lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 May 2023 12:57:38 -0400
From: "Andrew J. Schorr" <ajschorr@...mni.princeton.edu>
To: Hangbin Liu <liuhangbin@...il.com>
Cc: Jay Vosburgh <jay.vosburgh@...onical.com>, netdev@...r.kernel.org
Subject: Re: [Issue] Bonding can't show correct speed if lower interface is
 bond 802.3ad

Hi Hangbin & Jay,

On Wed, May 10, 2023 at 03:50:34PM +0800, Hangbin Liu wrote:
> On Mon, May 08, 2023 at 11:32:16AM -0700, Jay Vosburgh wrote:
> > 	That case should work fine without the active-backup.  LACP has
> > a concept of an "individual" port, which (in this context) would be the
> > "normal NIC," presuming that that means its link peer isn't running
> > LACP.
> > 
> > 	If all of the ports (N that are LACP to a single switch, plus 1
> > that's the non-LACP "normal NIC") were attached to a single bond, it
> > would create one aggregator with the LACP enabled ports, and then a
> > separate aggregator for the indvidual port that's not.  The aggregator
> > selection logic prefers the LACP enabled aggregator over the individual
> > port aggregator.  The precise criteria is in the commentary within
> > ad_agg_selection_test().
> > 
> 
> cc Andrew, He add active-backup bond over LACP bond because he want to
> use arp_ip_target to ensure that the target network is reachable...

That's correct. I prefer the ARP monitoring to ensure that the needed
connectivity is actually there instead of relying on MII monitoring.

I also confess that I was unaware of the possibility of using an individual
port inside an 802.3ad bond without having to stick that individual port into a
port-channel group with LACP enabled. I want to avoid enabling LACP on that
link because I'd like to be able to PXE boot over it, not to mention the switch
configuration hassle.  Is that individual port configuration without LACP
detected automatically by the kernel, or do I need to configure something to do
that? I see the logic in drivers/net/bonding/bond_3ad.c to set is_individual,
but it appears to depend on whether duplex is enabled. At that point, I got
lost, since I see duplex mentioned only in ad_user_port_key, and that seems to
be a property of the bond master, not the slaves. Is there any documentation of
how this configuration works?

But in any case, I still prefer active-backup on top of 802.3ad so that I can
have the ARP monitoring.

If it's too much trouble to get the top-level bond to report duplex/speed
correctly when the underlying bond speed changes, then I think it would
be an improvement to set duplex/speed to N/A (or -1) for a bond of
bonds configuration instead of potentially having incorrect information.
I imagine such a fix might be much easier than updating dynamically
when the lower-level 802.3ad bond changes speed.

Best regards,
Andy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