| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180226133524.GB1195@lunn.ch>
Date: Mon, 26 Feb 2018 14:35:24 +0100
From: Andrew Lunn <andrew@...n.ch>
To: Ido Schimmel <idosch@...lanox.com>
Cc: netdev@...r.kernel.org, linux-kselftest@...r.kernel.org,
davem@...emloft.net, shuah@...nel.org, jiri@...lanox.com,
dsahern@...il.com, roopa@...ulusnetworks.com,
nikolay@...ulusnetworks.com, f.fainelli@...il.com,
vivien.didelot@...oirfairelinux.com, mlxsw@...lanox.com
Subject: Re: [PATCH net-next 00/14] selftests: forwarding: Add VRF-based tests
On Mon, Feb 26, 2018 at 10:59:34AM +0200, Ido Schimmel wrote:
> One of the nice things about network namespaces is that they allow one
> to easily create and test complex environments.
>
> Unfortunately, these namespaces can not be used with actual switching
> ASICs, as their ports can not be migrated to other network namespaces
> (NETIF_F_NETNS_LOCAL) and most of them probably do not support the
> L1-separation provided by namespaces.
>
> However, a similar kind of flexibility can be achieved by using VRFs and
> by looping the switch ports together. For example:
>
> br0
> +
> vrf-h1 | vrf-h2
> + +---+----+ +
> | | | |
> 192.0.2.1/24 + + + + 192.0.2.2/24
> swp1 swp2 swp3 swp4
> + + + +
> | | | |
> +--------+ +--------+
Hi Ido
So you decided to stick to a bridge of just two interfaces. You
clearly can write tests using this, but it seems very limiting. You
cannot test bridging vs flooding. You cannot tests packets don't leak
between parallel bridges. It i hard to test igmp snooping, etc.
It seems to me, using 8 ports, not 4, would give you a much more
flexible and interesting test setup.
Andrew
Powered by blists - more mailing lists