Bridging 4095

senseivita

I'm attempting to bridge all vlans — VLAN4095 in vSphere — in a VM with passedthrough NICs to isolated virtual switches and at some point other VMs.

I created (assigned) the interfaces, the virtual interfaces, the bridges… ✓ (check), ✓, ✓… and then [panic] I realized I don't know what's next.

Am I supposed to create firewall rules? There's aren't any targeting L2, only sort-of-L2 (i.e; non-routable IP/multicast) but there's nothing like, "PPPoE" or "LCP" or "I-don't-even-know-what-else-is-at-L2-..P" and none of the interfaces have IP addresses to begin with, only the management interface has bc it's supposed to be a pure L2 bridge, AKA a MAC bridge, if I'm not too far off, carrying all VLANs/data as it comes from the NICs to the vNICs and viceversa.

And I was only getting warmed up, crazy doesn't end there. Thinking about the VLANs, then made me think: what if I added (assign) a VLAN stemming from one of slave interfaces of the bridge? Would it disturb the bridge('s traffic) or would it be like accessing that VLAN from anywhere else in the network? If firewall rules are needed; are they needed on the bridge subordinates/children/slaves or on the bridge itself? (because..) What if the bridge isn't assigned? And speaking of tunables, though I really didn't… What does net.link.bridge.pfil_onlyip do in scenario X, Y and Z? And what about net.link.vlan.mtag_pcp? Do I need to bridge per VLAN?

Could you explain it a little please, just big picture. Preferably before the men from the voices come get me—just kidding.

It would really clear things out, thanks!

JKnott

@senseivita

You're not supposed to use 4095. It's reserved.