SlideShare ist ein Scribd-Unternehmen logo

Linux Bridging: Teaching an old dog new tricks

Stephen Hemminger
Stephen Hemminger

Overview of upcoming features in Linux bridge

Technologie
1 von 20
Downloaden Sie, um offline zu lesen
Linux Bridging Teaching an Old Dog New Tricks Stephen Hemminger shemminger@vyatta.com
Topics ● Background ● Tunneling ● Security ● Status
Bridge History 1985 1990 1998 2000 2001 2004 2005 2012 Ethernet IEEE IEEE IEEE RSTP Bridging 802.1d 802.1d 802.1d MSTP SPB Invented 1998 2004 802.1s 802.1aq Linux IGMP Bridge Snooping
Bridge Forwarding Flood Multicast? Destination? Output IGMP table Forwarding Table
Spanning Tree Protocol Root Leaf BPDU BPD Disabled U Edge
Tunnels VXLAN1 VXLAN2 Bridge1 Bridge2 Bridge1 Bridge2 Guest Guest Guest Guest A B C D
Cloud Tunneling Protocols ● VxLan – Arista, Broadcom, Cisco, Vmware, Red Hat ● NVGRE – Microsoft, Intel, Dell, Broadcom, Emulex ● STT – Niciria
API flavor's ● Ioctl – Compatibility – non-extensible ● Sysfs – Text based ● Netlink – Notifications – TLV format
Hw offload ● Common netlink API – Forwarding table – monitoring
Security ● BPDU guard ● BPDU filter ● Root port protect ● Port locking
STP Security Issues Bridge (core) Bridge (core) Bridge (edge) Guest VM
BPDU Filter Core Bridge BPDU blocked Not sent or received BPDU Untrusted Host
BPDU Guard Core Bridge Rogue BPDU! Link disabled BPDU BPDU Untrusted Host/Bridge
Root Port Protect BPDU Core Bridge Allowed if Priority < Root BPDU BPDU Semi-trusted Host/Bridge
Port lock Source Address Core Bridge Must match Untrusted Guest
Spanning Tree ● Current – Kernel – 802.1d 1998 – Userspace – RSTP daemon ● Goal – Kernel – 802.1d/802.1s – Userspace – SPB or TRILL?
Status ● VXLAN – 3.7 ● Security – 3.8? ● STP update – 3.9??
Bridge vs Openvswitch Ethernet Bridge Openvswitch – Plug and Play – Table driven – Firewall rules – Flexible – Integrated – Management agent
Thank you

Empfohlen

Userspace networking
Userspace networkingUserspace networking
Userspace networkingStephen Hemminger
 
Virtual Network Performance Challenge
Virtual Network Performance ChallengeVirtual Network Performance Challenge
Virtual Network Performance ChallengeStephen Hemminger
 
DPDK KNI interface
DPDK KNI interfaceDPDK KNI interface
DPDK KNI interfaceDenys Haryachyy
 
Spanning Tree Protocol Cheat Sheet
Spanning Tree Protocol Cheat SheetSpanning Tree Protocol Cheat Sheet
Spanning Tree Protocol Cheat SheetPrasanna Shanmugasundaram
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemThomas Graf
 
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comEigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comRishabh Dangwal
 
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackL2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackMaximilan Wilhelm
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFMaximilan Wilhelm
 

Empfohlen

Userspace networking
Userspace networkingUserspace networking
Userspace networkingStephen Hemminger
 
Virtual Network Performance Challenge
Virtual Network Performance ChallengeVirtual Network Performance Challenge
Virtual Network Performance ChallengeStephen Hemminger
 
DPDK KNI interface
DPDK KNI interfaceDPDK KNI interface
DPDK KNI interfaceDenys Haryachyy
 
Spanning Tree Protocol Cheat Sheet
Spanning Tree Protocol Cheat SheetSpanning Tree Protocol Cheat Sheet
Spanning Tree Protocol Cheat SheetPrasanna Shanmugasundaram
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemThomas Graf
 
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comEigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comRishabh Dangwal
 
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackL2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackMaximilan Wilhelm
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFMaximilan Wilhelm
 
Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorialrakiva29
 
Layer-2 VPN
Layer-2 VPNLayer-2 VPN
Layer-2 VPNrosmida
 
Sca n instructorppt_chapter2_final
Sca n instructorppt_chapter2_finalSca n instructorppt_chapter2_final
Sca n instructorppt_chapter2_finalPhuc Anh Tran
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Jim Geovedi
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPMaximilan Wilhelm
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebula Project
 
第15讲 Stp
第15讲 Stp第15讲 Stp
第15讲 StpF.l. Yu
 
CDP Indicator
CDP IndicatorCDP Indicator
CDP Indicatornpsg
 
6 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 200802066 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 20080206pauldeng
 
Open vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NATOpen vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NATThomas Graf
 
ARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack PortingARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack PortingMathivanan Elangovan
 
Building your own CGN boxes with Linux
Building your own CGN boxes with LinuxBuilding your own CGN boxes with Linux
Building your own CGN boxes with LinuxMaximilan Wilhelm
 
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3Maximilan Wilhelm
 
Demystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesDemystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesCumulus Networks
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Maximilan Wilhelm
 
Packet Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocolPacket Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocolRafat Khandaker
 
Comparison between-ipv6-and-6 lowpan
Comparison between-ipv6-and-6 lowpanComparison between-ipv6-and-6 lowpan
Comparison between-ipv6-and-6 lowpanInformation Technology University
 
CCNA Exam 200-120 pdf
CCNA Exam 200-120 pdfCCNA Exam 200-120 pdf
CCNA Exam 200-120 pdfMadhan Banda
 
IPv6 im Jahre 2018
IPv6 im Jahre 2018IPv6 im Jahre 2018
IPv6 im Jahre 2018Maximilan Wilhelm
 
MPLS + BGP Presentation
MPLS + BGP PresentationMPLS + BGP Presentation
MPLS + BGP PresentationGino McCarty
 
Netem -emulating real networks in the lab
Netem -emulating real networks in the labNetem -emulating real networks in the lab
Netem -emulating real networks in the labStephen Hemminger
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 

Weitere ähnliche Inhalte

Was ist angesagt?

Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorialrakiva29
 
Layer-2 VPN
Layer-2 VPNLayer-2 VPN
Layer-2 VPNrosmida
 
Sca n instructorppt_chapter2_final
Sca n instructorppt_chapter2_finalSca n instructorppt_chapter2_final
Sca n instructorppt_chapter2_finalPhuc Anh Tran
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Jim Geovedi
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPMaximilan Wilhelm
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebula Project
 
第15讲 Stp
第15讲 Stp第15讲 Stp
第15讲 StpF.l. Yu
 
CDP Indicator
CDP IndicatorCDP Indicator
CDP Indicatornpsg
 
6 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 200802066 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 20080206pauldeng
 
Open vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NATOpen vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NATThomas Graf
 
ARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack PortingARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack PortingMathivanan Elangovan
 
Building your own CGN boxes with Linux
Building your own CGN boxes with LinuxBuilding your own CGN boxes with Linux
Building your own CGN boxes with LinuxMaximilan Wilhelm
 
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3Maximilan Wilhelm
 
Demystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesDemystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesCumulus Networks
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Maximilan Wilhelm
 
Packet Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocolPacket Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocolRafat Khandaker
 
CCNA Exam 200-120 pdf
CCNA Exam 200-120 pdfCCNA Exam 200-120 pdf
CCNA Exam 200-120 pdfMadhan Banda
 
MPLS + BGP Presentation
MPLS + BGP PresentationMPLS + BGP Presentation
MPLS + BGP PresentationGino McCarty
 

Was ist angesagt? (20)

Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorial
 
Layer-2 VPN
Layer-2 VPNLayer-2 VPN
Layer-2 VPN
 
Sca n instructorppt_chapter2_final
Sca n instructorppt_chapter2_finalSca n instructorppt_chapter2_final
Sca n instructorppt_chapter2_final
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
 
第15讲 Stp
第15讲 Stp第15讲 Stp
第15讲 Stp
 
CDP Indicator
CDP IndicatorCDP Indicator
CDP Indicator
 
6 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 200802066 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 20080206
 
Open vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NATOpen vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NAT
 
ARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack PortingARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack Porting
 
Building your own CGN boxes with Linux
Building your own CGN boxes with LinuxBuilding your own CGN boxes with Linux
Building your own CGN boxes with Linux
 
