Hi everyone,
Please see my reply below.
On 4/28/19 7:04 PM, Sven Eckelmann wrote:
On Friday, 26 April 2019 19:12:31 CEST Linus Lüssing wrote:
With DAT DHCP snooping, the gateway feature and multicast optimizations in place in some scenarios broadcast flooding might not be strictly necessary anymore to be able to establish IPv4/IPv6 communication. Therefore this patch adds an option to disable broadcast flooding.
Larger mesh networks typically filter a variety of multicast packets via ebtables/netfilter to clamp on overhead. With this option such firewall rules can be relaxed so that such multicast packets are only dropped if they cannot be handled by multicast-to-unicast, for instance.
"noflood" comes in two flavours: If set to 1 then flood prevention is enabled for all multicast/broadcast packets except ICMPv6 and IGMP (cautious mode). Or, if set to 2 then flood prevention is enabled for all multicast/broadcast packets (aggressive mode). If set to 0 then flood prevention is disabled.
"noflood" is disabled by default as there are still some things to take care of to avoid breaking things (especially for the "aggressive mode").
Signed-off-by: Linus Lüssing linus.luessing@c0d3.blue
@Martin, I think you've started to experiment with this noflood feature. Any experiences which you can share with us?
Kind regards, Sven
We have been using the early noflood and DHCP snooping patches from Linus since roughly 2018/04. They were based on sockmarking packets that should be handled by noflood. This resulted in quite some amount of ebtables rules on our gateways, that marked addresses within DHCP ranges for noflood, since they were very likely already snooped. The result can be seen in graphs I provided to Linus back then, that are now visible at https://www.open-mesh.org/projects/batman-adv/wiki/DAT_DHCP_Snooping#Result.
We did not experience any usability issues that could be traced back to these patches. I've dropped the patches when the DHCP snooping landed upstream, so we're currently (since 2019/04) running v2019.1-14-g28573050 without without noflood.
I have no knowledge of this versions two new "flavours", I was pretty happy with the aggressiveness of the earlier patches even though it's manual setup, where we created those ebtables rules from scratch. I would be happy to also test these new changes, but I'm currently lacking the wirerrd (https://github.com/T-X/wirerrd) setup that created those fancy graphs.
Best regards, Martin