diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-10-28 20:57:38 +0200 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2023-10-31 06:01:09 +0000 |
| commit | 2e85b7ccef45924f1aae03513e116b9087c7ef69 (patch) | |
| tree | 91fc367354555b5faa9d784e5683230370ac80fa /src/conf_mode/interfaces-vxlan.py | |
| parent | c937ef1b220b5d25834b3dd41ae9128b136d7b05 (diff) | |
| download | vyos-1x-2e85b7ccef45924f1aae03513e116b9087c7ef69.tar.gz vyos-1x-2e85b7ccef45924f1aae03513e116b9087c7ef69.zip | |
vxlan: T5668: add CLI knob to enable ARP/ND suppression
In order to minimize the flooding of ARP and ND messages in the VXLAN network,
EVPN includes provisions [1] that allow participating VTEPs to suppress such
messages in case they know the MAC-IP binding and can reply on behalf of the
remote host. In Linux, the above is implemented in the bridge driver using a
per-port option called "neigh_suppress" that was added in kernel version 4.15.
[1] https://www.rfc-editor.org/rfc/rfc7432#section-10
(cherry picked from commit ec9a95502daa88b9632af12524e7cefebf86bab6)
Diffstat (limited to 'src/conf_mode/interfaces-vxlan.py')
| -rwxr-xr-x | src/conf_mode/interfaces-vxlan.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py index 16cc96c63..6bf3227d5 100755 --- a/src/conf_mode/interfaces-vxlan.py +++ b/src/conf_mode/interfaces-vxlan.py @@ -165,6 +165,11 @@ def verify(vxlan): raise ConfigError(f'VNI "{vni}" is already assigned to a different VLAN!') vnis_used.append(vni) + if dict_search('parameters.neighbor_suppress', vxlan): + if 'is_bridge_member' not in vxlan: + raise ConfigError('Neighbor suppression requires that VXLAN interface '\ + 'is member of a bridge interface!') + verify_mtu_ipv6(vxlan) verify_address(vxlan) verify_bond_bridge_member(vxlan) |