How to drop arp requests trying to resolve a particular IP address at a logical switch port?

Amogh M K

8/25/24, 4:14 PM

I am using l2gateway port to attach a physical L2 segment to a logical network. But both the logical network and the physical segment has one common IP, say 10.0.0.1. I want to prevent the traffic from physical segment to logical network for this IP so that the traffic will always reach the 10.0.0.1 in the physical segment. What is the best way to do this?

I tried creating a port group with just the l2gateway port and added an ACL (access control list) to drop the arp packets with target IP address 10.0.0.1 (as shown in below commands). But it is not working and upon scouring the internet, I found out that ACLs do not support filtering based on fields within ARP packets, including the target protocol address.

ovn-nbctl pg-add <pg_name> <l2gateway_port_name>
ovn-nbctl acl-add <pg_name> to-lport 1 'arp && arp.tpa == 10.0.0.1' drop

0 + 1

networking

access-control-list

openstack

openvswitch

ovn

vidarlo

8/25/24, 4:38 PM

I would suggest fixing the duplicate address by routing or something.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to drop arp requests trying to resolve a particular IP address at a logical switch port?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.