X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=pve-network.adoc;h=0c67c62f41e4a59865bb1b8f8e3f9ee4980b73d7;hb=0677f4cc126763440a8b0e2bb4879c7ff3b7e635;hp=ed96d8e916968a05197d02592a746e2cd42441eb;hpb=c15cb60b8c26634c5580fd1618ee176dd81dc22b;p=pve-docs.git diff --git a/pve-network.adoc b/pve-network.adoc index ed96d8e..0c67c62 100644 --- a/pve-network.adoc +++ b/pve-network.adoc @@ -267,7 +267,7 @@ https://commons.wikimedia.org/wiki/File:Netfilter-packet-flow.svg[Netfilter Pack https://lwn.net/Articles/370152/[Patch on netdev-list introducing conntrack zones] -https://blog.lobraun.de/2019/05/19/prox/[Blog post with a good explanation by using TRACE in the raw table] +https://web.archive.org/web/20220610151210/https://blog.lobraun.de/2019/05/19/prox/[Blog post with a good explanation by using TRACE in the raw table] [[sysadmin_network_bond]] @@ -567,6 +567,34 @@ net.ipv6.conf.default.disable_ipv6 = 1 This method is preferred to disabling the loading of the IPv6 module on the https://www.kernel.org/doc/Documentation/networking/ipv6.rst[kernel commandline]. + +Disabling MAC Learning on a Bridge +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +By default, MAC learning is enabled on a bridge to ensure a smooth experience +with virtual guests and their networks. + +But in some environments this can be undesired. Since {pve} 7.3 you can disable +MAC learning on the bridge by setting the `bridge-disable-mac-learning 1` +configuration on a bridge in `/etc/network/interfaces', for example: + +---- +# ... + +auto vmbr0 +iface vmbr0 inet static + address 10.10.10.2/24 + gateway 10.10.10.1 + bridge-ports ens18 + bridge-stp off + bridge-fd 0 + bridge-disable-mac-learning 1 +---- + +Once enabled, {pve} will manually add the configured MAC address from VMs and +Containers to the bridges forwarding database to ensure that guest can still +use the network - but only when they are using their actual MAC address. + //// TODO: explain IPv6 support? TODO: explain OVS