On Fri, Sep 20, 2024 at 11:24:47AM +1000, David Gwynne wrote: > On Thu, Sep 19, 2024 at 09:48:15AM -0700, Bryan Vyhmeister wrote: > > On Wed, Sep 18, 2024 at 11:17:45AM +1000, David Gwynne wrote: <snip> > > Once I realized wg(4) wouldn't work, my solution was to use a gif(4) > > tunnel or etherip(4) bridged with veb(4) to a vport(4) but I think the > > gif(4) solution is simpler. Either solution worked fine for ospfd and > > ospf6d as well as BGP over IPv4 and IPv6. Is there a performance benefit > > with etherip(4) and vport(4) rather than gif(4)? > > gif over dedicated ethernet links seems unecessary becase you should > already have working IP connectivity. how does it help your situation?
This is actually something completely different. I am running BGP over several internet links that would not support BGP from the provider so running a tunnel back to a datacenter for multihoming. You're right, that would be a waste. <snip> > > I'm still not clear on exactly what protected accomplishes with veb(4). > > You mentioned that prevents loops but I don't understand how. > > > > Essentially, at this point, I think I can have etherip(4) links between > > each site maybe in a close to fully meshed layout particularly back to > > site A and, as long as I put the etherip(4) interfaces into the veb(4) > > as protected, I will not have loops? Is that a correct understanding of > > what you said? > > it's about what happens when you have broadcast/multicast/unknown > unicast traffic in a full mesh topology. > > if a broadcast packet enters the veb at site A, it will flood the packet > to the etherip links to both site B and site C. site B will then flood > the broadcast packets to it's physical port and the link to site C. site > C will then flood that broadcast packet to it's physical port and the > link to site A. site A will then flood the packet to it's physical port > and the link to site B, and so on. > > putting the etherip links at each site in the same protected domain > prevents it flooding traffic from etherip links to other etherip links, > which should be unecessary because the site that got the original > broadcast traffic should have already flooded it to all sites anyway. Thank you for the explanation. I will test it out and see if I can get it to work the way I want. Bryan
