On 06/30/10 16:09, Taylor, Grant wrote:
That would be a show stopper.
... unless ...
I'm going to give another reply for an even more strange idea (extension
of my earlier idea) that might get around your first point above.
I have messed with creating virtual networks in Linux for various
different reasons. One of the virtual networks that I was going to
create (but the problem changed before I needed to do so) was to create
a pair of devices connected to each other like a cross over cable using
socat.
With this in mind, you could create a number of pairs of virtual devices
and use them to connect the bridges together.
eth0.101 <-> br101 <-> ve101a ve101b <-> br9
eth0.102 <-> br102 <-> ve102a ve102b <-> br9
eth0.103 <-> br103 <-> ve103a ve103b <-> br9 <-> eth1.9
...
eth0.199 <-> br199 <-> ve199a ve199b <-> br9
Thus, there is no nesting and no device is in more than one bridge group.
So traffic coming in eth0.123 would be filtered by ebtables rules for
br1234 before going in to ve123a. Traffic would then pass through socat
and come out ve123b and in to br9 and subsequently out eth1.9.
You might want to brief your self with how Xen does it's networking as
it uses virtual point to point network pairs like what I'm calling
ve<bla>a and ve<bla>b.
Grant. . . .
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
