From: Danielle Ratson <danieller@nvidia.com>
To: <netdev@vger.kernel.org>
Cc: <razor@blackwall.org>, <idosch@nvidia.com>, <davem@davemloft.net>,
<edumazet@google.com>, <kuba@kernel.org>, <pabeni@redhat.com>,
<horms@kernel.org>, <shuah@kernel.org>, <bridge@lists.linux.dev>,
<linux-kernel@vger.kernel.org>, <linux-kselftest@vger.kernel.org>,
"Danielle Ratson" <danieller@nvidia.com>
Subject: [PATCH net-next 0/2] bridge: Do not suppress ARP probes and DAD NS unconditionally
Date: Wed, 29 Apr 2026 09:24:03 +0300 [thread overview]
Message-ID: <20260429062405.1386417-1-danieller@nvidia.com> (raw)
When using bridge neighbor suppression in EVPN deployments, Duplicate
Address Detection (DAD) is currently broken for both IPv4 (ARP probes)
and IPv6 (DAD Neighbor Solicitations). This prevents proper address
conflict detection across the VXLAN fabric.
The neighbor suppression feature allows the bridge to reply to ARP/NS
messages on behalf of remote hosts when FDB and neighbor entries exist,
suppressing unnecessary flooding over the VXLAN overlay. However, the
current implementation unconditionally suppresses ARP probes and DAD NS,
which breaks DAD.
For DAD to work correctly:
- When the bridge doesn't know the answer:
flood the probe/DAD packet to allow remote VTEPs to respond.
- When the bridge knows the answer:
reply to indicate the address is in use.
This series fixes the issue by adjusting the early suppression checks to
exclude ARP probes and DAD NS from unconditional suppression, allowing
them to reach the normal FDB lookup path. Gratuitous ARP and IPv6
unsolicited-NA messages are still suppressed unconditionally as before.
Patchset overview:
Patch #1: Fixes the unconditional suppression.
Patch #2: Adds selftests.
Danielle Ratson (2):
bridge: Do not suppress ARP probes and DAD NS unconditionally
selftests: net: Add tests for ARP probe and DAD NS handling
net/bridge/br_arp_nd_proxy.c | 16 ++-
.../net/test_bridge_neigh_suppress.sh | 126 ++++++++++++++++++
2 files changed, 137 insertions(+), 5 deletions(-)
--
2.51.0
next reply other threads:[~2026-04-29 6:24 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-29 6:24 Danielle Ratson [this message]
2026-04-29 6:24 ` [PATCH net-next 1/2] bridge: Do not suppress ARP probes and DAD NS unconditionally Danielle Ratson
2026-04-29 9:04 ` Nikolay Aleksandrov
2026-04-30 10:33 ` Danielle Ratson
2026-04-29 6:24 ` [PATCH net-next 2/2] selftests: net: Add tests for ARP probe and DAD NS handling Danielle Ratson
2026-04-29 9:04 ` Nikolay Aleksandrov
2026-05-01 1:10 ` [PATCH net-next 0/2] bridge: Do not suppress ARP probes and DAD NS unconditionally patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260429062405.1386417-1-danieller@nvidia.com \
--to=danieller@nvidia.com \
--cc=bridge@lists.linux.dev \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=idosch@nvidia.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=razor@blackwall.org \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox