Stephen Hemminger, profile picture
Uploaded byStephen Hemminger
PDF, PPTX4,746 views

Linux Bridging: Teaching an old dog new tricks

This document summarizes the history and current state of Linux bridging. It discusses how bridging has evolved from Ethernet bridging in 1985 to modern standards like 802.1aq Shortest Path Bridging. It also outlines key topics in bridging including tunneling protocols, the spanning tree protocol for avoiding loops, and security features. The status section notes that VXLAN support is in the mainline kernel but that updates to spanning tree and additional security features may be added in future kernel versions.

Embed presentation

Download as PDF, PPTX
Linux Bridging Teaching an Old Dog New Tricks Stephen Hemminger shemminger@vyatta.com
Topics ● Background ● Tunneling ● Security ● Status
Bridge History 1985 1990 1998 2000 2001 2004 2005 2012 Ethernet IEEE IEEE IEEE RSTP Bridging 802.1d 802.1d 802.1d MSTP SPB Invented 1998 2004 802.1s 802.1aq Linux IGMP Bridge Snooping
Bridge Forwarding Flood Multicast? Destination? Output IGMP table Forwarding Table
Spanning Tree Protocol Root Leaf BPDU BPD Disabled U Edge
Tunnels VXLAN1 VXLAN2 Bridge1 Bridge2 Bridge1 Bridge2 Guest Guest Guest Guest A B C D
Cloud Tunneling Protocols ● VxLan – Arista, Broadcom, Cisco, Vmware, Red Hat ● NVGRE – Microsoft, Intel, Dell, Broadcom, Emulex ● STT – Niciria
API flavor's ● Ioctl – Compatibility – non-extensible ● Sysfs – Text based ● Netlink – Notifications – TLV format
Hw offload ● Common netlink API – Forwarding table – monitoring
Security ● BPDU guard ● BPDU filter ● Root port protect ● Port locking
STP Security Issues Bridge (core) Bridge (core) Bridge (edge) Guest VM
BPDU Filter Core Bridge BPDU blocked Not sent or received BPDU Untrusted Host
BPDU Guard Core Bridge Rogue BPDU! Link disabled BPDU BPDU Untrusted Host/Bridge
Root Port Protect BPDU Core Bridge Allowed if Priority < Root BPDU BPDU Semi-trusted Host/Bridge
Port lock Source Address Core Bridge Must match Untrusted Guest
Spanning Tree ● Current – Kernel – 802.1d 1998 – Userspace – RSTP daemon ● Goal – Kernel – 802.1d/802.1s – Userspace – SPB or TRILL?
Status ● VXLAN – 3.7 ● Security – 3.8? ● STP update – 3.9??
Bridge vs Openvswitch Ethernet Bridge Openvswitch – Plug and Play – Table driven – Firewall rules – Flexible – Integrated – Management agent
Thank you

More Related Content

PDF
Userspace networking
byStephen Hemminger
 
PDF
Spanning Tree Protocol Cheat Sheet
byPrasanna Shanmugasundaram
 
PDF
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
byMaximilan Wilhelm
 
ODP
Virtual Network Performance Challenge
byStephen Hemminger
 
PDF
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
byRishabh Dangwal
 
PDF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
byMaximilan Wilhelm
 
PPTX
DPDK KNI interface
byDenys Haryachyy
 
PDF
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
byThomas Graf
 
Userspace networking
byStephen Hemminger
 
Spanning Tree Protocol Cheat Sheet
byPrasanna Shanmugasundaram
 
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
byMaximilan Wilhelm
 
Virtual Network Performance Challenge
byStephen Hemminger
 
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
byRishabh Dangwal
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
byMaximilan Wilhelm
 
DPDK KNI interface
byDenys Haryachyy
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
byThomas Graf
 

