Re: [pve-devel] linux bridge new features presentation

2015-07-26 Thread Dietmar Maurer
I have found a very good presentation of new linux bridge features https://www.netdev01.org/docs/netdev_tutorial_bridge_makita_150213.pdf including vlan filtering, qinq, mac address filtering (Learning / flooding control),... Thanks, interesting read. So we should disable

Re: [pve-devel] linux bridge new features presentation

2015-07-26 Thread Dietmar Maurer
Thanks, interesting read. So we should disable learning/flooding on tap devices? I think this could replace mac filtering from pve-firewall. (better than iptables, and no need to implement ebtables?) I haved tested it, seem to works fine. great!

[pve-devel] linux bridge new features presentation

2015-07-26 Thread Alexandre DERUMIER
Hi, I have found a very good presentation of new linux bridge features https://www.netdev01.org/docs/netdev_tutorial_bridge_makita_150213.pdf including vlan filtering, qinq, mac address filtering (Learning / flooding control),... ___ pve-devel

Re: [pve-devel] linux bridge new features presentation

2015-07-26 Thread Alexandre DERUMIER
Thanks, interesting read. So we should disable learning/flooding on tap devices? I think this could replace mac filtering from pve-firewall. (better than iptables, and no need to implement ebtables?) I haved tested it, seem to works fine. - Mail original - De: dietmar

Re: [pve-devel] linux bridge new features presentation

2015-07-26 Thread Michael Rasmussen
On Sun, 26 Jul 2015 12:02:01 +0200 (CEST) Alexandre DERUMIER aderum...@odiso.com wrote: Hi, I have found a very good presentation of new linux bridge features https://www.netdev01.org/docs/netdev_tutorial_bridge_makita_150213.pdf including vlan filtering, qinq, mac address filtering

Re: [pve-devel] linux bridge new features presentation

2015-07-26 Thread Alexandre DERUMIER
Interesting. But its not much code, so I wonder why this is faster than ipt or nft? ? It's a iptables netflow module. (not openflow, if it's what you have in mind). I just need something to export netflow from linux bridge (to analyse traffic between vm) - Mail original - De: dietmar

Re: [pve-devel] linux bridge new features presentation

2015-07-26 Thread Dietmar Maurer
BTW, ovs have netflow support. I'm looking for something similar for linux bridge. I found this: http://sourceforge.net/projects/ipt-netflow/ Interesting. But its not much code, so I wonder why this is faster than ipt or nft? ___ pve-devel

Re: [pve-devel] linux bridge new features presentation

2015-07-26 Thread Dietmar Maurer
? It's a iptables netflow module. (not openflow, if it's what you have in mind). Oh, got it (openflow != netflow). Sorry for the confusion. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] linux bridge new features presentation

2015-07-26 Thread Alexandre DERUMIER
(better than iptables, and no need to implement ebtables?) We just need a solution for OVS then (openflow?) I need to look for ovs. BTW, ovs have netflow support. I'm looking for something similar for linux bridge. I found this: http://sourceforge.net/projects/ipt-netflow/ - Mail