diff options
author | Jesper Dangaard Brouer <hawk@comx.dk> | 2010-01-05 00:50:47 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-01-07 03:59:09 -0500 |
commit | 65324144b50bc7022cc9b6ca8f4a536a957019e3 (patch) | |
tree | 1e910817f6d4f1ecd821bfd8ce493f81fe4aae60 /Documentation/networking | |
parent | ca8d9ea30bc79b2965a1d169dcb2f48f02af4d2d (diff) |
net: RFC3069, private VLAN proxy arp support
This is to be used together with switch technologies, like RFC3069,
that where the individual ports are not allowed to communicate with
each other, but they are allowed to talk to the upstream router. As
described in RFC 3069, it is possible to allow these hosts to
communicate through the upstream router by proxy_arp'ing.
This patch basically allow proxy arp replies back to the same
interface (from which the ARP request/solicitation was received).
Tunable per device via proc "proxy_arp_pvlan":
/proc/sys/net/ipv4/conf/*/proxy_arp_pvlan
This switch technology is known by different vendor names:
- In RFC 3069 it is called VLAN Aggregation.
- Cisco and Allied Telesyn call it Private VLAN.
- Hewlett-Packard call it Source-Port filtering or port-isolation.
- Ericsson call it MAC-Forced Forwarding (RFC Draft).
Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'Documentation/networking')
-rw-r--r-- | Documentation/networking/ip-sysctl.txt | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt index 006b39dec87d..c532884f4fec 100644 --- a/Documentation/networking/ip-sysctl.txt +++ b/Documentation/networking/ip-sysctl.txt | |||
@@ -692,6 +692,25 @@ proxy_arp - BOOLEAN | |||
692 | conf/{all,interface}/proxy_arp is set to TRUE, | 692 | conf/{all,interface}/proxy_arp is set to TRUE, |
693 | it will be disabled otherwise | 693 | it will be disabled otherwise |
694 | 694 | ||
695 | proxy_arp_pvlan - BOOLEAN | ||
696 | Private VLAN proxy arp. | ||
697 | Basically allow proxy arp replies back to the same interface | ||
698 | (from which the ARP request/solicitation was received). | ||
699 | |||
700 | This is done to support (ethernet) switch features, like RFC | ||
701 | 3069, where the individual ports are NOT allowed to | ||
702 | communicate with each other, but they are allowed to talk to | ||
703 | the upstream router. As described in RFC 3069, it is possible | ||
704 | to allow these hosts to communicate through the upstream | ||
705 | router by proxy_arp'ing. Don't need to be used together with | ||
706 | proxy_arp. | ||
707 | |||
708 | This technology is known by different names: | ||
709 | In RFC 3069 it is called VLAN Aggregation. | ||
710 | Cisco and Allied Telesyn call it Private VLAN. | ||
711 | Hewlett-Packard call it Source-Port filtering or port-isolation. | ||
712 | Ericsson call it MAC-Forced Forwarding (RFC Draft). | ||
713 | |||
695 | shared_media - BOOLEAN | 714 | shared_media - BOOLEAN |
696 | Send(router) or accept(host) RFC1620 shared media redirects. | 715 | Send(router) or accept(host) RFC1620 shared media redirects. |
697 | Overrides ip_secure_redirects. | 716 | Overrides ip_secure_redirects. |