<div dir="ltr">Alexandre,<div><br></div><div>Am I right in thinking that for 4x bridges each with a different SVID (101,102,103,104) that the config would look like this ?</div><div><br></div><div><div>auto vmbrcustomer1</div><div>iface vmbrcustomer1 inet manual</div><div> bridge_vlan_aware yes</div><div> bridge_ports customer1lp</div><div> bridge_stp off</div><div> bridge_fd 0 </div><div> pre-up ip link add dev customer1l type veth peer name customer1lp</div><div> post-up ip link set customer1l up</div><div><br></div><div>auto vmbrcustomer2</div><div>iface vmbrcustomer2 inet manual</div><div> bridge_vlan_aware yes</div><div> bridge_ports customer2lp</div><div> bridge_stp off</div><div> bridge_fd 0</div><div> pre-up ip link add dev customer2l type veth peer name customer2lp</div><div> post-up ip link set customer2l up</div><div><br></div><div>auto vmbrcustomer3</div><div>iface vmbrcustomer3 inet manual</div><div> bridge_vlan_aware yes</div><div> bridge_ports customer3lp</div><div> bridge_stp off</div><div> bridge_fd 0</div><div> pre-up ip link add dev customer3l type veth peer name customer3lp</div><div> post-up ip link set customer3l up</div><div><br></div><div>auto vmbrcustomer4</div><div>iface vmbrcustomer4 inet manual</div><div> bridge_vlan_aware yes</div><div> bridge_ports customer4lp</div><div> bridge_stp off</div><div> bridge_fd 0</div><div> pre-up ip link add dev customer4l type veth peer name customer4lp</div><div> post-up ip link set customer4l up</div><div><br></div><div>auto vmbr0</div><div>iface vmbr0 inet manual</div><div> bridge_vlan_aware yes</div><div> bridge_ports eth0 customer1l customer2l customer3l customer4l</div><div> bridge_stp off</div><div> bridge_fd 0</div><div> post-up echo 0x88a8 > /sys/class/net/vmbr0/bridge/vlan_protocol</div><div> post-up bridge vlan add dev customer1l vid 101 pvid untagged</div><div> post-up bridge vlan add dev customer2l vid 102 pvid untagged</div><div> post-up bridge vlan add dev customer3l vid 103 pvid untagged</div><div> post-up bridge vlan add dev customer4l vid 104 pvid untagged</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 5, 2015 at 11:54 AM, Andrew Thrift <span dir="ltr"><<a href="mailto:andrew@networklabs.co.nz" target="_blank">andrew@networklabs.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Alexandre,<div><br></div><div>This looks like it should work.<div><br><div>Something to be aware of, QinQ does not always have an outer tag with ethertype 0x88a8, it can also have a tag of 0x8100 or 0x9100 depending on the implementation.</div><div><br></div><div>For example:</div><div><br></div><div>0x88a8--0x8100 Outer-tag (SVID) of 0x88a8, Inner-tag (CVID) of 0x8100</div><div>0x8100--0x8100 Outer-tag (SVID) of 0x8100, Inner-tag (CVID) of 0x8100</div><div>0x9100--0x8100 Outer-tag (SVID) of 0x9100, Inner-tag (CVID) of 0x8100</div><div><br></div></div></div><div>We typically use "stacked" tags of 0x8100 so both the outer and inner tag are 0x8100, this seems to be the most compatible method and is supported by all vendors that I am aware of.</div><div><br></div><div><br></div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 5, 2015 at 12:25 AM, Alexandre DERUMIER <span dir="ltr"><<a href="mailto:aderumier@odiso.com" target="_blank">aderumier@odiso.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">This seem to work.<br>
(I'm not sure about tcpdump result when vlan are stacked)<br>
<span><br>
<br>
auto vmbrcustomer1<br>
iface vmbrcustomer1 inet manual<br>
bridge_vlan_aware yes<br>
</span> bridge_ports customer1lp<br>
bridge_stp off<br>
bridge_fd 0<br>
pre-up ip link add dev customer1l type veth peer name customer1lp<br>
post-up ip link set customer1l up<br>
<br>
<br>
auto vmbr0<br>
iface vmbr0 inet manual<br>
bridge_vlan_aware yes<br>
bridge_ports eth0 customer1l<br>
bridge_stp off<br>
bridge_fd 0<br>
post-up echo 0x88a8 > /sys/class/net/vmbr0/bridge/vlan_protocol<br>
post-up bridge vlan add dev customer1l vid 10 pvid untagged<br>
<span><br>
