Versions Compared

Old Version 80

changes.mady.by.user Edgars P.

Saved on

compared with

New Version 81

changes.mady.by.user Edgars P.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • routing decision - go through routes in the routing table to find a match for the destination IP address of the packet. When a match is found - the packet will be processed further, in case of no match - the packet will be discarded.;
  • mpls decision - what to do with the packet based on MPLS forwarding tables;
  • bridging decision - bridge goes through the MAC address table to find a match for the destination MAC address of the packet. When a match is found - the packet will be processed further, in case of no match - multiple copies of the packet will be created and packets will be flooded (sent out via all bridge ports). A single packet copy will also reach a bridge input chain as the bridge interface itself is one of the many destinations. When using vlan-filtering=yes, packets that are not allowed due to the "/interface bridge vlan" table, will be dropped at this stage.
  • use-ip-firewall - whether a 'use-ip-firewall' option is enabled in bridge settings;
  • ipsec-policy - whether a packet matches any of configured IPsec policies;

...

Section


Column
width49%
  1. A packet goes through the bridge NAT dst-nat chain, where MAC destination and priority can be changed, apart from that, a packet can be simply accepted, dropped, or marked;
  2. Checks whether the use-ip-firewall option is enabled in the bridge settings;
  3. Run packet through the bridge host table to make a forwarding decision. A packet that ends up being flooded (e.g. broadcast, multicast, unknown unicast traffic), gets multiplied per bridge port and then processed further in the bridge forward chain. When using vlan-filtering=yes, packets that are not allowed due to the "/interface bridge vlan" table, will be dropped at this stage.
  4. A packet goes through the bridge filter forward chain, where priority can be changed or packet can be simply accepted, dropped, or marked;
  5. Checks whether the use-ip-firewall option is enabled in the bridge settings;
  6. A packet goes through the bridge NAT src-nat chain, where MAC source and priority can be changed, apart from that, a packet can be simply accepted, dropped, or marked;
  7. Checks whether the use-ip-firewall option is enabled in the bridge settings;


Column
width49%



...