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
 
Demystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesDemystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode series
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
 
Packet Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocolPacket Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocol
 
Comparison between-ipv6-and-6 lowpan
Comparison between-ipv6-and-6 lowpanComparison between-ipv6-and-6 lowpan
Comparison between-ipv6-and-6 lowpan
 
CCNA Exam 200-120 pdf
CCNA Exam 200-120 pdfCCNA Exam 200-120 pdf
CCNA Exam 200-120 pdf
 
IPv6 im Jahre 2018
IPv6 im Jahre 2018IPv6 im Jahre 2018
IPv6 im Jahre 2018
 
MPLS + BGP Presentation
MPLS + BGP PresentationMPLS + BGP Presentation
MPLS + BGP Presentation
 

Andere mochten auch

Netem -emulating real networks in the lab
Netem -emulating real networks in the labNetem -emulating real networks in the lab
Netem -emulating real networks in the labStephen Hemminger
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 
How Quantum configures Virtual Networks under the Hood?
How Quantum configures Virtual Networks under the Hood?How Quantum configures Virtual Networks under the Hood?
How Quantum configures Virtual Networks under the Hood?Etsuji Nakai
 
debugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitchdebugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitch어형 이
 
Ifupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerIfupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerCumulus Networks
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux KernelKernel TLV
 
Hardware Probing in the Linux Kernel
Hardware Probing in the Linux KernelHardware Probing in the Linux Kernel
Hardware Probing in the Linux KernelKernel TLV
 
Networking in virtual machines
Networking in virtual machinesNetworking in virtual machines
Networking in virtual machinesLINE+
 

Andere mochten auch (11)

Netem -emulating real networks in the lab
Netem -emulating real networks in the labNetem -emulating real networks in the lab
Netem -emulating real networks in the lab
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
 
How Quantum configures Virtual Networks under the Hood?
How Quantum configures Virtual Networks under the Hood?How Quantum configures Virtual Networks under the Hood?
How Quantum configures Virtual Networks under the Hood?
 
debugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitchdebugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitch
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlan
 
Ifupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerIfupdown2: Network Interface Manager
Ifupdown2: Network Interface Manager
 
Virtualbox networking
Virtualbox networkingVirtualbox networking
Virtualbox networking
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux Kernel
 
Hardware Probing in the Linux Kernel
Hardware Probing in the Linux KernelHardware Probing in the Linux Kernel
Hardware Probing in the Linux Kernel
 
Networking in virtual machines
Networking in virtual machinesNetworking in virtual machines
Networking in virtual machines
 
LINUX Device Drivers
LINUX Device DriversLINUX Device Drivers
LINUX Device Drivers
 

Ähnlich wie Linux Bridging: Teaching an old dog new tricks

LCSI Industrial Managed Switch Product Guide
LCSI Industrial Managed Switch Product GuideLCSI Industrial Managed Switch Product Guide
LCSI Industrial Managed Switch Product GuideJames Fuh
 
Spanning Tree Protocol
Spanning Tree ProtocolSpanning Tree Protocol
Spanning Tree ProtocolManoj Gharate
 
Vista-1600C GEPON OLT
Vista-1600C GEPON OLTVista-1600C GEPON OLT
Vista-1600C GEPON OLTShanxi Cai
 
Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Peter R. Egli
 
Bare Metal Club ATX: Networking Discussion
Bare Metal Club ATX: Networking DiscussionBare Metal Club ATX: Networking Discussion
Bare Metal Club ATX: Networking DiscussionCarl Perry
 
ZyXEL_VES-1624F-44_Product_Training
ZyXEL_VES-1624F-44_Product_TrainingZyXEL_VES-1624F-44_Product_Training
ZyXEL_VES-1624F-44_Product_Trainingmarrshsu
 
tplink manual best
tplink manual best tplink manual best
tplink manual best bhandaridaka
 
Sun Ge9102 Olt
Sun Ge9102 OltSun Ge9102 Olt
Sun Ge9102 OltDevain
 
Deploying Carrier Ethernet Features on Cisco ASR 9000
Deploying Carrier Ethernet Features on Cisco ASR 9000Deploying Carrier Ethernet Features on Cisco ASR 9000
Deploying Carrier Ethernet Features on Cisco ASR 9000Vinod Kumar Balasubramanyam
 