<br>
----- Mail original -----<br>
De: "aderumier" <<a href="mailto:aderumier@odiso.com" target="_blank">aderumier@odiso.com</a>><br>
À: "Andrew Thrift" <<a href="mailto:andrew@networklabs.co.nz" target="_blank">andrew@networklabs.co.nz</a>><br>
Cc: "pve-devel" <<a href="mailto:pve-devel@pve.proxmox.com" target="_blank">pve-devel@pve.proxmox.com</a>><br>
</span>Envoyé: Mardi 4 Août 2015 14:02:46<br>
<div><div>Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge<br>
<br>
Another way,<br>
<br>
but I'm not sure it's working, is to tag 802.1ad on the physical interface<br>
<br>
<br>
<br>
<br>
eth0.10---->vmbrcustomer<--(vlanX)------tapX<br>
<br>
<br>
<br>
auto vmbrcustomer1<br>
iface vmbrcustomer1 inet manual<br>
bridge_vlan_aware yes<br>
bridge_ports eth0.10<br>
bridge_stp off<br>
bridge_fd 0<br>
pre-up ip link add link eth0 eth0.10 type vlan proto 802.1ad id 10<br>
<br>
<br>
<br>
<br>
----- Mail original -----<br>
De: "aderumier" <<a href="mailto:aderumier@odiso.com" target="_blank">aderumier@odiso.com</a>><br>
À: "Andrew Thrift" <<a href="mailto:andrew@networklabs.co.nz" target="_blank">andrew@networklabs.co.nz</a>><br>
Cc: "pve-devel" <<a href="mailto:pve-devel@pve.proxmox.com" target="_blank">pve-devel@pve.proxmox.com</a>><br>
Envoyé: Mardi 4 Août 2015 12:22:47<br>
Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge<br>
<br>
>>Hi Alexandre,<br>
Hi,<br>
<br>
>>We also use QinQ and have submitted patches for the previous network implementation that made use of a "bridge in bridge" design to achieve the QinQ functionality.<br>
<br>
They are also a new way to implement q-in-q with vlan aware bridge<br>
<br>
<a href="http://www.spinics.net/lists/linux-ethernet-bridging/msg05514.html" rel="noreferrer" target="_blank">http://www.spinics.net/lists/linux-ethernet-bridging/msg05514.html</a><br>
<br>
+----+ +-------+p/u +------+ +----+ +--+<br>
|eth0|--|802.1ad|----veth----|802.1Q|--|vnet|--|VM|<br>
+----+ |bridge | |bridge| +----+ +--+<br>
+-------+ +------+<br>
<br>
p/u: pvid/untagged<br>
<br>
<br>
<br>
Currently we have implemented 802.1Q bridge.<br>
<br>
for qinq, we need to create a root bridge, with 802.1ad enabled, linked through a veth pair to 802.1Q bridge.<br>
<br>
<br>
The qinq bridge is managed exactly in the same way than 802.1ad, but it's enabled with<br>
echo 0x88a8 > /sys/class/net/XXX/bridge/vlan_protocol<br>
<br>
for example<br>
------------<br>
eth0----vmbr0--(vlan10)<---brigelink-------bridgelinkpeer---->vmbrcustomer<--(vlanX)------tapX<br>
<br>
<br>
brctl addbr vmbr0<br>
echo 0x88a8 > /sys/class/net/vmbr0/bridge/vlan_protocol<br>
ip link add dev bridgelink type veth peer name bridgelinkpeer<br>
brctl addif vmbr0 bridgelink<br>
brctl addif vmbrcustomer1 bridgelinkpeer<br>
bridge vlan add dev bridgelink vid 10 pvid untagged<br>
<br>
<br>
something like that<br>
<br>
<br>
I can try to make a patch, but I don't have hardware which support q-in-q for testing.<br>
<br>
<br>
<br>
<br>
----- Mail original -----<br>
De: "Andrew Thrift" <<a href="mailto:andrew@networklabs.co.nz" target="_blank">andrew@networklabs.co.nz</a>><br>
À: "aderumier" <<a href="mailto:aderumier@odiso.com" target="_blank">aderumier@odiso.com</a>><br>
Cc: "pve-devel" <<a href="mailto:pve-devel@pve.proxmox.com" target="_blank">pve-devel@pve.proxmox.com</a>><br>
Envoyé: Mardi 4 Août 2015 10:49:26<br>
Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge<br>
<br>
Hi Alexandre,<br>
We also use QinQ and have submitted patches for the previous network implementation that made use of a "bridge in bridge" design to achieve the QinQ functionality.<br>
<br>
The new vlan aware bridge implementation will be a lot cleaner.<br>
<br>
When your patches are ready we will test them and provide feedback.<br>
<br>
<br>
Thanks,<br>
<br>
<br>
<br>
Andrew<br>
<br>
On Tue, Jul 28, 2015 at 2:09 AM, Alexandre DERUMIER < <a href="mailto:aderumier@odiso.com" target="_blank">aderumier@odiso.com</a> > wrote:<br>
<br>
<br>
