Differences

This shows you the differences between two versions of the page.

--- fuss:networking [2018/08/03 09:11] – [Determining Open Outbound Ports] office
+++ fuss:networking [2022/04/19 08:28] – external edit 127.0.0.1
@@ Line 319: / Line 319: @@
 a01:5a80::/32
 </code>
+====== Solving Issues with PXE Servers not Working with Network Bridges with Spanning Tree Protocol Enabled ======
+A typical scenario of a non-working PXE server is a PXE server that has been set up on a Linux server running virtual machines that automatically join an STP-enabled network bridge once the virtual machine boots.
+The phenomenon is due to STP itself that runs through various stages (''Blocking'', ''Listening'', ''Learning'') before reaching the ''Forwarding'' state. When the virtual machine adds its interface to the STP-enabled bridge, the bridge switches to the ''Learning'' state, where, by default, the bridge spends at least 10 seconds (on Linux). For 10 seconds, the STP-enabled networking bridge will listen to packets and learn the new topology introduced by the addition of the interface. libvirt virtual machines run SeaBIOS as the default BIOS and, at version ''1.12'', the PXE boot code does not wait sufficiently for the bridge to switch to the ''Forwarding'' state and the network interface will not even be configured.
+Cisco routers have a (nasty) hack named ''portfast'' that can be set on a bridge that, when enabled, will skip over the ''Learning'' stage of the bridge and commute directly into the ''Forwarding'' state. Since the bridge will immediately forward packets, the issues with libvirt virtual machines should be resolved.
+In order to resolve the issue, STP can be turned off for the entire bridge:
+<code bash>
+brctl stp br0 off
+</code>
+but that means losing the extra benefits of having the STP protocol.
+Instead, and even better than Cisco ''portfast'', the forwarding delay can be lowered sufficiently for the SeaBIOS PXE boot code to obtain an IP address via DHCP:
+<code bash>
+brctl setfd br0 2
+</code>
+where:
+  * ''2'' is the number of seconds to spend in the ''Learning'' state (default ''10'' seconds).
+On Debian, in case the bridge is configured via ''/etc/network/interfaces'' the following changes can be made to the bridge in order to make the forwarding delay permanent:
+<code>
+auto br0
+iface br0 inet static
+...
+        # Enable STP
+        bridge_stp on
+        # Fix PXE with STP
+        bridge_fd 2
+...
+</code>
+====== Zooko's Triangle ======
+Zooko's triangle is a set of three properties where one rule is mutually exclusive with the other two that are generally considered desirable for names of participants on a network. The three properties are:
+  * Human-meaningful: Meaningful and memorable (low-entropy) names are provided to the users.
+  * Secure: The amount of damage a malicious entity can inflict on the system should be as low as possible.
+  * Decentralized: Names correctly resolve to their respective entities without the use of a central authority or service.
+Examples:
+  * DNSSec requires centralization and is thus not //Decentralized// but it is //Secure// and names are //Human-meaningful//,
+  * onion and bitcoin addresses are //Secure// and //Decentralized// but not //Human-meaningful//,
+  * i2p uses name-translation services and is thus not //Decentralized// but the names can be //Human-meaningful// and are //Secure// since they run locally.