Tranzeo EL-500 Outdoor AP/ Router/ Bridge (quantumwimax.com)
Tranzeo EL-500 Outdoor AP/ Router/ Bridge (quantumwimax.com)Tranzeo EL-500 Outdoor AP/ Router/ Bridge (quantumwimax.com)
Tranzeo EL-500 Outdoor AP/ Router/ Bridge (quantumwimax.com)Ari Zoldan
 
Bandwidth measurement
Bandwidth measurementBandwidth measurement
Bandwidth measurementjeromy fu
 
Multi protocol label switching (mpls)
Multi protocol label switching (mpls)Multi protocol label switching (mpls)
Multi protocol label switching (mpls)Online
 
Brk 135 t-ccna_switching
Brk 135 t-ccna_switchingBrk 135 t-ccna_switching
Brk 135 t-ccna_switchingparthasn83
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewAmeen Wayok
 
huawei-s3700-28tp-ei-dc-brochure-datasheet.pdf
huawei-s3700-28tp-ei-dc-brochure-datasheet.pdfhuawei-s3700-28tp-ei-dc-brochure-datasheet.pdf
huawei-s3700-28tp-ei-dc-brochure-datasheet.pdfHi-Network.com
 

Ähnlich wie Linux Bridging: Teaching an old dog new tricks (20)

LCSI Industrial Managed Switch Product Guide
LCSI Industrial Managed Switch Product GuideLCSI Industrial Managed Switch Product Guide
LCSI Industrial Managed Switch Product Guide
 
Spanning Tree Protocol
Spanning Tree ProtocolSpanning Tree Protocol
Spanning Tree Protocol
 
Vista-1600C GEPON OLT
Vista-1600C GEPON OLTVista-1600C GEPON OLT
Vista-1600C GEPON OLT
 
Why EoMPLS for CE
Why EoMPLS for CEWhy EoMPLS for CE
Why EoMPLS for CE
 
Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)
 
Bare Metal Club ATX: Networking Discussion
Bare Metal Club ATX: Networking DiscussionBare Metal Club ATX: Networking Discussion
Bare Metal Club ATX: Networking Discussion
 
ZyXEL_VES-1624F-44_Product_Training
ZyXEL_VES-1624F-44_Product_TrainingZyXEL_VES-1624F-44_Product_Training
ZyXEL_VES-1624F-44_Product_Training
 
IIR VPN London
IIR VPN LondonIIR VPN London
IIR VPN London
 
tplink manual best
tplink manual best tplink manual best
tplink manual best
 
Sun Ge9102 Olt
Sun Ge9102 OltSun Ge9102 Olt
Sun Ge9102 Olt
 
Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000
 
Deploying Carrier Ethernet Features on Cisco ASR 9000
Deploying Carrier Ethernet Features on Cisco ASR 9000Deploying Carrier Ethernet Features on Cisco ASR 9000
Deploying Carrier Ethernet Features on Cisco ASR 9000
 
Tranzeo EL-500 Outdoor AP/ Router/ Bridge (quantumwimax.com)
Tranzeo EL-500 Outdoor AP/ Router/ Bridge (quantumwimax.com)Tranzeo EL-500 Outdoor AP/ Router/ Bridge (quantumwimax.com)
Tranzeo EL-500 Outdoor AP/ Router/ Bridge (quantumwimax.com)
 
Bandwidth measurement
Bandwidth measurementBandwidth measurement
Bandwidth measurement
 
Multi protocol label switching (mpls)
Multi protocol label switching (mpls)Multi protocol label switching (mpls)
Multi protocol label switching (mpls)
 
Brk 135 t-ccna_switching
Brk 135 t-ccna_switchingBrk 135 t-ccna_switching
Brk 135 t-ccna_switching
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
 
huawei-s3700-28tp-ei-dc-brochure-datasheet.pdf
huawei-s3700-28tp-ei-dc-brochure-datasheet.pdfhuawei-s3700-28tp-ei-dc-brochure-datasheet.pdf
huawei-s3700-28tp-ei-dc-brochure-datasheet.pdf
 
CAN- controlled area network
CAN- controlled area networkCAN- controlled area network
CAN- controlled area network
 
Osi 7 layer
Osi 7 layerOsi 7 layer
Osi 7 layer
 

Mehr von Stephen Hemminger

Performance challenges in software networking
Performance challenges in software networkingPerformance challenges in software networking
Performance challenges in software networkingStephen Hemminger
 
