netfilter.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: ebtables & VLAN redirect
Date: Wed, 30 Jun 2010 16:21:40 -0500	[thread overview]
Message-ID: <4C2BB564.3010208@riverviewtech.net> (raw)
In-Reply-To: <4C2BB2A1.40406@riverviewtech.net>

On 06/30/10 16:09, Taylor, Grant wrote:
> That would be a show stopper.

... unless ...

> I'm going to give another reply for an even more strange idea (extension 
> of my earlier idea) that might get around your first point above.

I have messed with creating virtual networks in Linux for various 
different reasons.  One of the virtual networks that I was going to 
create (but the problem changed before I needed to do so) was to create 
a pair of devices connected to each other like a cross over cable using 
socat.

With this in mind, you could create a number of pairs of virtual devices 
and use them to connect the bridges together.

eth0.101 <-> br101 <-> ve101a   ve101b <-> br9
eth0.102 <-> br102 <-> ve102a   ve102b <-> br9
eth0.103 <-> br103 <-> ve103a   ve103b <-> br9 <-> eth1.9
...
eth0.199 <-> br199 <-> ve199a   ve199b <-> br9

Thus, there is no nesting and no device is in more than one bridge group.

So traffic coming in eth0.123 would be filtered by ebtables rules for 
br1234 before going in to ve123a.  Traffic would then pass through socat 
and come out ve123b and in to br9 and subsequently out eth1.9.

You might want to brief your self with how Xen does it's networking as 
it uses virtual point to point network pairs like what I'm calling 
ve<bla>a and ve<bla>b.



Grant. . . .

      reply	other threads:[~2010-06-30 21:21 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-06-26 12:43 ebtables & VLAN redirect Anatoly Muliarski
2010-06-26 16:41 ` Grant Taylor
2010-06-27  6:04   ` Anatoly Muliarski
2010-06-28  2:14     ` Grant Taylor
2010-06-28 17:33       ` Anatoly Muliarski
2010-06-28 20:45         ` Grant Taylor
2010-06-29 18:15           ` Anatoly Muliarski
2010-06-29 19:29             ` Grant Taylor
2010-06-29 19:31               ` Grant Taylor
2010-06-30  3:20                 ` /dev/rob0
2010-06-30  3:33                   ` Grant Taylor
2010-06-30 20:54                 ` Anatoly Muliarski
2010-06-30 21:09                   ` Grant Taylor
2010-06-30 21:21                     ` Grant Taylor [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4C2BB564.3010208@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).