github.com/cilium/cilium@v1.16.2/Documentation/configuration/vlan-802.1q.rst (about)

     1  .. only:: not (epub or latex or html)
     2  
     3      WARNING: You are looking at unreleased Cilium documentation.
     4      Please use the official rendered version released here:
     5      https://docs.cilium.io
     6  
     7  .. _vlan_802.1q:
     8  
     9  *******************
    10  VLAN 802.1q support
    11  *******************
    12  
    13  Cilium enables firewalling on native devices in use and will filter all unknown traffic. VLAN 802.1q packets
    14  will always be passed through their main device with associated tag (e.g. VLAN device is ``eth0.4000`` and its main interface is ``eth0``).
    15  By default, Cilium will allow all tags from the native devices (i.e. if ``eth0.4000`` is controlled by Cilium and has
    16  an eBPF program attached, then VLAN tag ``4000`` will be allowed on device ``eth0``). Additional VLAN tags may be allowed
    17  with the cilium-agent flag ``--vlan-bpf-bypass=4001,4002`` (or Helm variable ``--set bpf.vlanBypass="{4001,4002}"``).
    18  
    19  The list of allowed VLAN tags cannot be too big in order to keep eBPF program of predictable size. Currently this list
    20  should contain no more than 5 entries. If you need more, then there is only one way for now: you need to allow
    21  all tags with cilium-agent flag ``--vlan-bpf-bypass=0``.
    22  
    23  .. note::
    24  
    25      Currently, the cilium-agent will scan for available VLAN devices and tags only on startup.