summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-10-28 20:57:38 +0200
committerChristian Breunig <christian@breunig.cc>2023-10-30 16:20:56 +0100
commitec9a95502daa88b9632af12524e7cefebf86bab6 (patch)
treedb1e08a4dc32654bfdc9624450165a2ed82402c1 /src/conf_mode
parent0e129df010f5306b9a8ba5b39fffb520baade38b (diff)
downloadvyos-1x-ec9a95502daa88b9632af12524e7cefebf86bab6.tar.gz
vyos-1x-ec9a95502daa88b9632af12524e7cefebf86bab6.zip
vxlan: T5668: add CLI knob to enable ARP/ND suppression
In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions [1] that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host. In Linux, the above is implemented in the bridge driver using a per-port option called "neigh_suppress" that was added in kernel version 4.15. [1] https://www.rfc-editor.org/rfc/rfc7432#section-10
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interfaces-vxlan.py6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
index ff8144e74..7bd3fa692 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces-vxlan.py
@@ -34,6 +34,7 @@ from vyos.configverify import verify_bond_bridge_member
from vyos.ifconfig import Interface
from vyos.ifconfig import VXLANIf
from vyos.template import is_ipv6
+from vyos.utils.dict import dict_search
from vyos import ConfigError
from vyos import airbag
airbag.enable()
@@ -164,6 +165,11 @@ def verify(vxlan):
raise ConfigError(f'VNI "{vni}" is already assigned to a different VLAN!')
vnis_used.append(vni)
+ if dict_search('parameters.neighbor_suppress', vxlan):
+ if 'is_bridge_member' not in vxlan:
+ raise ConfigError('Neighbor suppression requires that VXLAN interface '\
+ 'is member of a bridge interface!')
+
verify_mtu_ipv6(vxlan)
verify_address(vxlan)
verify_bond_bridge_member(vxlan)