What's hot

PDF
Layer-2 VPN
byrosmida
 
PDF
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
byOpenNebula Project
 
PDF
MPLS + BGP Presentation
byGino McCarty
 
PDF
Waris l2vpn-tutorial
byrakiva29
 
PDF
Building your own CGN boxes with Linux
byMaximilan Wilhelm
 
PDF
Demystifying EVPN in the data center: Part 1 in 2 episode series
byCumulus Networks
 
PDF
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
byJim Geovedi
 
PDF
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
byMaximilan Wilhelm
 
PDF
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
byMaximilan Wilhelm
 
PDF
Open vSwitch - Stateful Connection Tracking & Stateful NAT
byThomas Graf
 
PPTX
Comparison between-ipv6-and-6 lowpan
byInformation Technology University
 
PPTX
CCNA Exam 200-120 pdf
byMadhan Banda
 
PPTX
CDP Indicator
bynpsg
 
DOCX
Packet Tracer: Cisco, Spanning tree protocol
byRafat Khandaker
 
PDF
Sca n instructorppt_chapter2_final
byPhuc Anh Tran
 
PDF
ARM LPC2300/LPC2400 TCP/IP Stack Porting
byMathivanan Elangovan
 
PDF
6 Lo Wpan Tutorial 20080206
bypauldeng
 
PPT
第15讲 Stp
byF.l. Yu
 
PDF
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
byMaximilan Wilhelm
 
PDF
IPv6 im Jahre 2018
byMaximilan Wilhelm
 
Layer-2 VPN
byrosmida
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
byOpenNebula Project
 
MPLS + BGP Presentation
byGino McCarty
 
Waris l2vpn-tutorial
byrakiva29
 
Building your own CGN boxes with Linux
byMaximilan Wilhelm
 
Demystifying EVPN in the data center: Part 1 in 2 episode series
byCumulus Networks
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
byJim Geovedi
 
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
byMaximilan Wilhelm
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
byMaximilan Wilhelm
 
Open vSwitch - Stateful Connection Tracking & Stateful NAT
byThomas Graf
 
Comparison between-ipv6-and-6 lowpan
byInformation Technology University
 
CCNA Exam 200-120 pdf
byMadhan Banda
 
CDP Indicator
bynpsg
 
Packet Tracer: Cisco, Spanning tree protocol
byRafat Khandaker
 
Sca n instructorppt_chapter2_final
byPhuc Anh Tran
 
ARM LPC2300/LPC2400 TCP/IP Stack Porting
byMathivanan Elangovan
 
6 Lo Wpan Tutorial 20080206
bypauldeng
 
第15讲 Stp
byF.l. Yu
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
byMaximilan Wilhelm
 
