SlideShare a Scribd company logo

Linux Bridging: Teaching an old dog new tricks

Stephen Hemminger
Stephen Hemminger

Overview of upcoming features in Linux bridge

Technology
1 of 20
Download to read offline
Linux Bridging Teaching an Old Dog New Tricks Stephen Hemminger shemminger@vyatta.com
Topics ● Background ● Tunneling ● Security ● Status
Bridge History 1985 1990 1998 2000 2001 2004 2005 2012 Ethernet IEEE IEEE IEEE RSTP Bridging 802.1d 802.1d 802.1d MSTP SPB Invented 1998 2004 802.1s 802.1aq Linux IGMP Bridge Snooping
Bridge Forwarding Flood Multicast? Destination? Output IGMP table Forwarding Table
Spanning Tree Protocol Root Leaf BPDU BPD Disabled U Edge
Tunnels VXLAN1 VXLAN2 Bridge1 Bridge2 Bridge1 Bridge2 Guest Guest Guest Guest A B C D
Cloud Tunneling Protocols ● VxLan – Arista, Broadcom, Cisco, Vmware, Red Hat ● NVGRE – Microsoft, Intel, Dell, Broadcom, Emulex ● STT – Niciria
API flavor's ● Ioctl – Compatibility – non-extensible ● Sysfs – Text based ● Netlink – Notifications – TLV format
Hw offload ● Common netlink API – Forwarding table – monitoring
Security ● BPDU guard ● BPDU filter ● Root port protect ● Port locking
STP Security Issues Bridge (core) Bridge (core) Bridge (edge) Guest VM
BPDU Filter Core Bridge BPDU blocked Not sent or received BPDU Untrusted Host
BPDU Guard Core Bridge Rogue BPDU! Link disabled BPDU BPDU Untrusted Host/Bridge
Root Port Protect BPDU Core Bridge Allowed if Priority < Root BPDU BPDU Semi-trusted Host/Bridge
Port lock Source Address Core Bridge Must match Untrusted Guest
Spanning Tree ● Current – Kernel – 802.1d 1998 – Userspace – RSTP daemon ● Goal – Kernel – 802.1d/802.1s – Userspace – SPB or TRILL?
Status ● VXLAN – 3.7 ● Security – 3.8? ● STP update – 3.9??
Bridge vs Openvswitch Ethernet Bridge Openvswitch – Plug and Play – Table driven – Firewall rules – Flexible – Integrated – Management agent
Thank you

Recommended

Userspace networking
Userspace networkingUserspace networking
Userspace networking
Stephen Hemminger
 
Virtual Network Performance Challenge
Virtual Network Performance ChallengeVirtual Network Performance Challenge
Virtual Network Performance Challenge
Stephen Hemminger
 
DPDK KNI interface
DPDK KNI interfaceDPDK KNI interface
DPDK KNI interface
Denys Haryachyy
 
Spanning Tree Protocol Cheat Sheet
Spanning Tree Protocol Cheat SheetSpanning Tree Protocol Cheat Sheet
Spanning Tree Protocol Cheat Sheet
Prasanna Shanmugasundaram
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
Thomas Graf
 
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comEigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Rishabh Dangwal
 
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackL2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
Maximilan Wilhelm
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Maximilan Wilhelm
 

Recommended

Userspace networking
Userspace networkingUserspace networking
Userspace networking
Stephen Hemminger
 
Virtual Network Performance Challenge
Virtual Network Performance ChallengeVirtual Network Performance Challenge
Virtual Network Performance Challenge
Stephen Hemminger
 
DPDK KNI interface
DPDK KNI interfaceDPDK KNI interface
DPDK KNI interface
Denys Haryachyy
 
Spanning Tree Protocol Cheat Sheet
Spanning Tree Protocol Cheat SheetSpanning Tree Protocol Cheat Sheet
Spanning Tree Protocol Cheat Sheet
Prasanna Shanmugasundaram
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
Thomas Graf
 
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comEigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Rishabh Dangwal
 
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackL2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
Maximilan Wilhelm
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Maximilan Wilhelm
 
Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorial
rakiva29
 
Layer-2 VPN
Layer-2 VPNLayer-2 VPN
Layer-2 VPN
rosmida
 
Sca n instructorppt_chapter2_final
Sca n instructorppt_chapter2_finalSca n instructorppt_chapter2_final
Sca n instructorppt_chapter2_final
Phuc Anh Tran
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Jim Geovedi
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Maximilan Wilhelm
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebula Project
 
