[pve-devel] [PATCH] support QinQ / vlan stacking
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Tue Mar 3 13:03:46 CET 2015
Am 03.03.2015 um 12:38 schrieb Dietmar Maurer:
>> On March 3, 2015 at 9:48 AM Stefan Priebe - Profihost AG
>> <s.priebe at profihost.ag> wrote:
>>
>>
>> @dietmar
>> I think this is a big problem and i never noticed it. Currently a guest
>> attached to the bridge see all frames. I thought it sees only untagged
>> frames.
>>
>> This means i cannot isolate a guest to only untagged frames. What's your
>> opinion?
>
> The purpose of vlans is to filter tagged frames (not untagged frames) ...
> Maybe you can ask (or write a feature request) on the kernel/network list?
> Maybe OVS supports that?
Sure but a VM attached to a bridge should not see per default tagged
frames. It should only see unttaged frames until we allow to see it
tagged Frames from different VLANs.
Currently you cannot forbid to listen to tagged traffic inside a VM.
This shouldn't be the default.
Stefan
More information about the pve-devel
mailing list