Open
Description
Sorry this is kinda two issues in one, but they potentially have the same fix so wanted to discuss them together.
- Currently the pcp vlan field is "leaked" externally for outgoing packets through a tagged vlan port when loop_protect_external is set. Sometimes it's 0, other times it's 2 -- which might cause problems with external networked systems that interpret this value somehow.
- Since STP is not part of Faucet, if lacp/LAG is not in use, an externally broadcast packet (e.g. ARP) on a loop_protect_external port might be looped back in through another loop_protect_external port, which then gets broadcast back out the originating port. This results in the sending device receiving a reflected copy of its own broadcast packet, which would be bad.
I'm proposing a new field "external_pcp_override" or equivalent that forces any egress packet on a loop_protect_external port to set the pcp value accordingly. This achieves two functions:
- Where the external system cares about the pcp value, this can be forced to a neutral value (e.g. 0) that is handled accordingly.
- If the packet is looped back by the external network, a port-in ACL rule could be created to discard a packet with the indicated VLAN PCP.
#2 would of course have problems if the external network was using the PCP value in some specific way, but that would be external-network dependent and isolated from anything internal to faucet.
Thoughts? Looking for guidance here, and then I can code up the needful.