does somebody have tested my vlan bridges patches ? (note that that need iproute2 from debian sid, for vlan ranges)<br>
<br>
It's working really fine here, I'm looking to add a patch for Q-in-Q bridge too. (I think Stefan Priebe use them)<br>
<br>
<br>
<br>
<br>
<br>
----- Mail original -----<br>
De: "aderumier" < <a href="mailto:aderumier@odiso.com" target="_blank">aderumier@odiso.com</a> ><br>
À: "Wolfgang Bumiller" < <a href="mailto:w.bumiller@proxmox.com" target="_blank">w.bumiller@proxmox.com</a> ><br>
Cc: "pve-devel" < <a href="mailto:pve-devel@pve.proxmox.com" target="_blank">pve-devel@pve.proxmox.com</a> ><br>
Envoyé: Vendredi 24 Juillet 2015 18:49:18<br>
Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge<br>
<br>
>>Why is `bridge_add_interface` now restricted to the firewall-else<br>
>>branch?<br>
<br>
I manage it like openvswitch,<br>
<br>
vlan tagging is always done on the main bridge, not firewall bridge.<br>
<br>
<br>
> + if ($firewall) {<br>
> + &$create_firewall_bridge_linux($iface, $bridge, $tag);<br>
<br>
create_firewall_bridge_linux($iface, $bridge, $tag)<br>
have<br>
<br>
- &$bridge_add_interface($bridge, $vethfwpeer);<br>
+ &$bridge_add_interface($bridge, $vethfwpeer, $tag); #tag on the main bridge<br>
- return $fwbr;<br>
+ &$bridge_add_interface($fwbr, $iface); # add vm tap interface on fwbridge without vlan tag<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
----- Mail original -----<br>
De: "Wolfgang Bumiller" < <a href="mailto:w.bumiller@proxmox.com" target="_blank">w.bumiller@proxmox.com</a> ><br>
À: "aderumier" < <a href="mailto:aderumier@odiso.com" target="_blank">aderumier@odiso.com</a> ><br>
Cc: "pve-devel" < <a href="mailto:pve-devel@pve.proxmox.com" target="_blank">pve-devel@pve.proxmox.com</a> ><br>
Envoyé: Vendredi 24 Juillet 2015 15:20:06<br>
Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge<br>
<br>
On Fri, Jul 24, 2015 at 01:52:59PM +0200, Alexandre Derumier wrote:<br>
> - $newbridge = &$create_firewall_bridge_linux($iface, $newbridge) if $firewall;<br>
> + if (!$vlan_aware) {<br>
> + my $newbridge = activate_bridge_vlan($bridge, $tag);<br>
> + copy_bridge_config($bridge, $newbridge) if $bridge ne $newbridge;<br>
> + $tag = undef;<br>
> + }<br>
> +<br>
> + if ($firewall) {<br>
> + &$create_firewall_bridge_linux($iface, $bridge, $tag);<br>
> + } else {<br>
> + &$bridge_add_interface($bridge, $iface, $tag);<br>
> + }<br>
><br>
> - &$bridge_add_interface($newbridge, $iface);<br>
<br>
<br>
Why is `bridge_add_interface` now restricted to the firewall-else<br>
branch?<br>
_______________________________________________<br>
pve-devel mailing list<br>
<a href="mailto:pve-devel@pve.proxmox.com" target="_blank">pve-devel@pve.proxmox.com</a><br>
<a href="http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel" rel="noreferrer" target="_blank">http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel</a><br>
<br>
_______________________________________________<br>
pve-devel mailing list<br>
<a href="mailto:pve-devel@pve.proxmox.com" target="_blank">pve-devel@pve.proxmox.com</a><br>
<a href="http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel" rel="noreferrer" target="_blank">http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel</a><br>
<br>
<br>
<br>
_______________________________________________<br>
pve-devel mailing list<br>
<a href="mailto:pve-devel@pve.proxmox.com" target="_blank">pve-devel@pve.proxmox.com</a><br>
<a href="http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel" rel="noreferrer" target="_blank">http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel</a><br>
_______________________________________________<br>
pve-devel mailing list<br>
<a href="mailto:pve-devel@pve.proxmox.com" target="_blank">pve-devel@pve.proxmox.com</a><br>
<a href="http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel" rel="noreferrer" target="_blank">http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel</a><br>
<br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>