第15讲 Stp
第15讲 Stp第15讲 Stp
第15讲 Stp
F.l. Yu
 
CDP Indicator
CDP IndicatorCDP Indicator
CDP Indicator
npsg
 
6 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 200802066 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 20080206
pauldeng
 
Open vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NATOpen vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NAT
Thomas Graf
 
ARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack PortingARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack Porting
Mathivanan Elangovan
 
Building your own CGN boxes with Linux
Building your own CGN boxes with LinuxBuilding your own CGN boxes with Linux
Building your own CGN boxes with Linux
Maximilan Wilhelm
 
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Maximilan Wilhelm
 
Demystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesDemystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode series
Cumulus Networks
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Maximilan Wilhelm
 
Packet Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocolPacket Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocol
Rafat Khandaker
 
Comparison between-ipv6-and-6 lowpan
Comparison between-ipv6-and-6 lowpanComparison between-ipv6-and-6 lowpan
Comparison between-ipv6-and-6 lowpan
Information Technology University
 
CCNA Exam 200-120 pdf
CCNA Exam 200-120 pdfCCNA Exam 200-120 pdf
CCNA Exam 200-120 pdf
Madhan Banda
 
IPv6 im Jahre 2018
IPv6 im Jahre 2018IPv6 im Jahre 2018
IPv6 im Jahre 2018
Maximilan Wilhelm
 
MPLS + BGP Presentation
MPLS + BGP PresentationMPLS + BGP Presentation
MPLS + BGP Presentation
Gino McCarty
 
Netem -emulating real networks in the lab
Netem -emulating real networks in the labNetem -emulating real networks in the lab
Netem -emulating real networks in the lab
Stephen Hemminger
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
 

More Related Content

What's hot

Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorial
rakiva29
 
Layer-2 VPN
Layer-2 VPNLayer-2 VPN
Layer-2 VPN
rosmida
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Jim Geovedi
 
第15讲 Stp
第15讲 Stp第15讲 Stp
第15讲 Stp
F.l. Yu
 
6 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 200802066 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 20080206
pauldeng
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Maximilan Wilhelm
 
IPv6 im Jahre 2018
IPv6 im Jahre 2018IPv6 im Jahre 2018
IPv6 im Jahre 2018
Maximilan Wilhelm
 

What's hot (20)

Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorial
 
Layer-2 VPN
Layer-2 VPNLayer-2 VPN
Layer-2 VPN
 
Sca n instructorppt_chapter2_final
Sca n instructorppt_chapter2_finalSca n instructorppt_chapter2_final
Sca n instructorppt_chapter2_final
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
 
第15讲 Stp
第15讲 Stp第15讲 Stp
第15讲 Stp
 
CDP Indicator
CDP IndicatorCDP Indicator
CDP Indicator
 
6 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 200802066 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 20080206
 
Open vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NATOpen vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NAT
 
ARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack PortingARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack Porting
 
Building your own CGN boxes with Linux
Building your own CGN boxes with LinuxBuilding your own CGN boxes with Linux
Building your own CGN boxes with Linux
 
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
 
Demystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesDemystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode series
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
 
Packet Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocolPacket Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocol
 
Comparison between-ipv6-and-6 lowpan
Comparison between-ipv6-and-6 lowpanComparison between-ipv6-and-6 lowpan
Comparison between-ipv6-and-6 lowpan
 
CCNA Exam 200-120 pdf
CCNA Exam 200-120 pdfCCNA Exam 200-120 pdf
CCNA Exam 200-120 pdf
 
IPv6 im Jahre 2018
IPv6 im Jahre 2018IPv6 im Jahre 2018
IPv6 im Jahre 2018
 
MPLS + BGP Presentation
MPLS + BGP PresentationMPLS + BGP Presentation
MPLS + BGP Presentation
 

Viewers also liked

How Quantum configures Virtual Networks under the Hood?
How Quantum configures Virtual Networks under the Hood?How Quantum configures Virtual Networks under the Hood?
How Quantum configures Virtual Networks under the Hood?
Etsuji Nakai
 
debugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitchdebugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitch
어형 이
 

Viewers also liked (11)

