|
|
On 9/3/05, Nick Maynard <nick.maynard@xxxxxxxxxxxxxxxxxxx> wrote: > Hello all, > > First of all I'd like to extend our thanks to the developers of OpenVPN - a > fantastic solution, which is a pleasure to work with. > > Secondly I'd like to ask a question. Our VPN network is set up as follows: > > Network A > | > Node A > / \ > / \ > / \ > / \ > Node B --------- Node C > | | > Network B Network C > > All links between nodes (all Linux hosts) are OpenVPN links over the Internet > through a router with mapped ports for servers, as you'd expect. > > We're using bridged ethernet to accomplish network bridging, so each node has a > bridge device consisting of the node's ethernet connection and both VPN TAP > devices on that node. > > All hosts are on the class-A 10.*.*.* subnet, with IP conflicts resolved by > allocating a class-B address space (10.x.*.*) to each network. DHCP queries > have naturally been blocked over the VPN by using ebtables. > > In order to avoid loops, etc., we've enabled STP on our VPN nodes. > > The upshot of all this is the following: we now have a fully functioning, > pretty rock-solid implementation. > > Sadly we have a niggle (there's always one). Because we're using STP, one node > is always elected as the root node. Lets's say node A is elected. Now all > communications from C -> B must go through A. This is slower than the ideal > situation, where comms from C -> B (and back) would go through the C -> B VPN > link. > > Our internet links are relatively slow (ADSL), with upload limits of about 256K. > Obviously avoiding indirectly routing packets if possible is desirable. > > We understand this is how STP works, but we'd like to put the question to the > OpenVPN users community (and the developers, if they're listening in). How > would you go about making sure the /optimal/ route to the packet destination is > always taken? > >From all the responses I've seen it looks likeyou had built a solid solution, and have to live with the drawbacks, or... Move to routed and live with the drawbacks there... I'm sure whoever is the root bridge is happy for that set of games. P.S. This, and broadcasts, are why bridged networks where upgraded to routed networks. -- Leonard Isham, CISSP Ostendo non ostento. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-09/msg00031.html on line 238 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-09/msg00031.html on line 238 |