Taking the Fear Out of Contributing
Taking the Fear Out of ContributingTaking the Fear Out of Contributing
Taking the Fear Out of ContributingStephen Hemminger
 
Integrating Linux routing with FusionCLI™
Integrating Linux routing with FusionCLI™Integrating Linux routing with FusionCLI™
Integrating Linux routing with FusionCLI™Stephen Hemminger
 

Mehr von Stephen Hemminger (11)

Performance challenges in software networking
Performance challenges in software networkingPerformance challenges in software networking
Performance challenges in software networking
 
Staging driver sins
Staging driver sinsStaging driver sins
Staging driver sins
 
Untold story
Untold storyUntold story
Untold story
 
Llnw bufferbloat
Llnw bufferbloatLlnw bufferbloat
Llnw bufferbloat
 
Dpdk performance
Dpdk performanceDpdk performance
Dpdk performance
 
Bufferbloat is alll Wet!
Bufferbloat is alll Wet!Bufferbloat is alll Wet!
Bufferbloat is alll Wet!
 
Taking the Fear Out of Contributing
Taking the Fear Out of ContributingTaking the Fear Out of Contributing
Taking the Fear Out of Contributing
 
Integrating Linux routing with FusionCLI™
Integrating Linux routing with FusionCLI™Integrating Linux routing with FusionCLI™
Integrating Linux routing with FusionCLI™
 
A Baker's dozen of TCP
A Baker's dozen of TCPA Baker's dozen of TCP
A Baker's dozen of TCP
 
Virtual net performance
Virtual net performanceVirtual net performance
Virtual net performance
 
Online tools
Online toolsOnline tools
Online tools
 

Kürzlich hochgeladen

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 

Linux Bridging: Teaching an old dog new tricks

  • 1. Linux Bridging Teaching an Old Dog New Tricks Stephen Hemminger shemminger@vyatta.com
  • 2. Topics ● Background ● Tunneling ● Security ● Status
  • 3. Bridge History 1985 1990 1998 2000 2001 2004 2005 2012 Ethernet IEEE IEEE IEEE RSTP Bridging 802.1d 802.1d 802.1d MSTP SPB Invented 1998 2004 802.1s 802.1aq Linux IGMP Bridge Snooping
  • 4. Bridge Forwarding Flood Multicast? Destination? Output IGMP table Forwarding Table
  • 5. Spanning Tree Protocol Root Leaf BPDU BPD Disabled U Edge
  • 6.
  • 7. Tunnels VXLAN1 VXLAN2 Bridge1 Bridge2 Bridge1 Bridge2 Guest Guest Guest Guest A B C D
  • 8. Cloud Tunneling Protocols ● VxLan – Arista, Broadcom, Cisco, Vmware, Red Hat ● NVGRE – Microsoft, Intel, Dell, Broadcom, Emulex ● STT – Niciria
  • 9. API flavor's ● Ioctl – Compatibility – non-extensible ● Sysfs – Text based ● Netlink – Notifications – TLV format
  • 10. Hw offload ● Common netlink API – Forwarding table – monitoring
  • 11. Security ● BPDU guard ● BPDU filter ● Root port protect ● Port locking
  • 12. STP Security Issues Bridge (core) Bridge (core) Bridge (edge) Guest VM
  • 13. BPDU Filter Core Bridge BPDU blocked Not sent or received BPDU Untrusted Host
  • 14. BPDU Guard Core Bridge Rogue BPDU! Link disabled BPDU BPDU Untrusted Host/Bridge
  • 15. Root Port Protect BPDU Core Bridge Allowed if Priority < Root BPDU BPDU Semi-trusted Host/Bridge
  • 16. Port lock Source Address Core Bridge Must match Untrusted Guest
  • 17. Spanning Tree ● Current – Kernel – 802.1d 1998 – Userspace – RSTP daemon ● Goal – Kernel – 802.1d/802.1s – Userspace – SPB or TRILL?
  • 18. Status ● VXLAN – 3.7 ● Security – 3.8? ● STP update – 3.9??
  • 19. Bridge vs Openvswitch Ethernet Bridge Openvswitch – Plug and Play – Table driven – Firewall rules – Flexible – Integrated – Management agent