Netem -emulating real networks in the lab
Netem -emulating real networks in the labNetem -emulating real networks in the lab
Netem -emulating real networks in the lab
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
 
How Quantum configures Virtual Networks under the Hood?
How Quantum configures Virtual Networks under the Hood?How Quantum configures Virtual Networks under the Hood?
How Quantum configures Virtual Networks under the Hood?
 
debugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitchdebugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitch
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlan
 
Ifupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerIfupdown2: Network Interface Manager
Ifupdown2: Network Interface Manager
 
Virtualbox networking
Virtualbox networkingVirtualbox networking
Virtualbox networking
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux Kernel
 
Hardware Probing in the Linux Kernel
Hardware Probing in the Linux KernelHardware Probing in the Linux Kernel
Hardware Probing in the Linux Kernel
 
Networking in virtual machines
Networking in virtual machinesNetworking in virtual machines
Networking in virtual machines
 
LINUX Device Drivers
LINUX Device DriversLINUX Device Drivers
LINUX Device Drivers
 

Similar to Linux Bridging: Teaching an old dog new tricks

ZyXEL_VES-1624F-44_Product_Training
ZyXEL_VES-1624F-44_Product_TrainingZyXEL_VES-1624F-44_Product_Training
ZyXEL_VES-1624F-44_Product_Training
marrshsu
 
Tranzeo EL-500 Outdoor AP/ Router/ Bridge (quantumwimax.com)
Tranzeo EL-500 Outdoor AP/ Router/ Bridge (quantumwimax.com)Tranzeo EL-500 Outdoor AP/ Router/ Bridge (quantumwimax.com)
Tranzeo EL-500 Outdoor AP/ Router/ Bridge (quantumwimax.com)
Ari Zoldan
 
Brk 135 t-ccna_switching
Brk 135 t-ccna_switchingBrk 135 t-ccna_switching
Brk 135 t-ccna_switching
parthasn83
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
Ameen Wayok
 

Similar to Linux Bridging: Teaching an old dog new tricks (20)

LCSI Industrial Managed Switch Product Guide
LCSI Industrial Managed Switch Product GuideLCSI Industrial Managed Switch Product Guide
LCSI Industrial Managed Switch Product Guide
 
Spanning Tree Protocol
Spanning Tree ProtocolSpanning Tree Protocol
Spanning Tree Protocol
 
Vista-1600C GEPON OLT
Vista-1600C GEPON OLTVista-1600C GEPON OLT
Vista-1600C GEPON OLT
 
Why EoMPLS for CE
Why EoMPLS for CEWhy EoMPLS for CE
Why EoMPLS for CE
 
Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)
 
Bare Metal Club ATX: Networking Discussion
Bare Metal Club ATX: Networking DiscussionBare Metal Club ATX: Networking Discussion
Bare Metal Club ATX: Networking Discussion
 
ZyXEL_VES-1624F-44_Product_Training
ZyXEL_VES-1624F-44_Product_TrainingZyXEL_VES-1624F-44_Product_Training
ZyXEL_VES-1624F-44_Product_Training
 
IIR VPN London
IIR VPN LondonIIR VPN London
IIR VPN London
 
tplink manual best
tplink manual best tplink manual best
tplink manual best
 
Sun Ge9102 Olt
Sun Ge9102 OltSun Ge9102 Olt
Sun Ge9102 Olt
 
Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000
 
Deploying Carrier Ethernet Features on Cisco ASR 9000
Deploying Carrier Ethernet Features on Cisco ASR 9000Deploying Carrier Ethernet Features on Cisco ASR 9000
Deploying Carrier Ethernet Features on Cisco ASR 9000
 
Tranzeo EL-500 Outdoor AP/ Router/ Bridge (quantumwimax.com)
Tranzeo EL-500 Outdoor AP/ Router/ Bridge (quantumwimax.com)Tranzeo EL-500 Outdoor AP/ Router/ Bridge (quantumwimax.com)
Tranzeo EL-500 Outdoor AP/ Router/ Bridge (quantumwimax.com)
 
Bandwidth measurement
Bandwidth measurementBandwidth measurement
Bandwidth measurement
 
Multi protocol label switching (mpls)
Multi protocol label switching (mpls)Multi protocol label switching (mpls)
Multi protocol label switching (mpls)
 
