|
Dear List; This is my first post to this list, I have tried to find the
answer to this question on my own but have not been able to get anything
definitive. Please excuse me if this question has been asked before.
The main question is this. “Is this bridge code the same as what is
implemented in openBSD?” Can someone point me to some definitive information
about this? I am involved in Layer 2 firewalls implementation project.
A precedent exists in the customer organisation for the use of openBSD for this
purpose. In the most recent implementation the design has a layer 2 loop
built in for redundancy which is handled by Cisco PVST. We discovered that
the bridging software in openBSD 4.3 does not pass Cisco PVST BPDUs. My research has lead me to the following: The above link discusses how the bridge works and mentions
that the bridge itself can be configured as a STP bridge, but that it STP can
also be disabled. Since openBSD bridges use RSTP (Rapid Spanning Tree) not
PVST as required by the customer we elected to disable RSTP on the bridge. The next URL is to a message posted this list by user
Cameron Schaus, On Fri, 08 Dec 2006 18:24:07 -0500 which is responded Stephen Hemminger. http://osdir.com/ml/network.bridge/2006-12/msg00023.html Cameron describes a scenario in detail which completely describes our scenario at a very basic level. In particular he asks of the behaviour of the bridging has changed from 2.1.15 and 2.1.17 as he noticed that BPDU’s are no longer being passed. Stephen replied, “The change was intentional because the bridge follows the 802 spec and doesn't pass link local multicast frames. If you are running STP on the network, you need to run STP on the bridge.” Further investigation produced the following threadhttps://lists.linux-foundation.org/pipermail/bridge/2007-April/005406.htmlOn Mon Apr 23 16:56:14 PDT 2007, Stephen Hemminger comments that it is more important to allow networking devices other than the bridging software to manage the topology. “I think if STP is disabled, the bridge would be more stable if it just forwarded the spanning tree packets. The rationale is that if someone leaves STP off on one bridge, but there are multiple paths from a bridge that is using spanning tree; then the bridge that is doing STP will see and break the potentially disastrous network loop. Therefore, I suggest the following (probably not until 2.6.22)”, a code sample follows. We confirmed this in the lab. The first test consisted of a CentOS 5.1 host running the 2.6.18.8 kernel. This kernel behaved exactly like openBSD and blocked PVST BPDUs. Rather than re-compile a post 2.6.22 kernel for CentOS it was easier to install Ubuntu 8.04 (Hardy Heron) on the same server and carry out the test again. The Ubuntu kernel was 2.6.24-19-generic. In this test the PVST BPDU’s were passed correctly through the Linux host allowing the switch to block one of the links. The bridge behaved as per our design by allowing PVST BPDUs to pass.Can someone comment on our findings? Was a decision
made initially to prevent PVST BPDU’s from passing and then a change made
to allow it? I am not a developer and have not gone through the
code. The above evidence, and our lab testing, tends to point to this.
I am seeking an additional, authoritative verification. Stephen if you
are able to spare a couple of minutes to comment on this we would be grateful
for your thoughts. Thank you for reading, many thanks and best regards – In
any case we love the open source bridge software and thank you all for your
efforts. Geoff Wiener |
_______________________________________________ Bridge mailing list Bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/bridge
