[mesh-dev] Thinking through LAN port usage, or: Why bridges are bad news
Jernej Kos
jernej at kos.mx
Tue Jun 2 04:34:49 PDT 2015
Hello!
(TL;DR: Avoid bridges whenever possible.)
On 02. 06. 2015 13:19, Mitar wrote:
> Cannot you simply prevent broadcasting over this switch and this is it?
> Then Babel will not detect that nanobridges can directly talk to each
> other, but will create routes for each hop.
No, this is not entirely ok. It is not enough that you just drop
"broadcast" traffic. What you should do is to prevent any data
forwarding on L2 (layer 2). All data forwarding should only happen on
L3, where you (the routing protocol) can control it via the routing tables.
You can do this using ebtables (eg. "br0" is the bridge interface):
ebtables -A FORWARD --logical-in br0 -j DROP
This will effectively make the bridge no longer be a bridge, but just a
bunch of ports which all come together under the same interface.
The only strange thing now is that traffic on L3 will now come from the
bridge (br0) and will have to also be routed back into the bridge (br0).
But underneath it will actually be routed into the proper port based on
the MAC address of the next hop. I think this should work, but to me it
doesn't seem right, so I would rather avoid it.
So why use the bridge at all? You should just use the distinct
interfaces instead. If there is a design that avoids the bridge, use it.
Jernej
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://sudoroom.org/lists/private/mesh-dev/attachments/20150602/5c8d79bb/attachment.sig>
More information about the mesh-dev
mailing list