[pve-devel] [PATCH pve-docs 1/1] add vxlan l3 routing
Dietmar Maurer
dietmar at proxmox.com
Sun Aug 12 07:46:38 CEST 2018
> >>rp_filter is essential for security. Why do we
> >>need to turn this off?
>
> For example, I had problem with live migration, and symmetric model , timeout
> of 30-60s.
> https://github.com/FRRouting/frr/issues/2129
But I think we cannot simply turn off rp_filter, see
https://vincent.bernat.im/en/blog/2017-linux-bridge-isolation
Maybe we can use vrf (instead of rp_filter) to isolate our bridges??
More information about the pve-devel
mailing list