Quote:
Originally Posted by OpenBSDDragon
Configuring BPDU Protection on Edge Interfaces under OpenBSD Bridge!
Is this possible?
|
I will be corrected if I am wrong, but I am not finding anything in the CVS commit messages indicating that completed work has been checked into the repository.
For those interested,
BPDU packets are used in spanning tree protocols to ascertain the switch topology within a network. This is important to prune the paths packets take to ensure they do not endlessly travel about any cycles present. Spoofed BPDU packets could potentially degrade network performance by confusing the standard algorithms used to prevent topological cycles..
From limited research spent to answer this question, it appears that the major commercial players in the market -- Cisco, Juniper, & HP have switch features which monitor this & provide SNMP hooks which can alert administrators. It is also notable that I don't find any RFC describing this feature. I suspect that each vendor is implementing protection in their own manner, & the results
may not be portable across different vendors. If this is true, I can then understand why BPDU protection is not yet available on OpenBSD.