[B.A.T.M.A.N.] [PATCH] batman-adv: introduce "noflood" broadcast flood prevention option

Martin Weinelt martin at darmstadt.freifunk.net
Sun Apr 28 21:04:19 CEST 2019


Hi everyone,

Please see my reply below.

On 4/28/19 7:04 PM, Sven Eckelmann wrote:
> On Friday, 26 April 2019 19:12:31 CEST Linus Lüssing wrote:
>> With DAT DHCP snooping, the gateway feature and multicast optimizations
>> in place in some scenarios broadcast flooding might not be strictly
>> necessary anymore to be able to establish IPv4/IPv6 communication.
>> Therefore this patch adds an option to disable broadcast flooding.
>>
>> Larger mesh networks typically filter a variety of multicast packets via
>> ebtables/netfilter to clamp on overhead. With this option such firewall
>> rules can be relaxed so that such multicast packets are only dropped
>> if they cannot be handled by multicast-to-unicast, for instance.
>>
>> "noflood" comes in two flavours: If set to 1 then flood prevention is
>> enabled for all multicast/broadcast packets except ICMPv6 and IGMP
>> (cautious mode). Or, if set to 2 then flood prevention is enabled for
>> all multicast/broadcast packets (aggressive mode). If set to 0 then
>> flood prevention is disabled.
>>
>> "noflood" is disabled by default as there are still some things to take
>> care of to avoid breaking things (especially for the "aggressive mode").
>>
>> Signed-off-by: Linus Lüssing <linus.luessing at c0d3.blue>
> 
> @Martin, I think you've started to experiment with this noflood feature. Any 
> experiences which you can share with us?
> 
> Kind regards,
> 	Sven
> 

We have been using the early noflood and DHCP snooping patches from
Linus since roughly 2018/04. They were based on sockmarking packets that
should be handled by noflood. This resulted in quite some amount of
ebtables rules on our gateways, that marked addresses within DHCP ranges
for noflood, since they were very likely already snooped. The result can
be seen in graphs I provided to Linus back then, that are now visible at
https://www.open-mesh.org/projects/batman-adv/wiki/DAT_DHCP_Snooping#Result.

We did not experience any usability issues that could be traced back to
these patches. I've dropped the patches when the DHCP snooping landed
upstream, so we're currently (since 2019/04) running
v2019.1-14-g28573050 without without noflood.

I have no knowledge of this versions two new "flavours", I was pretty
happy with the aggressiveness of the earlier patches even though it's
manual setup, where we created those ebtables rules from scratch. I
would be happy to also test these new changes, but I'm currently lacking
the wirerrd (https://github.com/T-X/wirerrd) setup that created those
fancy graphs.


Best regards,
Martin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.open-mesh.org/pipermail/b.a.t.m.a.n/attachments/20190428/8fc34c97/attachment.sig>


More information about the B.A.T.M.A.N mailing list