veth peer 使用 neutron 地址对

1. neutron地址对绑定给虚拟机port后 arp响应与虚拟机port的区别

虚拟机port绑定给虚拟机，即compute livbvirt attatch port给br-int 实际上是调用 ovs-vsctl add-port br-int tapxxx，再这个阶段，ovs或者ovn-northd 会给该port对应的ip添加arp流表

(ovn-sb-db)[root@control1051 /]# ovn-sbctl dump-flows |grep '172.30.30.72' | grep arp
table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "7b484a48-f14f-4c98-9630-e07bd378a897" && eth.src == fa:16:3e:3a:97:20 && arp.sha == fa:16:3e:3a:97:20 && arp.spa == {172.30.30.72, 172.30.30.128, 172.30.30.132, 172.30.30.159, 172.30.30.211, 172.30.30.37}), action=(next;)
table=14(ls_in_arp_rsp ), priority=100 , match=(arp.tpa == 172.30.30.72 && arp.op == 1 && inport == "7b484a48-f14f-4c98-9630-e07bd378a897"), action=(next;)
table=14(ls_in_arp_rsp ), priority=50 , match=(arp.tpa == 172.30.30.72 && arp.op == 1), action=(eth.dst = eth.src; eth.src = fa:16:3e:3a:97:20; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = fa:16:3e:3a:97:20; arp.tpa = arp.spa; arp.spa = 172.30.30.72; outport = inport; flags.loopback = 1; output;)

注意table13
table=13(lr_in_arp_resolve ), priority=100 , match=(outport == "lrp-10a66385-3103-48a8-b40e-ae9130e8787c" && reg0 == 172.30.30.72), action=(eth.dst = fa:16:3e:3a:97:20; next;)

注意table13

而port绑定为地址对后

table=13(lr_in_arp_resolve ), priority=100 , match=(outport == "lrp-10a66385-3103-48a8-b40e-ae9130e8787c" && reg0 == 172.30.30.106), action=(eth.dst = 00:00:00:00:00:00; next;)

地址对是发广播包

2. 如何解决arp响应的问题

根据linux 的网络设置
一般neutron地址对如果是配置给虚拟机主网卡的子网卡，那么vm是会响应arp，但是如果是将该ip绑定给veth-peer，vm是不会响应该arp广播的，解决方式:
开启 arp 代理
net.ipv4.conf.all.proxy_arp=1