Brk 135 t-ccna_switching
Brk 135 t-ccna_switchingBrk 135 t-ccna_switching
Brk 135 t-ccna_switching
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
 
huawei-s3700-28tp-ei-dc-brochure-datasheet.pdf
huawei-s3700-28tp-ei-dc-brochure-datasheet.pdfhuawei-s3700-28tp-ei-dc-brochure-datasheet.pdf
huawei-s3700-28tp-ei-dc-brochure-datasheet.pdf
 
CAN- controlled area network
CAN- controlled area networkCAN- controlled area network
CAN- controlled area network
 
Osi 7 layer
Osi 7 layerOsi 7 layer
Osi 7 layer
 

More from Stephen Hemminger

More from Stephen Hemminger (11)

Performance challenges in software networking
Performance challenges in software networkingPerformance challenges in software networking
Performance challenges in software networking
 
Staging driver sins
Staging driver sinsStaging driver sins
Staging driver sins
 
Untold story
Untold storyUntold story
Untold story
 
Llnw bufferbloat
Llnw bufferbloatLlnw bufferbloat
Llnw bufferbloat
 
Dpdk performance
Dpdk performanceDpdk performance
Dpdk performance
 
Bufferbloat is alll Wet!
Bufferbloat is alll Wet!Bufferbloat is alll Wet!
Bufferbloat is alll Wet!
 
Taking the Fear Out of Contributing
Taking the Fear Out of ContributingTaking the Fear Out of Contributing
Taking the Fear Out of Contributing
 
Integrating Linux routing with FusionCLI™
Integrating Linux routing with FusionCLI™Integrating Linux routing with FusionCLI™
Integrating Linux routing with FusionCLI™
 
A Baker's dozen of TCP
A Baker's dozen of TCPA Baker's dozen of TCP
A Baker's dozen of TCP
 
Virtual net performance
Virtual net performanceVirtual net performance
Virtual net performance
 
Online tools
Online toolsOnline tools
Online tools
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Recently uploaded (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

Linux Bridging: Teaching an old dog new tricks

  • 1. Linux Bridging Teaching an Old Dog New Tricks Stephen Hemminger shemminger@vyatta.com
  • 2. Topics ● Background ● Tunneling ● Security ● Status
  • 3. Bridge History 1985 1990 1998 2000 2001 2004 2005 2012 Ethernet IEEE IEEE IEEE RSTP Bridging 802.1d 802.1d 802.1d MSTP SPB Invented 1998 2004 802.1s 802.1aq Linux IGMP Bridge Snooping
  • 4. Bridge Forwarding Flood Multicast? Destination? Output IGMP table Forwarding Table
  • 5. Spanning Tree Protocol Root Leaf BPDU BPD Disabled U Edge
  • 6.
  • 7. Tunnels VXLAN1 VXLAN2 Bridge1 Bridge2 Bridge1 Bridge2 Guest Guest Guest Guest A B C D
  • 8. Cloud Tunneling Protocols ● VxLan – Arista, Broadcom, Cisco, Vmware, Red Hat ● NVGRE – Microsoft, Intel, Dell, Broadcom, Emulex ● STT – Niciria
  • 9. API flavor's ● Ioctl – Compatibility – non-extensible ● Sysfs – Text based ● Netlink – Notifications – TLV format
  • 10. Hw offload ● Common netlink API – Forwarding table – monitoring
  • 11. Security ● BPDU guard ● BPDU filter ● Root port protect ● Port locking
  • 12. STP Security Issues Bridge (core) Bridge (core) Bridge (edge) Guest VM
  • 13. BPDU Filter Core Bridge BPDU blocked Not sent or received BPDU Untrusted Host
  • 14. BPDU Guard Core Bridge Rogue BPDU! Link disabled BPDU BPDU Untrusted Host/Bridge
  • 15. Root Port Protect BPDU Core Bridge Allowed if Priority < Root BPDU BPDU Semi-trusted Host/Bridge
  • 16. Port lock Source Address Core Bridge Must match Untrusted Guest
  • 17. Spanning Tree ● Current – Kernel – 802.1d 1998 – Userspace – RSTP daemon ● Goal – Kernel – 802.1d/802.1s – Userspace – SPB or TRILL?
  • 18. Status ● VXLAN – 3.7 ● Security – 3.8? ● STP update – 3.9??
  • 19. Bridge vs Openvswitch Ethernet Bridge Openvswitch – Plug and Play – Table driven – Firewall rules – Flexible – Integrated – Management agent