aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorJesper Dangaard Brouer <hawk@comx.dk>2010-01-05 00:50:47 -0500
committerDavid S. Miller <davem@davemloft.net>2010-01-07 03:59:09 -0500
commit65324144b50bc7022cc9b6ca8f4a536a957019e3 (patch)
tree1e910817f6d4f1ecd821bfd8ce493f81fe4aae60 /Documentation
parentca8d9ea30bc79b2965a1d169dcb2f48f02af4d2d (diff)
net: RFC3069, private VLAN proxy arp support
This is to be used together with switch technologies, like RFC3069, that where the individual ports are not allowed to communicate with each other, but they are allowed to talk to the upstream router. As described in RFC 3069, it is possible to allow these hosts to communicate through the upstream router by proxy_arp'ing. This patch basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received). Tunable per device via proc "proxy_arp_pvlan": /proc/sys/net/ipv4/conf/*/proxy_arp_pvlan This switch technology is known by different vendor names: - In RFC 3069 it is called VLAN Aggregation. - Cisco and Allied Telesyn call it Private VLAN. - Hewlett-Packard call it Source-Port filtering or port-isolation. - Ericsson call it MAC-Forced Forwarding (RFC Draft). Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/networking/ip-sysctl.txt19
1 files changed, 19 insertions, 0 deletions
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index 006b39dec87..c532884f4fe 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -692,6 +692,25 @@ proxy_arp - BOOLEAN
692 conf/{all,interface}/proxy_arp is set to TRUE, 692 conf/{all,interface}/proxy_arp is set to TRUE,
693 it will be disabled otherwise 693 it will be disabled otherwise
694 694
695proxy_arp_pvlan - BOOLEAN
696 Private VLAN proxy arp.
697 Basically allow proxy arp replies back to the same interface
698 (from which the ARP request/solicitation was received).
699
700 This is done to support (ethernet) switch features, like RFC
701 3069, where the individual ports are NOT allowed to
702 communicate with each other, but they are allowed to talk to
703 the upstream router. As described in RFC 3069, it is possible
704 to allow these hosts to communicate through the upstream
705 router by proxy_arp'ing. Don't need to be used together with
706 proxy_arp.
707
708 This technology is known by different names:
709 In RFC 3069 it is called VLAN Aggregation.
710 Cisco and Allied Telesyn call it Private VLAN.
711 Hewlett-Packard call it Source-Port filtering or port-isolation.
712 Ericsson call it MAC-Forced Forwarding (RFC Draft).
713
695shared_media - BOOLEAN 714shared_media - BOOLEAN
696 Send(router) or accept(host) RFC1620 shared media redirects. 715 Send(router) or accept(host) RFC1620 shared media redirects.
697 Overrides ip_secure_redirects. 716 Overrides ip_secure_redirects.