lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 9 Oct 2019 11:56:38 +0200
From:   Alexis Bauvin <abauvin@...ine.net>
To:     Ondřej Flídr <flidr@...osting.cz>
Cc:     netdev@...r.kernel.org
Subject: Re: ip doesn't handle vxlan id and group correctly

Hi,

That’s because the vxlan driver only relies on the vni to discriminate
packets beween vxlan interface.
If you need several vxlan interfaces with the same vni, your best bet
currently is to place them in separate network namespaces, e.g.

ip netns add group-10
ip netns add group-20

echo "vxlan 101 - group 10, id 101"
ip -netns group-10 link add vxlan101 type vxlan id 101 group 239.0.3.10 dstport 8472 port 32768 61000
echo "vxlan 102 - group 10, id 102"
ip -netns group-10 link add vxlan102 type vxlan id 102 group 239.0.3.10 dstport 8472 port 32768 61000
echo "vxlan 201 - group 20, id 101"
ip -netns group-20 link add vxlan201 type vxlan id 101 group 239.0.3.20 dstport 8472 port 32768 61000

Note however this requires more setup with veths to forward the proper
traffic between netns: at least one for the underlay bridged to bond0
and possibly another one for the overlay, if your application cannot run
in a netns / requires access to all vnis.

Alexis Bauvin

(re-send for netdev as somehow the first one contained html)

> Le 7 oct. 2019 à 13:39, Ondřej Flídr <flidr@...osting.cz> a écrit :
> 
> Hello,
> 
> it seems that ip doesn't handle combination of vxlan id and group
> correctly. As you can see in attached script, I'm trying to create
> multiple vxlans all with different combination of group and vxlan id. I
> can create vxlans with different ids in same group, different ids in
> different groups but I cannot create vxlan with same id in different
> group, creation ends with "Error: A VXLAN device with the specified VNI
> already exists.". Tested on current version 5.3.0 on arch linux.
> 
> Best regards,
> 
> Ondrej Flidr
> 
> 
> <vxlantest.sh>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