>>What about other bridges in the system which does not use vxlan at all >>(firewall >>bridges)?
mmm, good question. I think you can put it in the vrf or not. as they don't have any ip address, and it's only layer2, it's not a problem. Vrf is mandatory on bridge with symetric routing, because they are the router for the bridge, and they need to have their routing table from the vrf. ----- Mail original ----- De: "dietmar" <diet...@proxmox.com> À: "aderumier" <aderum...@odiso.com> Cc: "pve-devel" <pve-devel@pve.proxmox.com> Envoyé: Dimanche 12 Août 2018 13:53:27 Objet: Re: [pve-devel] [PATCH pve-docs 1/1] add vxlan l3 routing > On August 12, 2018 at 1:28 PM Alexandre DERUMIER <aderum...@odiso.com> wrote: > > > >>But I think we cannot simply turn off rp_filter, see > >> > >>https://vincent.bernat.im/en/blog/2017-linux-bridge-isolation > >> > >>Maybe we can use vrf (instead of rp_filter) to isolate our bridges?? > > with symmetric routing, all bridges are in a vrf. What about other bridges in the system which does not use vxlan at all (firewall bridges)? _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
