On Fri, Sep 20, 2024 at 11:24:47AM +1000, David Gwynne wrote:
> On Thu, Sep 19, 2024 at 09:48:15AM -0700, Bryan Vyhmeister wrote:
> > On Wed, Sep 18, 2024 at 11:17:45AM +1000, David Gwynne wrote:
<snip>
> > Once I realized wg(4) wouldn't work, my solution was to use a gif(4)
> > tunnel or etherip(4) bridged with veb(4) to a vport(4) but I think the
> > gif(4) solution is simpler. Either solution worked fine for ospfd and
> > ospf6d as well as BGP over IPv4 and IPv6. Is there a performance benefit
> > with etherip(4) and vport(4) rather than gif(4)?
>
> gif over dedicated ethernet links seems unecessary becase you should
> already have working IP connectivity. how does it help your situation?
This is actually something completely different. I am running BGP over
several internet links that would not support BGP from the provider so
running a tunnel back to a datacenter for multihoming. You're right,
that would be a waste.
<snip>
> > I'm still not clear on exactly what protected accomplishes with veb(4).
> > You mentioned that prevents loops but I don't understand how.
> >
> > Essentially, at this point, I think I can have etherip(4) links between
> > each site maybe in a close to fully meshed layout particularly back to
> > site A and, as long as I put the etherip(4) interfaces into the veb(4)
> > as protected, I will not have loops? Is that a correct understanding of
> > what you said?
>
> it's about what happens when you have broadcast/multicast/unknown
> unicast traffic in a full mesh topology.
>
> if a broadcast packet enters the veb at site A, it will flood the packet
> to the etherip links to both site B and site C. site B will then flood
> the broadcast packets to it's physical port and the link to site C. site
> C will then flood that broadcast packet to it's physical port and the
> link to site A. site A will then flood the packet to it's physical port
> and the link to site B, and so on.
>
> putting the etherip links at each site in the same protected domain
> prevents it flooding traffic from etherip links to other etherip links,
> which should be unecessary because the site that got the original
> broadcast traffic should have already flooded it to all sites anyway.
Thank you for the explanation. I will test it out and see if I can get
it to work the way I want.
Bryan
No comments:
Post a Comment