From: px@jack.fr.eu.org
To: alexandre derumier <aderumier@odiso.com>,
Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH] controllers: bgp: enable multihop on the underlay
Date: Fri, 9 Apr 2021 17:40:44 +0200 [thread overview]
Message-ID: <58e94720-ffc9-23a6-2168-850d18de4943@jack.fr.eu.org> (raw)
In-Reply-To: <c576291a-8093-0ab1-1141-a0966e0d1c96@odiso.com>
Hello,
In Proxmox setup, there is no known serious issue
In contrary to "ttl security" (aka GTSM), multihop is not a security feature
I don't think there is a drawback to the proposed patch
However, disabling multihop when there is only one peer should also
works, so your proposal shall work as well
As you wish :)
Best regards,
On 4/9/21 3:50 PM, alexandre derumier wrote:
> Hi,
>
> any impact to enable it by default ?
>
> if user have only 1 peer for example ?
>
> maybe is is better to only enable it if we have more than 1 peer in the
> group ?
>
> and check that we use ebgp.
>
> something like:
>
> push @controller_config, "neighbor BGP ebgp-multihop 3" if $ebgp &&
> scalar @peers > 1;
>
>
> On 09/04/2021 14:21, Alexandre Bruyelles wrote:
>> From: Alexandre Bruyelles <git@jack.fr.eu.org>
>>
>> Multihop is required when the bgpd are running across
>> a pair of MLAG routers.
>> In such scenario, TCP trafic from Proxmox to router A
>> may pass through router B, which will decrease the TTL.
>>
>> Signed-off-by: Alexandre Bruyelles <git@jack.fr.eu.org>
>> ---
>> PVE/Network/SDN/Controllers/BgpPlugin.pm | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/PVE/Network/SDN/Controllers/BgpPlugin.pm
>> b/PVE/Network/SDN/Controllers/BgpPlugin.pm
>> index e5d8490..69436a0 100644
>> --- a/PVE/Network/SDN/Controllers/BgpPlugin.pm
>> +++ b/PVE/Network/SDN/Controllers/BgpPlugin.pm
>> @@ -85,6 +85,7 @@ sub generate_controller_config {
>> push @controller_config, "neighbor BGP peer-group";
>> push @controller_config, "neighbor BGP remote-as $remoteas";
>> push @controller_config, "neighbor BGP bfd";
>> + push @controller_config, "neighbor BGP ebgp-multihop 3";
>> }
>> # BGP peers
next prev parent reply other threads:[~2021-04-09 15:41 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-09 12:21 Alexandre Bruyelles
2021-04-09 13:50 ` alexandre derumier
2021-04-09 15:40 ` px [this message]
2021-04-10 10:37 ` alexandre derumier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=58e94720-ffc9-23a6-2168-850d18de4943@jack.fr.eu.org \
--to=px@jack.fr.eu.org \
--cc=aderumier@odiso.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.