From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: ebtables & VLAN redirect
Date: Sat, 26 Jun 2010 11:41:06 -0500 [thread overview]
Message-ID: <4C262DA2.1040103@riverviewtech.net> (raw)
In-Reply-To: <AANLkTilVkFmW0SL3t6ESUN72On5y52OvxYBUz2ZZdAWc@mail.gmail.com>
Anatoly Muliarski wrote:
> I have a lot of VLANs( eth1.100-eth1.200) and I need to redirect
> specific IP frames arrived on them to VLAN eth1.9 on L2 level( as I
> cannot use routing for them ). The simple way is to create a bridge
> from all VLANs and filter out redirections to
> unwanted(eth1.100-eth1.200) VLANs.
That will work.
Do you need to do so for all your VLANs, or just some of them?
> But this may cause preformance issues. Is there a finer solution?
Could you get proxy ARP to work?
In other words, why selectively extend your broadcast domains in to the
other when you might be able to extend individual systems in to multiple
broadcast domains (in a manner of speaking).
If you aren't modifying frames as they pass through your bridge, and the
only real thing that takes time to look through is your EBTables rules,
I don't think you will have a problem. - I've run multiple older
slower systems (P-II 233) doing similar things (and bi-directional
NATing of source and destination MAC addresses) for a multi-megabit DSL
connection with out any problems. - If you are worried about speed,
pick up a current low end workstation computer with with a decent
network card.
I'd say try it and see if the problem you are thinking about will even
have any impact on the equipment you are using.
Depending on the amount of traffic you are working with, I'd suggest
gigabit connections to the switch. If it's really a lot of traffic,
multiple connections to segregate the traffic.
Grant. . . .
next prev parent reply other threads:[~2010-06-26 16:41 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-26 12:43 ebtables & VLAN redirect Anatoly Muliarski
2010-06-26 16:41 ` Grant Taylor [this message]
2010-06-27 6:04 ` Anatoly Muliarski
2010-06-28 2:14 ` Grant Taylor
2010-06-28 17:33 ` Anatoly Muliarski
2010-06-28 20:45 ` Grant Taylor
2010-06-29 18:15 ` Anatoly Muliarski
2010-06-29 19:29 ` Grant Taylor
2010-06-29 19:31 ` Grant Taylor
2010-06-30 3:20 ` /dev/rob0
2010-06-30 3:33 ` Grant Taylor
2010-06-30 20:54 ` Anatoly Muliarski
2010-06-30 21:09 ` Grant Taylor
2010-06-30 21:21 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C262DA2.1040103@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).