IPv6 im Jahre 2018
byMaximilan Wilhelm
 

Viewers also liked

PDF
Virtualbox networking
byChatchai Jantaraprim
 
PDF
VLANs in the Linux Kernel
byKernel TLV
 
PDF
Linux Networking Explained
byThomas Graf
 
PDF
macvlan and ipvlan
bySuraj Deshmukh
 
PPTX
Hardware Probing in the Linux Kernel
byKernel TLV
 
PDF
Networking in virtual machines
byLINE+
 
PDF
How Quantum configures Virtual Networks under the Hood?
byEtsuji Nakai
 
PDF
debugging openstack neutron /w openvswitch
by어형 이
 
PDF
Ifupdown2: Network Interface Manager
byCumulus Networks
 
PPT
LINUX Device Drivers
byPartha Bhattacharya
 
PDF
Netem -emulating real networks in the lab
byStephen Hemminger
 
Virtualbox networking
byChatchai Jantaraprim
 
VLANs in the Linux Kernel
byKernel TLV
 
Linux Networking Explained
byThomas Graf
 
macvlan and ipvlan
bySuraj Deshmukh
 
Hardware Probing in the Linux Kernel
byKernel TLV
 
Networking in virtual machines
byLINE+
 
How Quantum configures Virtual Networks under the Hood?
byEtsuji Nakai
 
debugging openstack neutron /w openvswitch
by어형 이
 
Ifupdown2: Network Interface Manager
byCumulus Networks
 
LINUX Device Drivers
byPartha Bhattacharya
 
Netem -emulating real networks in the lab
byStephen Hemminger
 

Similar to Linux Bridging: Teaching an old dog new tricks

PDF
LinuxConJapan2014_makita_0_MACVLAN.pdf
byDanielHanganu2
 
PDF
PLNOG 17 - Piotr Wojciechowski - 802.1s MST, czyli STP u operatora i w DC nie...
byPROIDEA
 
PPTX
Attacking the spanning tree protocol
byAsmadzakirah
 
PPT
CloudStack and SDN
bySebastien Goasguen
 
PDF
Ryu: network operating system
byIsaku Yamahata
 
PPT
Alp Stp
byAlp isik
 
PPTX
Week_Twelve_12_Review_Network STP Cisco.pptx
byjedax23086
 
PDF
Pushing a camel through the eye of a needle
bySensePost
 
PDF
XS Boston 2008 XenLoop
byThe Linux Foundation
 
PPT
Madge Smart Ringswitch - Version 2 Software
byRonald Bartels
 
PPT
Bridging.ppt
byRaghunathan Venkatesan
 
PPT
Lan_switchinzxcxzcxzczxczxczxcxcxcxzczxczxg.ppt
bymindhackers161
 
PPTX
nested-kvm
bysethuraman ramanathan
 
PDF
Server-side Intelligent Switching using vyatta
byNaoto MATSUMOTO
 
PPTX
The Potential Impact of Software Defined Networking SDN on Security
byBrent Salisbury
 
PPTX
FlowER Erlang Openflow Controller
byHolger Winkelmann
 
PPT
06 module catalyst 1900 switch operations
byAsif
 
PPTX
Keynote -金耀辉--network service in open stack cloud-osap2012_jinyh_v4
byOpenCity Community
 
PPTX
Network Service in OpenStack Cloud, by Yaohui Jin
byHui Cheng
 
KEY
Fosscon 2012 firewall workshop
byjvehent
 
LinuxConJapan2014_makita_0_MACVLAN.pdf
byDanielHanganu2
 
PLNOG 17 - Piotr Wojciechowski - 802.1s MST, czyli STP u operatora i w DC nie...
byPROIDEA
 
Attacking the spanning tree protocol
byAsmadzakirah
 
CloudStack and SDN
bySebastien Goasguen
 
Ryu: network operating system
byIsaku Yamahata
 
Alp Stp
byAlp isik
 
Week_Twelve_12_Review_Network STP Cisco.pptx
byjedax23086
 
Pushing a camel through the eye of a needle
bySensePost
 
XS Boston 2008 XenLoop
byThe Linux Foundation
 
Madge Smart Ringswitch - Version 2 Software
byRonald Bartels
 
Bridging.ppt
byRaghunathan Venkatesan
 
Lan_switchinzxcxzcxzczxczxczxcxcxcxzczxczxg.ppt
bymindhackers161
 
nested-kvm
bysethuraman ramanathan
 
Server-side Intelligent Switching using vyatta
byNaoto MATSUMOTO
 
The Potential Impact of Software Defined Networking SDN on Security
byBrent Salisbury
 
FlowER Erlang Openflow Controller
byHolger Winkelmann
 
06 module catalyst 1900 switch operations
byAsif
 
Keynote -金耀辉--network service in open stack cloud-osap2012_jinyh_v4
byOpenCity Community
 
