From: alexandre derumier <aderumier@odiso.com>
To: px@jack.fr.eu.org,
Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH] controllers: bgp: enable multihop on the underlay
Date: Sat, 10 Apr 2021 12:37:15 +0200 [thread overview]
Message-ID: <0fb8950c-458f-72f0-7d26-c8d2a5492671@odiso.com> (raw)
In-Reply-To: <58e94720-ffc9-23a6-2168-850d18de4943@jack.fr.eu.org>
I just send a patch with an explicit option to add ebgp-multihop, as
it's a tunable value, and maybe users could have differents setup with
more hops.
On 09/04/2021 17:40, px@jack.fr.eu.org wrote:
> Hello,
>
> In Proxmox setup, there is no known serious issue
>
> In contrary to "ttl security" (aka GTSM), multihop is not a security
> feature
>
> I don't think there is a drawback to the proposed patch
> However, disabling multihop when there is only one peer should also
> works, so your proposal shall work as well
>
> As you wish :)
>
> Best regards,
>
> On 4/9/21 3:50 PM, alexandre derumier wrote:
>> Hi,
>>
>> any impact to enable it by default ?
>>
>> if user have only 1 peer for example ?
>>
>> maybe is is better to only enable it if we have more than 1 peer in
>> the group ?
>>
>> and check that we use ebgp.
>>
>> something like:
>>
>> push @controller_config, "neighbor BGP ebgp-multihop 3" if $ebgp &&
>> scalar @peers > 1;
>>
>>
>> On 09/04/2021 14:21, Alexandre Bruyelles wrote:
>>> From: Alexandre Bruyelles <git@jack.fr.eu.org>
>>>
>>> Multihop is required when the bgpd are running across
>>> a pair of MLAG routers.
>>> In such scenario, TCP trafic from Proxmox to router A
>>> may pass through router B, which will decrease the TTL.
>>>
>>> Signed-off-by: Alexandre Bruyelles <git@jack.fr.eu.org>
>>> ---
>>> PVE/Network/SDN/Controllers/BgpPlugin.pm | 1 +
>>> 1 file changed, 1 insertion(+)
>>>
>>> diff --git a/PVE/Network/SDN/Controllers/BgpPlugin.pm
>>> b/PVE/Network/SDN/Controllers/BgpPlugin.pm
>>> index e5d8490..69436a0 100644
>>> --- a/PVE/Network/SDN/Controllers/BgpPlugin.pm
>>> +++ b/PVE/Network/SDN/Controllers/BgpPlugin.pm
>>> @@ -85,6 +85,7 @@ sub generate_controller_config {
>>> push @controller_config, "neighbor BGP peer-group";
>>> push @controller_config, "neighbor BGP remote-as $remoteas";
>>> push @controller_config, "neighbor BGP bfd";
>>> + push @controller_config, "neighbor BGP ebgp-multihop 3";
>>> }
>>> # BGP peers
>
prev parent reply other threads:[~2021-04-10 10:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-09 12:21 Alexandre Bruyelles
2021-04-09 13:50 ` alexandre derumier
2021-04-09 15:40 ` px
2021-04-10 10:37 ` alexandre derumier [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0fb8950c-458f-72f0-7d26-c8d2a5492671@odiso.com \
--to=aderumier@odiso.com \
--cc=pve-devel@lists.proxmox.com \
--cc=px@jack.fr.eu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.