{"id":1174,"date":"2012-02-15T14:05:31","date_gmt":"2012-02-15T22:05:31","guid":{"rendered":"http:\/\/wp.colliertech.org\/cj\/?p=1174"},"modified":"2012-02-15T14:05:31","modified_gmt":"2012-02-15T22:05:31","slug":"software-bridge-loops-suck-too","status":"publish","type":"post","link":"https:\/\/wp.c9h.org\/cj\/?p=1174","title":{"rendered":"software bridge loops suck, too"},"content":{"rendered":"

I didn’t realize that I had two of my machines attached to openvpn from the same l2 segment. It caused a network outage for about 24 hours. Sorry for the downtime folks.<\/p>\n

I believe that if I turn on stp for all nodes which have two legs in to the same l2, I can avoid this type of problem in the future. But I don’t think the broadcast network overhead for managing the spanning tree is worth it. Especially for vlans which span counties.<\/p>\n\n

Wait, I think LD1<\/a> is in the same county as the vlan hub. How about “vlans which span legislative districts.”<\/p>\n

http:\/\/wa-demchairs.org\/kcdems\/districts.php<\/a><\/p>\n

Hello from LD40, Orcas3! Reporting from F5 HQ\/LD36 in Seattle.<\/p>\n\n

I use the following tools to manage my vlans and bridges:<\/p>\n

vlan<\/a>, bridge-utils<\/a> and openvpn<\/a><\/p>\n

I verify my tls certs with perl.<\/p>\n

\r\n#!\/usr\/bin\/perl -wT\r\n\r\nuse strict;\r\n\r\nuse Log::Log4perl;\r\n\r\nLog::Log4perl->init('\/etc\/openvpn\/log4perl.conf') or die \"couldn't init logger: $!\";\r\n\r\nmy $logger = Log::Log4perl->get_logger('tls-verify');\r\n\r\n$logger->debug(\"verifying tls cert for config [$ENV{config}]\");\r\n\r\nmy($network) = ($ENV{config} =~ m:^\/etc\/openvpn\/(.*?).conf$:);\r\n\r\nmy($certificate_depth) = ($ARGV[0] =~ \/^(\\d+)$\/);\r\n\r\nmy($locality,$organization,$org_unit,$common_name) =\r\n  ($ARGV[1] =~ m{\/C=US\/ST=Washington\/L=(.*?)\/O=(.*?)\/(?:OU=(.*?)\/)?CN=(.*)$});\r\n\r\n$logger->debug(\"X509_NAME_oneline: [$ARGV[1]\");\r\n\r\nmy %network_cn =\r\n  (\r\n   vl3  =>  [ 'vl3.colliertech.org',\r\n              'Collier_Technologies_Server_CA',\r\n              'Collier_Technologies_Root_CA',\r\n   ],\r\n   vl12 =>  [ 'vl12.colliertech.org',\r\n              'Collier_Technologies_Server_CA',\r\n              'Collier_Technologies_Root_CA',\r\n   ],\r\n   vl245 => [ 'vl245.colliertech.org',\r\n              'Collier_Technologies_Server_CA',\r\n              'Collier_Technologies_Root_CA',\r\n   ],\r\n  );\r\n\r\nif( exists $network_cn{$network} ){\r\n  exit 0 if $network_cn{$network}->[$certificate_depth] eq $common_name;\r\n  $logger->error(\"common name: [$common_name], network: [$network], depth: [$certificate_depth]\");\r\n}else{\r\n  $logger->error(\"network: [$network]\");\r\n}\r\n\r\nexit 1;\r\n<\/pre>\n\n
Tweet<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"
I didn’t realize that I had two of my machines attached to openvpn from the same l2 segment. It caused a network outage for about 24 hours. Sorry for the downtime folks. I believe that if I turn on stp for all nodes which have two legs in to the same l2, I can avoid […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[60,17,219,79,171,241,242,244,243,240,57,163,50,18,63,226,239],"tags":[],"class_list":["post-1174","post","type-post","status-publish","format-standard","hentry","category-colliertech","category-debian","category-f5","category-free-software","category-hardware","category-ld1","category-ld11","category-ld36","category-ld40","category-legislative-districts","category-network-saturation","category-networking","category-performance","category-perl","category-politics","category-proliant","category-spanning-tree"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1YDIB-iW","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/wp.c9h.org\/cj\/index.php?rest_route=\/wp\/v2\/posts\/1174","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wp.c9h.org\/cj\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wp.c9h.org\/cj\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wp.c9h.org\/cj\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/wp.c9h.org\/cj\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1174"}],"version-history":[{"count":2,"href":"https:\/\/wp.c9h.org\/cj\/index.php?rest_route=\/wp\/v2\/posts\/1174\/revisions"}],"predecessor-version":[{"id":1176,"href":"https:\/\/wp.c9h.org\/cj\/index.php?rest_route=\/wp\/v2\/posts\/1174\/revisions\/1176"}],"wp:attachment":[{"href":"https:\/\/wp.c9h.org\/cj\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1174"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wp.c9h.org\/cj\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1174"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wp.c9h.org\/cj\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1174"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}