From: "Linus Lüssing" <linus.luessing@c0d3.blue>
To: Marek Lindner <mareklindner@neomailbox.ch>
Cc: b.a.t.m.a.n@lists.open-mesh.org
Subject: Re: [B.A.T.M.A.N.] [PATCH] batman-adv: introduce "noflood" broadcast flood prevention option
Date: Sat, 27 Apr 2019 04:38:49 +0200 [thread overview]
Message-ID: <20190427023848.GK6201@otheros> (raw)
In-Reply-To: <1906609.VMlLDzDynG@rousseau>
On Sat, Apr 27, 2019 at 05:56:03AM +0800, Marek Lindner wrote:
> On Saturday, 27 April 2019 01:12:31 HKT Linus Lüssing wrote:
> > With DAT DHCP snooping, the gateway feature and multicast optimizations
> > in place in some scenarios broadcast flooding might not be strictly
> > necessary anymore to be able to establish IPv4/IPv6 communication.
> > Therefore this patch adds an option to disable broadcast flooding.
> >
> > Larger mesh networks typically filter a variety of multicast packets via
> > ebtables/netfilter to clamp on overhead. With this option such firewall
> > rules can be relaxed so that such multicast packets are only dropped
> > if they cannot be handled by multicast-to-unicast, for instance.
>
> Could you outline the use-case for this specific noflood option in more detail ?
> The description above is not entirely clear to me. Especially, the 'might not
> be strictly necessary anymore' to 'firewall rules can be relaxed'. How are
> these things connected ? Is this option implemented only, so that some firewall
> rules don't need to be set anymore ?
The main use-case I currently have in mind is safely enabling multicast in
larger, public mesh networks:
Currently we have firewall rules in Gluon to drop most multicast.
With multicast-to-multi-unicast we could in theory use multicast
without creating broadcast overhead for the whole mesh. However
only until we hit the multicast_fanout threshold. Then things
would get flooded again.
The desired behaviour in this case would be to let multicast packets pass
unless they would be flooded. A firewall does not know which
mechanism batman-adv would choose. Hence this option within
batman-adv to create this desired behaviour.
With "might not be strictly necessary anymore" I ment that if
certain requirements are met that address assignments and address
resolution can now be achieved without needing broadcast flooding.
> What happens if a user enables 'noflood' but does not fall into the 'might not
> be strictly necessary anymore' category ?
Well, broken connectivity. Typing "ip link set dev eth0 multicast off"
in a setup which still needs multicast to function would be an
analogy then :).
Regards, Linus
next prev parent reply other threads:[~2019-04-27 2:38 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-26 17:12 [B.A.T.M.A.N.] [PATCH] batman-adv: introduce "noflood" broadcast flood prevention option Linus Lüssing
2019-04-26 21:56 ` Marek Lindner
2019-04-27 2:38 ` Linus Lüssing [this message]
2019-04-27 2:53 ` Linus Lüssing
2019-04-28 17:04 ` Sven Eckelmann
2019-04-28 19:04 ` Martin Weinelt
2019-04-30 16:01 ` Linus Lüssing
2019-04-30 16:07 ` Linus Lüssing
2019-05-02 6:40 ` Sven Eckelmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190427023848.GK6201@otheros \
--to=linus.luessing@c0d3.blue \
--cc=b.a.t.m.a.n@lists.open-mesh.org \
--cc=mareklindner@neomailbox.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox