[pve-devel] [PATCH pve-docs 1/1] add vxlan l3 routing
Alexandre DERUMIER
aderumier at odiso.com
Sun Aug 12 14:03:36 CEST 2018
>>What about other bridges in the system which does not use vxlan at all (firewall
>>bridges)?
mmm, good question. I think you can put it in the vrf or not.
as they don't have any ip address, and it's only layer2, it's not a problem.
Vrf is mandatory on bridge with symetric routing, because they are the router for the bridge,
and they need to have their routing table from the vrf.
----- Mail original -----
De: "dietmar" <dietmar at proxmox.com>
À: "aderumier" <aderumier at odiso.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Dimanche 12 Août 2018 13:53:27
Objet: Re: [pve-devel] [PATCH pve-docs 1/1] add vxlan l3 routing
> On August 12, 2018 at 1:28 PM Alexandre DERUMIER <aderumier at odiso.com> wrote:
>
>
> >>But I think we cannot simply turn off rp_filter, see
> >>
> >>https://vincent.bernat.im/en/blog/2017-linux-bridge-isolation
> >>
> >>Maybe we can use vrf (instead of rp_filter) to isolate our bridges??
>
> with symmetric routing, all bridges are in a vrf.
What about other bridges in the system which does not use vxlan at all (firewall
bridges)?
More information about the pve-devel
mailing list