I am attempting to follow this advice to speed up traffic destinated to the bridge itself. My situation seems to check all the boxes: server also talks to other hosts, bridge ports don't have IP addresses, routing table is correct, etc. However, when I apply the rule, the box becomes unreachable from the network. I have to flush the table to get back in.
The only bridge port is a bond device, which may be complicating the issue. Distro is Ubuntu Server 18.04.1 LTS. Here's my netplan:
---
network:
version: 2
renderer: networkd
ethernets:
trunkports:
match: { name: "eno[1234]" }
bonds:
bond0:
interfaces: [trunkports]
parameters:
mode: 802.3ad
transmit-hash-policy: layer3+4
mii-monitor-interval: 100
lacp-rate: fast
vlans:
bond252:
link: bond0
id: 252
bridges:
br0:
interfaces: [bond0]
parameters:
forward-delay: 0
stp: false
addresses:
- 10.1.10.2/24
- 10.1.10.10/24
gateway4: 10.1.10.1
br252:
interfaces: [bond252]
parameters:
forward-delay: 0
stp: false
addresses:
- 192.168.252.2/24
EDIT: I suspect that the "noqueue" queuing discipline that's set by default on all virtual (i.e. bond and bridge) devices means that this performance tweak is no longer strictly necessary, but I would like confirmation on this point.
EDIT 2: Here's the ebtables command I'm issuing:
/sbin/ebtables -t broute -A BROUTING -d $(< /sys/class/net/br0/address) -p ipv4 -j redirect --redirect-target DROP
