Re: [pve-devel] linux bridge new features presentation
about linux bridge vs ovs performance, I have found an good presentation from redhat. https://www.youtube.com/watch?v=MbBX_J5zR4w to resume, linux bridge is a little bit faster than ovs. But with coming ovs dpdk support, performance will be 5x faster for small packets an single flow. (But will not be easy to implement, need hugepages, vhost-user,... http://dpdk.org/doc/guides/sample_app_ug/vhost.html) - Mail original - De: dietmar diet...@proxmox.com À: aderumier aderum...@odiso.com Cc: pve-devel pve-devel@pve.proxmox.com Envoyé: Lundi 27 Juillet 2015 07:28:55 Objet: Re: [pve-devel] linux bridge new features presentation ? It's a iptables netflow module. (not openflow, if it's what you have in mind). Oh, got it (openflow != netflow). Sorry for the confusion. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] linux bridge new features presentation
I have found a very good presentation of new linux bridge features https://www.netdev01.org/docs/netdev_tutorial_bridge_makita_150213.pdf including vlan filtering, qinq, mac address filtering (Learning / flooding control),... Thanks, interesting read. So we should disable learning/flooding on tap devices? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] linux bridge new features presentation
Thanks, interesting read. So we should disable learning/flooding on tap devices? I think this could replace mac filtering from pve-firewall. (better than iptables, and no need to implement ebtables?) I haved tested it, seem to works fine. great! ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] linux bridge new features presentation
Hi, I have found a very good presentation of new linux bridge features https://www.netdev01.org/docs/netdev_tutorial_bridge_makita_150213.pdf including vlan filtering, qinq, mac address filtering (Learning / flooding control),... ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] linux bridge new features presentation
Thanks, interesting read. So we should disable learning/flooding on tap devices? I think this could replace mac filtering from pve-firewall. (better than iptables, and no need to implement ebtables?) I haved tested it, seem to works fine. - Mail original - De: dietmar diet...@proxmox.com À: aderumier aderum...@odiso.com, pve-devel pve-devel@pve.proxmox.com Envoyé: Dimanche 26 Juillet 2015 12:28:08 Objet: Re: [pve-devel] linux bridge new features presentation I have found a very good presentation of new linux bridge features https://www.netdev01.org/docs/netdev_tutorial_bridge_makita_150213.pdf including vlan filtering, qinq, mac address filtering (Learning / flooding control),... Thanks, interesting read. So we should disable learning/flooding on tap devices? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] linux bridge new features presentation
On Sun, 26 Jul 2015 12:02:01 +0200 (CEST) Alexandre DERUMIER aderum...@odiso.com wrote: Hi, I have found a very good presentation of new linux bridge features https://www.netdev01.org/docs/netdev_tutorial_bridge_makita_150213.pdf including vlan filtering, qinq, mac address filtering (Learning / flooding control),... Nice presentation. Seems to me that linux bridge (since kernel 3.19) is leveling the feature set with open vswitch. The biggest problem for me with linux bridge has always been the fact that you need a separate bridge for each vlan which makes configuration overcomplicated and messy. -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- /usr/games/fortune -es says: There are many intelligent species in the universe, and they all own cats. pgp3tP6DlA7lB.pgp Description: OpenPGP digital signature ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] linux bridge new features presentation
Interesting. But its not much code, so I wonder why this is faster than ipt or nft? ? It's a iptables netflow module. (not openflow, if it's what you have in mind). I just need something to export netflow from linux bridge (to analyse traffic between vm) - Mail original - De: dietmar diet...@proxmox.com À: aderumier aderum...@odiso.com Cc: pve-devel pve-devel@pve.proxmox.com Envoyé: Lundi 27 Juillet 2015 07:01:27 Objet: Re: [pve-devel] linux bridge new features presentation BTW, ovs have netflow support. I'm looking for something similar for linux bridge. I found this: http://sourceforge.net/projects/ipt-netflow/ Interesting. But its not much code, so I wonder why this is faster than ipt or nft? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] linux bridge new features presentation
BTW, ovs have netflow support. I'm looking for something similar for linux bridge. I found this: http://sourceforge.net/projects/ipt-netflow/ Interesting. But its not much code, so I wonder why this is faster than ipt or nft? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] linux bridge new features presentation
? It's a iptables netflow module. (not openflow, if it's what you have in mind). Oh, got it (openflow != netflow). Sorry for the confusion. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] linux bridge new features presentation
(better than iptables, and no need to implement ebtables?) We just need a solution for OVS then (openflow?) I need to look for ovs. BTW, ovs have netflow support. I'm looking for something similar for linux bridge. I found this: http://sourceforge.net/projects/ipt-netflow/ - Mail original - De: dietmar diet...@proxmox.com À: aderumier aderum...@odiso.com Cc: pve-devel pve-devel@pve.proxmox.com Envoyé: Dimanche 26 Juillet 2015 15:48:29 Objet: Re: [pve-devel] linux bridge new features presentation (better than iptables, and no need to implement ebtables?) We just need a solution for OVS then (openflow?) ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
