More Related Content
Similar to Linux Bridging: Teaching an old dog new tricks (20)
More from Stephen Hemminger (11)
Linux Bridging: Teaching an old dog new tricks
- 2. Topics
● Background
● Tunneling
● Security
● Status
- 3. Bridge History
1985 1990 1998 2000 2001 2004 2005 2012
Ethernet IEEE IEEE IEEE
RSTP
Bridging 802.1d 802.1d 802.1d MSTP SPB
Invented 1998 2004 802.1s 802.1aq
Linux IGMP
Bridge Snooping
- 4. Bridge Forwarding
Flood
Multicast? Destination? Output
IGMP
table Forwarding
Table
- 7. Tunnels
VXLAN1
VXLAN2
Bridge1 Bridge2 Bridge1 Bridge2
Guest Guest Guest Guest
A B C D
- 8. Cloud Tunneling Protocols
● VxLan
– Arista, Broadcom, Cisco, Vmware, Red Hat
● NVGRE
– Microsoft, Intel, Dell, Broadcom, Emulex
● STT
– Niciria
- 9. API flavor's
● Ioctl
– Compatibility
– non-extensible
● Sysfs
– Text based
● Netlink
– Notifications
– TLV format
- 10. Hw offload
● Common netlink API
– Forwarding table
– monitoring
- 11. Security
● BPDU guard
● BPDU filter
● Root port protect
● Port locking
- 13. BPDU Filter
Core Bridge BPDU blocked
Not sent or received
BPDU
Untrusted
Host
- 14. BPDU Guard
Core Bridge
Rogue BPDU!
Link disabled
BPDU
BPDU
Untrusted
Host/Bridge
- 15. Root Port Protect
BPDU
Core Bridge Allowed if
Priority < Root
BPDU
BPDU
Semi-trusted
Host/Bridge
- 16. Port lock
Source Address
Core Bridge Must match
Untrusted
Guest
- 17. Spanning Tree
● Current
– Kernel – 802.1d 1998
– Userspace – RSTP daemon
● Goal
– Kernel – 802.1d/802.1s
– Userspace – SPB or TRILL?
- 18. Status
● VXLAN – 3.7
● Security – 3.8?
● STP update – 3.9??