[pve-devel] disabling iptables on bridge by default (like rhel6 and rhev) ?

Alexandre DERUMIER aderumier at odiso.com
Wed Mar 7 10:35:02 CET 2012 

To be honest,I didn't know that we can put vlan on a linux bridge.

I always put vlan on ethX, then put a bridge on it


my setup sample is
------------------


with bonding
------------
/etc/network/interfaces

for each vlan {

auto eth0.XX
iface eth0.XX inet manual
auto eth1.XX
iface eth1.XX inet manual

auto bondXX
iface bondXX inet manual
slaves eth0.XX eth1.XX
bond_miimon 100
bond_mode active-backup
pre-up ifup eth0.XX eth1.XX
post-down ifdown eth0.XX eth1.XX

auto vmbrXX
iface vmbr30 inet manual
        bridge_ports bondXX
        bridge_stp off
        bridge_fd 0

}





So, I understand the thread:

adding a new bridge,tagged with specific vlan, on the main non tagged bridge,then put the tap interface on it.


vm with vlan2:
--------------

system ("/sbin/vconfig add vmbr0 2");
system ("/usr/sbin/brctl addbr br2");
system ("/usr/sbin/brctl addif br2 vmbr0.2");
system ("/sbin/ip link set br2 up");
system ("/usr/sbin/brctl addif br2 tapxxxi0") ;


/etc/network/interface
------------
auto eth0
iface eth0 inet manual
auto eth1
iface eth1 inet manual

auto bond0
iface bond0 inet manual
slaves eth0 eth1
bond_miimon 100
bond_mode active-backup
pre-up ifup eth0 eth1
post-down ifdown eth0 eth1

auto vmbr0
iface vmbr0 inet manual
        bridge_ports bond0
        bridge_stp off
        bridge_fd 0



if it's works, I could really be fine, because It's really a pain when I need to add new vlan on all my proxmox hosts.

Do you want to add a new vlan option to netX interfaces definition ?

I'll test that to see if it's working fine.
(Do you plan to add it for proxmox 2.0 release ???)


----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Mercredi 7 Mars 2012 09:51:43 
Objet: RE: [pve-devel] disabling iptables on bridge by default (like rhel6 and rhev) ? 

> By the way, do you need some help on other tasks ? 

I also thought about using a better setup for vlans (see first answer to that thread): 

http://unix.stackexchange.com/questions/18576/why-does-adding-a-non-vlaned-interface-to-a-bridge-break-the-vlaned-interfaces 

The idea is to generate an additional bridge for each vlan on the fly (in the kvm network setup script) 

What do you think? 

- Dietmar 




-- 

-- 




	Alexandre D erumier 
Ingénieur Système 
Fixe : 03 20 68 88 90 
Fax : 03 20 68 90 81 
45 Bvd du Général Leclerc 59100 Roubaix - France 
12 rue Marivaux 75002 Paris - France

More information about the pve-devel mailing list