[PVE-User] Proxmox VE 7.2 - Problem of understanding 'bridge-disable-mac-learning'

DERUMIER, Alexandre Alexandre.DERUMIER at groupe-cyllene.com
Thu May 5 15:24:31 CEST 2022


mmm,looking at the git, it seem that qemu-server && pve-container patch
es to register mac address in bridge are not applied ...


[pve-devel] [PATCH V2 qemu-server 0/3] add disable bridge learning
feature
	https://lists.proxmox.com/pipermail/pve-devel/2022-March/052210.html
	
[pve-devel] [PATCH V2 pve-container 0/1] add disable bridge learning
feature
		https://lists.proxmox.com/pipermail/pve-devel/2022-March/052206.html




Le mercredi 04 mai 2022 à 15:39 +0200, Stoiko Ivanov a écrit :
> hi,
> 
> 
> On Wed, 4 May 2022 14:10:59 +0200
> Martin Dziobek <dziobek at hlrs.de> wrote:
> 
> > Dear all,
> > 
> > In the Release Notes of 7.2, it says:
> > 
> > "Administrators can now disable MAC learning on a bridge in
> > /etc/network/interfaces with the bridge-disable-mac-learning flag.
> > This reduces the number of packets flooded on all ports (for
> > unknown MAC addresses), preventing issues with certain hosting 
> > providers (for example, Hetzner), which resulted in the Proxmox VE
> > node getting disconnected"
> > 
> > where as in descriptions of how to disable mac bridge learning
> > for example on 
> > https://antiphishing.cetsi.fr/proxy/v3?i=ZUcyY1RmWEJYTXg4endZcf4pHMlLXnVUx16Ppu9iYP8&r=N3ZnQkVkbG1hOHVwcWFJNMLpdiUetyglobBNT6FebFASxxZ1q4z56SmutCfWl0tQ&f=RkdqNzdIQkFjZzVZTkZxbZ21HjwKhyMg-rZGU8E0XD_frmmy_SGxhjX_N0NdVXVt8hYCzR91DADKO1rwT7UlwQ&u=https%3A//www.xmodulo.com/disable-mac-learning-linux-bridge.html&k=YkLs
> > 
> > it says:
> > 
> > "Once MAC learning is turned off, a Linux bridge will flood every
> > incoming packet to the rest of the ports. 
> > Understand this implication before proceeding."
> > 
> > So flooding is reduced *or* increased ...
> > 
> > May someone shed a light on this ?
> I think the commit message of the relevant commit describes the
> situation
> quite well:
> https://antiphishing.cetsi.fr/proxy/v3?i=ZUcyY1RmWEJYTXg4endZcf4pHMlLXnVUx16Ppu9iYP8&r=N3ZnQkVkbG1hOHVwcWFJNMLpdiUetyglobBNT6FebFASxxZ1q4z56SmutCfWl0tQ&f=RkdqNzdIQkFjZzVZTkZxbZ21HjwKhyMg-rZGU8E0XD_frmmy_SGxhjX_N0NdVXVt8hYCzR91DADKO1rwT7UlwQ&u=https%3A//git.proxmox.com/%3Fp%3Dpve-common.git%3Ba%3Dcommit%3Bh%3D354ec8dee37d481ebae49b488349a8e932dce736&k=YkLs
> 
> it disables learning on the individual ports - but at the same time
> also
> the unicast_flood flag is set to false - see `man 8 bridge` - so I'd
> expect the combination of the 2 to work as advertised
> (and will try to rephrase the release note entry a bit too be less
> confusing)
> 
> I hope this helps!
> 
> Best regards,
> stoiko
> 
> 
> _______________________________________________
> pve-user mailing list
> pve-user at lists.proxmox.com
> https://antiphishing.cetsi.fr/proxy/v3?i=ZUcyY1RmWEJYTXg4endZcf4pHMlLXnVUx16Ppu9iYP8&r=N3ZnQkVkbG1hOHVwcWFJNMLpdiUetyglobBNT6FebFASxxZ1q4z56SmutCfWl0tQ&f=RkdqNzdIQkFjZzVZTkZxbZ21HjwKhyMg-rZGU8E0XD_frmmy_SGxhjX_N0NdVXVt8hYCzR91DADKO1rwT7UlwQ&u=https%3A//lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user&k=YkLs
> 



More information about the pve-user mailing list