all incoming traffic to all > interfaces after port 32 entering forwarding state, > And it lasts almost 20 seconds, > > How can I avoid this? Any help appreciated. > > Thank you. > > > On Mon, Feb 1, 2010 at 6:55 AM, Jingyun He <jingyun.ho@gmail.com> wrote: > > Hello, > > I noticed that when one vps starts, it will cause the bridge send all > > incoming traffic to every vps for a few seconds, is this normal > > behavior? > > > > Thank you > > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Nathan Eisenberg
2010-Feb-02 01:27 UTC
RE: [Xen-users] Re: the bridge send all traffic to every vps when one vps starts
>I''m no expert, but I belive the bridge works as a hub. >Maybe you should try Open vSwitch? >http://openvswitch.org/That would be counter to what a bridge is - which is to say, a switch (which floods on ARP-fail). Every time you start a VPS, the bridge''s MAC address table is probably getting flushed. It doesn''t ''converge'' for a period of time (once it''s learned where MAC addresses ''are'') - which is probably significant at 32 VPS''s. That said, openvswitch is a cool project. Just wanted to be clear - the bridge isn''t a hub, it''s just a switch that falls back to flooding traffic out all interfaces when its mac-address-table is empty. Best Regards, Nathan Eisenberg _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Simon Gottschlag
2010-Feb-02 22:50 UTC
Re: [Xen-users] Re: the bridge send all traffic to every vps when one vps starts
Hehe, do as Nathan says, I''ve just heard that the bridge works as a hub, that''s all ;) Greetings, Simon On Tue, Feb 2, 2010 at 2:27 AM, Nathan Eisenberg <nathan@atlasnetworks.us>wrote:> >I''m no expert, but I belive the bridge works as a hub. > >Maybe you should try Open vSwitch? > >http://openvswitch.org/ > > That would be counter to what a bridge is - which is to say, a switch > (which floods on ARP-fail). > > Every time you start a VPS, the bridge''s MAC address table is probably > getting flushed. It doesn''t ''converge'' for a period of time (once it''s > learned where MAC addresses ''are'') - which is probably significant at 32 > VPS''s. > > That said, openvswitch is a cool project. Just wanted to be clear - the > bridge isn''t a hub, it''s just a switch that falls back to flooding traffic > out all interfaces when its mac-address-table is empty. > > Best Regards, > Nathan Eisenberg > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Jingyun He
2010-Feb-02 23:04 UTC
Re: [Xen-users] Re: the bridge send all traffic to every vps when one vps starts
emm, Thank you, Is it possible use ebtable to filter these traffic? On Tue, Feb 2, 2010 at 1:37 AM, Simon Gottschlag <simon@gottschlag.se> wrote:> I''m no expert, but I belive the bridge works as a hub. > Maybe you should try Open vSwitch? > http://openvswitch.org/ > > Greetings, > Simon > > On Mon, Feb 1, 2010 at 10:00 PM, Jingyun He <jingyun.ho@gmail.com> wrote: >> >> Feb 2 04:47:03 server1 kernel: eth0: topology change detected, >> propagating >> Feb 2 04:47:03 server1 kernel: eth0: port 32(test2) entering forwarding >> state >> >> I found that the bridge will send all incoming traffic to all >> interfaces after port 32 entering forwarding state, >> And it lasts almost 20 seconds, >> >> How can I avoid this? Any help appreciated. >> >> Thank you. >> >> >> On Mon, Feb 1, 2010 at 6:55 AM, Jingyun He <jingyun.ho@gmail.com> wrote: >> > Hello, >> > I noticed that when one vps starts, it will cause the bridge send all >> > incoming traffic to every vps for a few seconds, is this normal >> > behavior? >> > >> > Thank you >> > >> >> _______________________________________________ >> Xen-users mailing list >> Xen-users@lists.xensource.com >> http://lists.xensource.com/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Simon Hobson
2010-Feb-03 08:11 UTC
Re: [Xen-users] Re: the bridge send all traffic to every vps when one vps starts
Jingyun He wrote:>Is it possible use ebtable to filter these traffic?Why ? Every ethernet network works the same way, at some point, machines will receive traffic that isn''t destined for them - and in the original arrangement before switches, this was the norm. The protocol stack will filter it out. In terms of security, yes someone could pick up traffic they shouldn''t see - but just how often does this happen ? Someone would have to be very lucky to be looking for traffic AND an interface changing state triggers the effect AND the traffic is interesting - all at the same time. You probably could use ebtables (or would it be iptables ?) to block any guest from seeing traffic that isn''t for it. You''d need a script to reconfigure the rules every time an interface comes up (and possibly goes down). -- Simon Hobson WANTED: "Software CD ROM Kit" for Canon CLBP 360-PS printer (Canon part no RH6-3612, or possibly RH6-3810, or RH6-3610 might do). I''ve a dead HD and need this CD so I can replace the disk and re-install the printer OS on it. If anyone knows where I might get hold of one I''d be grateful - requests to Canon drew a blank, it''s been out of support for years. Alternatively, if anyone has one of these and would let me image their hard disk ... Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users