[pve-devel] [PATCH pve-common 0/2] add disable bridge learning feature
Thomas Lamprecht
t.lamprecht at proxmox.com
Thu Nov 11 11:40:34 CET 2021
On 24.09.21 10:48, Alexandre Derumier wrote:
> Currently, if bridge receive an unknown dest mac (network bug/attack/..),
> we are flooding packets to all bridge ports.
>
> This can waste cpu time, even more with firewall enabled.
> Also, if firewall is used with reject action, the src mac of RST
> packet is the original unknown dest mac.
> (This can block the server at Hetzner for example)
>
> So, we can disable learning && unicast_flood on tap|veth|fwln port interface.
> Then mac address need to be add statically in bridge fdb.
I'm a bit out of the loop of the with the whole bad hetzner network thingy, is this still
relevant as I'd see if I can get it in finally..
More information about the pve-devel
mailing list