On Fri, Jan 10, 2014 at 10:39:20AM -0200, Juan Pablo Lorier wrote:
Hi Dan,
I take the chance to ask; why is that the untagged IF can see the
traffic of the tagged vlans? Isn't that filtered at kernel level? Is
this a virtualization design limitation or is it down to the kernel?
I don't know how the kernel processes the packages, but I thought that
packages that arrives to the nic are filtered by the kernel and sent to
the respective vif (untagged to the "master" interface and tagged to the
.XX interfaces). I ask because other virtualization platforms don't have
this limitation and I wonder if it's because they "don't care" of
because they solved this somehow.
I do not know how this is implemented elsewhere, but to the best of my
knowledge, the "master" interface sees tagged packets, too (which is the
basis of Alan's use case: he wants the trunk VM to see all traffic).
BTW, Alan, for this to actually work, you need to enable macspoofing on the
relevant nic. Yet another step on the hack I've outlined earlier.
Dan.