Network Service in OpenStack Cloud, by Yaohui Jin
byHui Cheng
 
Fosscon 2012 firewall workshop
byjvehent
 

More from Stephen Hemminger

ODP
Virtual net performance
byStephen Hemminger
 
PDF
Llnw bufferbloat
byStephen Hemminger
 
ODP
A Baker's dozen of TCP
byStephen Hemminger
 
ODP
Dpdk performance
byStephen Hemminger
 
PDF
Performance challenges in software networking
byStephen Hemminger
 
ODP
Integrating Linux routing with FusionCLI™
byStephen Hemminger
 
PDF
Staging driver sins
byStephen Hemminger
 
PDF
Untold story
byStephen Hemminger
 
ODP
Bufferbloat is alll Wet!
byStephen Hemminger
 
PDF
Taking the Fear Out of Contributing
byStephen Hemminger
 
ODP
Online tools
byStephen Hemminger
 
Virtual net performance
byStephen Hemminger
 
Llnw bufferbloat
byStephen Hemminger
 
A Baker's dozen of TCP
byStephen Hemminger
 
Dpdk performance
byStephen Hemminger
 
Performance challenges in software networking
byStephen Hemminger
 
Integrating Linux routing with FusionCLI™
byStephen Hemminger
 
Staging driver sins
byStephen Hemminger
 
Untold story
byStephen Hemminger
 
Bufferbloat is alll Wet!
byStephen Hemminger
 
Taking the Fear Out of Contributing
byStephen Hemminger
 
Online tools
byStephen Hemminger
 

Recently uploaded

PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
PPTX
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
API-First Architecture in Financial Systems
bycyy111112
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 

Linux Bridging: Teaching an old dog new tricks

  • 1.
    Linux Bridging Teaching anOld Dog New Tricks Stephen Hemminger shemminger@vyatta.com
  • 2.
    Topics ● Background ● Tunneling ● Security ● Status
  • 3.
    Bridge History 1985 1990 1998 2000 2001 2004 2005 2012 Ethernet IEEE IEEE IEEE RSTP Bridging 802.1d 802.1d 802.1d MSTP SPB Invented 1998 2004 802.1s 802.1aq Linux IGMP Bridge Snooping
  • 4.
    Bridge Forwarding Flood Multicast? Destination? Output IGMP table Forwarding Table
  • 5.
    Spanning Tree Protocol Root Leaf BPDU BPD Disabled U Edge
  • 7.
    Tunnels VXLAN1 VXLAN2 Bridge1 Bridge2 Bridge1 Bridge2 Guest Guest Guest Guest A B C D
  • 8.
    Cloud Tunneling Protocols ● VxLan – Arista, Broadcom, Cisco, Vmware, Red Hat ● NVGRE – Microsoft, Intel, Dell, Broadcom, Emulex ● STT – Niciria
  • 9.
    API flavor's ● Ioctl – Compatibility – non-extensible ● Sysfs – Text based ● Netlink – Notifications – TLV format
  • 10.
    Hw offload ● Common netlink API – Forwarding table – monitoring
  • 11.
    Security ● BPDU guard ● BPDU filter ● Root port protect ● Port locking
  • 12.
    STP Security Issues Bridge (core) Bridge (core) Bridge (edge) Guest VM
  • 13.
    BPDU Filter Core Bridge BPDU blocked Not sent or received BPDU Untrusted Host
  • 14.
    BPDU Guard Core Bridge Rogue BPDU! Link disabled BPDU BPDU Untrusted Host/Bridge
  • 15.
    Root Port Protect BPDU Core Bridge Allowed if Priority < Root BPDU BPDU Semi-trusted Host/Bridge
  • 16.
    Port lock Source Address Core Bridge Must match Untrusted Guest
  • 17.
    Spanning Tree ● Current – Kernel – 802.1d 1998 – Userspace – RSTP daemon ● Goal – Kernel – 802.1d/802.1s – Userspace – SPB or TRILL?
  • 18.
    Status ● VXLAN – 3.7 ● Security – 3.8? ● STP update – 3.9??
  • 19.
    Bridge vs Openvswitch EthernetBridge Openvswitch – Plug and Play – Table driven – Firewall rules – Flexible – Integrated – Management agent
  • 20.