lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 22 Aug 2017 14:55:04 +0300
From:   Nikolay Aleksandrov <nikolay@...ulusnetworks.com>
To:     David Lamparter <equinox@...c24.net>
Cc:     Stephen Hemminger <stephen@...workplumber.org>,
        netdev@...r.kernel.org, bridge@...ts.linux-foundation.org,
        amine.kherbouche@...nd.com, roopa@...ulusnetworks.com
Subject: Re: [RFC net-next v2] bridge lwtunnel, VPLS & NVGRE

On 22/08/17 14:32, David Lamparter wrote:
> On Tue, Aug 22, 2017 at 02:01:40PM +0300, Nikolay Aleksandrov wrote:
>> On 22/08/17 03:01, Stephen Hemminger wrote:
>>> I know the bridge is an easy target to extend L2 forwarding, but it is not
>>> the only option. Have you condidered building a new driver (like VXLAN does)
>>> which does the forwarding you want. Having all features in one driver
>>> makes for worse performance, and increased complexity.
>>>
>>
>> +1
>>
>> As I said before, a separate implementation will be much cleaner and will not affect
>> the bridge in any way, paying both performance and complexity price for something that
>> the majority of users will not be using isn't worth it.  In addition this creates a
>> silent dependency between the bridge and the fdb metadata dst users, it would be much
>> more preferable to be able to run them separately.
>> If there is any code that will need to be re-used by VPLS (or anyone else) figure out a way
>> to factor it out.
> 
> Could you tell me why this argument didn't apply to the bridge vlan
> tunnel code?  It adds complexity to the bridge specifically for VXLAN
> (and it does *not* transfer to VPLS or 802.11) and reduces performance
> 
> ... by actually accessing the same metadata that this patchset does.
> 
> 
> -David
> 

The separation is clean and does not add any dependencies, that code is well isolated.
As for performance, the impact is minimal as it adds a test for a port flag that is
already in the cache at that point. In fact it can be compiled-out entirely if you
disable bridge vlan support. The metadata you're referring to is not accessed if
the port flag is not set or vlan support is compiled out removing its impact entirely.
You can have a vxlan setup without bridge, no ?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