summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-10-28 20:57:38 +0200
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2023-10-31 06:01:09 +0000
commit2e85b7ccef45924f1aae03513e116b9087c7ef69 (patch)
tree91fc367354555b5faa9d784e5683230370ac80fa /src
parentc937ef1b220b5d25834b3dd41ae9128b136d7b05 (diff)
downloadvyos-1x-2e85b7ccef45924f1aae03513e116b9087c7ef69.tar.gz
vyos-1x-2e85b7ccef45924f1aae03513e116b9087c7ef69.zip
vxlan: T5668: add CLI knob to enable ARP/ND suppression
In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions [1] that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host. In Linux, the above is implemented in the bridge driver using a per-port option called "neigh_suppress" that was added in kernel version 4.15. [1] https://www.rfc-editor.org/rfc/rfc7432#section-10 (cherry picked from commit ec9a95502daa88b9632af12524e7cefebf86bab6)
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/interfaces-vxlan.py5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
index 16cc96c63..6bf3227d5 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces-vxlan.py
@@ -165,6 +165,11 @@ def verify(vxlan):
raise ConfigError(f'VNI "{vni}" is already assigned to a different VLAN!')
vnis_used.append(vni)
+ if dict_search('parameters.neighbor_suppress', vxlan):
+ if 'is_bridge_member' not in vxlan:
+ raise ConfigError('Neighbor suppression requires that VXLAN interface '\
+ 'is member of a bridge interface!')
+
verify_mtu_ipv6(vxlan)
verify_address(vxlan)
verify_bond_bridge_member(vxlan)