<p dir="ltr">Is 802_1Q required for VLAN traffic? Or do we have a mechanism for adding/removing VLAN tags outside the VMs? Something where inbound traffic has tags removed before forwarding to the VM, and outbound has it added after receipt from the VM, so that the host and the physical network use tagged traffic, but the VMs have it untagged?</p>
<div class="gmail_quote">On Jul 5, 2014 7:37 AM, "Alexandre DERUMIER" <<a href="mailto:aderumier@odiso.com">aderumier@odiso.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
>>What about ICMP? among other things ICMP is used to optimize network<br>
>>traffic and QoS.<br>
<br>
yes, sure ;) icmp and icmpv6 are included in IPV4 and IPV6<br>
<br>
available ebtables protocol are :<br>
<br>
cat /etc/ethertypes<br>
<br>
IPv4 0800 ip ip4 # Internet IP (IPv4)<br>
X25 0805<br>
ARP 0806 ether-arp #<br>
FR_ARP 0808 # Frame Relay ARP [RFC1701]<br>
BPQ 08FF # G8BPQ AX.25 Ethernet Packet<br>
DEC 6000 # DEC Assigned proto<br>
DNA_DL 6001 # DEC DNA Dump/Load<br>
DNA_RC 6002 # DEC DNA Remote Console<br>
DNA_RT 6003 # DEC DNA Routing<br>
LAT 6004 # DEC LAT<br>
DIAG 6005 # DEC Diagnostics<br>
CUST 6006 # DEC Customer use<br>
SCA 6007 # DEC Systems Comms Arch<br>
TEB 6558 # Trans Ether Bridging [RFC1701]<br>
RAW_FR 6559 # Raw Frame Relay [RFC1701]<br>
AARP 80F3 # Appletalk AARP<br>
ATALK 809B # Appletalk<br>
802_1Q 8100 8021q 1q 802.1q dot1q # 802.1Q Virtual LAN tagged frame<br>
IPX 8137 # Novell IPX<br>
NetBEUI 8191 # NetBEUI<br>
IPv6 86DD ip6 # IP version 6<br>
PPP 880B # PPP<br>
ATMMPOA 884C # MultiProtocol over ATM<br>
PPP_DISC 8863 # PPPoE discovery messages<br>
PPP_SES 8864 # PPPoE session messages<br>
ATMFATE 8884 # Frame-based ATM Transport over Ethernet<br>
LOOP 9000 loopback # loop proto<br>
<br>
<br>
----- Mail original -----<br>
<br>
De: "Michael Rasmussen" <<a href="mailto:mir@datanom.net">mir@datanom.net</a>><br>
À: <a href="mailto:pve-devel@pve.proxmox.com">pve-devel@pve.proxmox.com</a><br>
Envoyé: Samedi 5 Juillet 2014 14:52:04<br>
Objet: Re: [pve-devel] firewall : cluster.fw [rules] section ?<br>
<br>
On Sat, 05 Jul 2014 14:18:01 +0200 (CEST)<br>
Alexandre DERUMIER <<a href="mailto:aderumier@odiso.com">aderumier@odiso.com</a>> wrote:<br>
<br>
> >>Maybe simply:<br>
> >><br>
> >>protocols: ARP, IPV4, IPV6<br>
><br>
> No objection for me.<br>
><br>
> @Stefan, do you think we need other protocols inside a vm ?<br>
><br>
What about ICMP? among other things ICMP is used to optimize network<br>
traffic and QoS.<br>
<br>
--<br>
Hilsen/Regards<br>
Michael Rasmussen<br>
<br>
Get my public GnuPG keys:<br>
michael <at> rasmussen <dot> cc<br>
<a href="http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E" target="_blank">http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E</a><br>
mir <at> datanom <dot> net<br>
<a href="http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C" target="_blank">http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C</a><br>
mir <at> miras <dot> org<br>
<a href="http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917" target="_blank">http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917</a><br>
--------------------------------------------------------------<br>
/usr/games/fortune -es says:<br>
Q: What's the difference between USL and the Titanic?<br>
A: The Titanic had a band.<br>
<br>
_______________________________________________<br>
pve-devel mailing list<br>
<a href="mailto:pve-devel@pve.proxmox.com">pve-devel@pve.proxmox.com</a><br>
<a href="http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel" target="_blank">http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel</a><br>
_______________________________________________<br>
pve-devel mailing list<br>
<a href="mailto:pve-devel@pve.proxmox.com">pve-devel@pve.proxmox.com</a><br>
<a href="http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel" target="_blank">http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel</a><br>
</blockquote></div>