[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Three-way bridge setup


  • Subject: Re: [Openvpn-users] Three-way bridge setup
  • From: Stefan Bethke <stb@xxxxxxxxxx>
  • Date: Mon, 4 Jun 2007 14:57:14 +0200

Am 04.06.2007 um 12:21 schrieb Klaus Thielking-Riechert:

> On Mon, Jun 04, 2007 at 11:25:37AM +0200, Stefan Bethke wrote:
>
>> If I enable Spanning Tree Protocol on the bridges, this problem is
>> avoided, but all traffic between A and C will go via B (if B is
>> established as the STP root node), even though there is a direct link
>> between A and C.
>
> Well, when using bridging in this kind of a redundant setup you *must*
> enable STP in order to avoid loops because the ethernet protocol  
> has no
> loop detection like a TTL in IP protocol. This would be exactly the  
> same
> when you replace the OpenVPN tunnels by ethernet switches. In this  
> case,
> STP provides you with an automatic failover due to a topology change
> (eg. in case of a link loss).

Yes, exactly.

>> I could change to a routed configuration, but that would make certain
>> applications more cumbersome.  Is anybody running such a  
>> configuration?
>
> A routed configuration makes it possible to use all links  
> simulaneously
> and dependent of your destination address. Additionally you get rid of
>  broadcasts running over the link.

I don't want to get rid of broadcasts, because certain braindead  
applications rely on them for discovery and similar things.  This is  
why I want to run a bridged setup in the first place.

So the big question remains: without STP I'm going to get a broadcast  
storm over the OpenVPN links, with STP, I'm going to have limited  
performance due to the forwarding rules.  Is there any alternative?   
I haven't looked into ebtables yet, but I could be able to filter the  
"wrong" broadcast packets?


Stefan

-- 
Stefan Bethke <stb@xxxxxxxxxx>   Fon +49 170 346 0140


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users