> >>rp_filter is essential for security. Why do we > >>need to turn this off? > > For example, I had problem with live migration, and symmetric model , timeout > of 30-60s. > https://github.com/FRRouting/frr/issues/2129
But I think we cannot simply turn off rp_filter, see https://vincent.bernat.im/en/blog/2017-linux-bridge-isolation Maybe we can use vrf (instead of rp_filter) to isolate our bridges?? _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
