[pve-devel] new idea for vlan (with example)
Alexandre DERUMIER
aderumier at odiso.com
Thu Mar 15 09:09:05 CET 2012
>> Sorry, but that does not provide any isolations? All VM see traffic from all VLANs?
I don't understand ?
Each vm (tapXXX.. interface, maybe my schema was not clear) see traffic on his bridge, but no other bridge.
eth0.2 ---- vmbr0v2 --- tap1i0
--- tap2i0
eth0.3 ---- vmbr0v3 --- tap3i0
--- tap4i0
eth0.3 ---- vmbr1v3 --- tap5i0
so
tap1i0 can ping tap2i0
tap3i0 can ping tap4i0
tap3i0 can't ping tap5i0 (same vlan but different bridge)
bridges doesn't pass traffic across them because of
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-filter-vlan-tagged = 0
so we have isolation inside bridge
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Jeudi 15 Mars 2012 08:54:13
Objet: RE: new idea for vlan (with example)
Sorry, but that does not provide any isolations? All VM see traffic from all VLANs?
- Dietmar
> -----Original Message-----
> From: Alexandre DERUMIER [mailto:aderumier at odiso.com]
> Sent: Donnerstag, 15. März 2012 08:43
> To: Dietmar Maurer
> Cc: pve-devel at pve.proxmox.com
> Subject: new idea for vlan (with example)
>
> Hi Dietmar,
> I have think yesterday about an easy implementation which doesn't break
> current network config and pve-manager.
>
> I think this can work with kvm and openvz.
--
--
Alexandre D erumier
Ingénieur Système
Fixe : 03 20 68 88 90
Fax : 03 20 68 90 81
45 Bvd du Général Leclerc 59100 Roubaix - France
12 rue Marivaux 75002 Paris - France
More information about the pve-devel
mailing list