lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Thu, 22 Jul 2021 07:39:44 -0700
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     netdev@...r.kernel.org
Subject: Fw: [Bug 213821] New: Cannot create LACP bond over virtual network
 interfaces



Begin forwarded message:

Date: Thu, 22 Jul 2021 14:04:56 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: stephen@...workplumber.org
Subject: [Bug 213821] New: Cannot create LACP bond over virtual network interfaces


https://bugzilla.kernel.org/show_bug.cgi?id=213821

            Bug ID: 213821
           Summary: Cannot create LACP bond over virtual network
                    interfaces
           Product: Networking
           Version: 2.5
    Kernel Version: 3.10
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: Other
          Assignee: stephen@...workplumber.org
          Reporter: darren.reed@...telsystems.com.au
        Regression: No

Typically an LACP bond is formed over a pair of physical network interfaces to
another piece of hardware. This is the bread and butter of many systems
engineers.

But what about virtual network interfaces, such as tunnels?

Except in 1 case, it does not work. Why?

None of the virtual network interfaces (geneve, vxlan, ipip, gre) advertise
either the network interface speed or the duplex of the connection. Check your
output from "ethtool" to confirm. This prevents the 802.3ad driver from ever
using the virtual network interface. That's the bug.

There is of course some merit behind that because as virtual network interfaces
they have no inherent speed. But then there's the tun driver.

The tun driver advertises 10Mb/s and full duplex but it is the slowest of all
the family of virtual network interfaces and thus the least desirable. It's not
clear why someone chose 10Mb/s but it has its place.

Why would I like to create a LACP bond over a pair of virtual interfaces?
Because that's the easiest way to know if the other end is "dead". For example,
if I create a L2TP tunnel between two systems and run an 802.3ad bond over each
interface on the two systems then the LACP heartbeat becomes a defacto method
of informing me about the status of the other system.

In short, using an 802.3ad bond over a tunnel allows the bond network
connection to become a virtual wire between the two systems. When the bond goes
down, it as if the network cable has been unplugged.

After all that, what would I like to see fixed? Where a virtual network device
(such as geneve) is associated with a physical device (such as eno1) that it
inherits the physical properties of speed and duplex of the physical device.
This may also be applied to other virtual network devices that have a physical
device associated with them upon creation.

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are the assignee for the bug.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