|
|
Am 04.06.2007 um 12:21 schrieb Klaus Thielking-Riechert: > On Mon, Jun 04, 2007 at 11:25:37AM +0200, Stefan Bethke wrote: > >> If I enable Spanning Tree Protocol on the bridges, this problem is >> avoided, but all traffic between A and C will go via B (if B is >> established as the STP root node), even though there is a direct link >> between A and C. > > Well, when using bridging in this kind of a redundant setup you *must* > enable STP in order to avoid loops because the ethernet protocol > has no > loop detection like a TTL in IP protocol. This would be exactly the > same > when you replace the OpenVPN tunnels by ethernet switches. In this > case, > STP provides you with an automatic failover due to a topology change > (eg. in case of a link loss). Yes, exactly. >> I could change to a routed configuration, but that would make certain >> applications more cumbersome. Is anybody running such a >> configuration? > > A routed configuration makes it possible to use all links > simulaneously > and dependent of your destination address. Additionally you get rid of > broadcasts running over the link. I don't want to get rid of broadcasts, because certain braindead applications rely on them for discovery and similar things. This is why I want to run a bridged setup in the first place. So the big question remains: without STP I'm going to get a broadcast storm over the OpenVPN links, with STP, I'm going to have limited performance due to the forwarding rules. Is there any alternative? I haven't looked into ebtables yet, but I could be able to filter the "wrong" broadcast packets? Stefan -- Stefan Bethke <stb@xxxxxxxxxx> Fon +49 170 346 0140 ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |