diff options
author | Christian Breunig <christian@breunig.cc> | 2023-10-28 20:57:38 +0200 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2023-10-30 16:20:56 +0100 |
commit | ec9a95502daa88b9632af12524e7cefebf86bab6 (patch) | |
tree | db1e08a4dc32654bfdc9624450165a2ed82402c1 /src/conf_mode | |
parent | 0e129df010f5306b9a8ba5b39fffb520baade38b (diff) | |
download | vyos-1x-ec9a95502daa88b9632af12524e7cefebf86bab6.tar.gz vyos-1x-ec9a95502daa88b9632af12524e7cefebf86bab6.zip |
vxlan: T5668: add CLI knob to enable ARP/ND suppression
In order to minimize the flooding of ARP and ND messages in the VXLAN network,
EVPN includes provisions [1] that allow participating VTEPs to suppress such
messages in case they know the MAC-IP binding and can reply on behalf of the
remote host. In Linux, the above is implemented in the bridge driver using a
per-port option called "neigh_suppress" that was added in kernel version 4.15.
[1] https://www.rfc-editor.org/rfc/rfc7432#section-10
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/interfaces-vxlan.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py index ff8144e74..7bd3fa692 100755 --- a/src/conf_mode/interfaces-vxlan.py +++ b/src/conf_mode/interfaces-vxlan.py @@ -34,6 +34,7 @@ from vyos.configverify import verify_bond_bridge_member from vyos.ifconfig import Interface from vyos.ifconfig import VXLANIf from vyos.template import is_ipv6 +from vyos.utils.dict import dict_search from vyos import ConfigError from vyos import airbag airbag.enable() @@ -164,6 +165,11 @@ def verify(vxlan): raise ConfigError(f'VNI "{vni}" is already assigned to a different VLAN!') vnis_used.append(vni) + if dict_search('parameters.neighbor_suppress', vxlan): + if 'is_bridge_member' not in vxlan: + raise ConfigError('Neighbor suppression requires that VXLAN interface '\ + 'is member of a bridge interface!') + verify_mtu_ipv6(vxlan) verify_address(vxlan) verify_bond_bridge_member(vxlan) |