[pve-devel] kernel 3.10 : bridge vlan test
Alexandre DERUMIER
aderumier at odiso.com
Tue Dec 17 07:56:41 CET 2013
>>it just works for me with vanilla 3.10 and the additional patch. BUT
>>without VLAN filtering i don't use it.
Don't you use special setup with bridge on top of another bridge ? (It was about gvrp support If I remember)
About vlan filtering
--------------------
>>could you send me:
>>zgrep 'VLAN' /prof/config.gz
???? what is this ?
and
sysctl -a | grep bridge
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-filter-pppoe-tagged = 0
net.bridge.bridge-nf-filter-vlan-tagged = 0
net.bridge.bridge-nf-pass-vlan-input-dev = 0
I really don't understand why vlan filtering doesn't work( but it's not the first time that bridge module is buggy).
I'll try to ask to the netdev mailing list.
about openvswitch
-----------------
I have done some tests with openvswitch, and it's work really fine.
iperf show me 20Gb/s, I never reach more than 8gb/s with linux bridge.
vlan work out of the box.
@Dietmar
about openvswitch, I would like to add support to be able to plug kvm tap interface into it.
(simple detection if vmbrX is a linux bridge or openvswitch through sysfs, and then use brctl or ovz-ctl command to plug tap interface).
So advanced users could use them if they want. (create openvswitch command line, no support from gui)
A the end, I would like to have a proper implementation of linux bridge vlan_filtering and openvswitch.
(with same network architecture,1 bridge with vlan management, so both can be interchanged)
----- Mail original -----
De: "Stefan Priebe" <s.priebe at profihost.ag>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Lundi 16 Décembre 2013 20:08:18
Objet: Re: [pve-devel] kernel 3.10 : bridge vlan test
Hi,
it just works for me with vanilla 3.10 and the additional patch. BUT
without VLAN filtering i don't use it.
could you send me:
zgrep 'VLAN' /prof/config.gz
and
sysctl -a | grep bridge
Stefan
Am 16.12.2013 16:37, schrieb Alexandre DERUMIER:
> Stefan,
>
> you could send how you manage bridge vlan on top of other bridge ?
>
> (I would like to test with 3.10 kernel, as I had problem last year with 2.6.32 kernel)
>
>
>
> I'm also looking at openvswitch, as it seem it's possible to mix bridge and openvswitch.
> Seem that openstack can manage this kind of setup:
>
> host eth0---->openvzswitch---veth0-----veth1---linuxbridge<----tap interface
>
> using 1 bridge by tap interface.
> So it's possible to use iptables with the linux bridge.
> And manage vlans on openvswitch (and also other features, like netflow)
>
>
>
> ----- Mail original -----
>
> De: "Alexandre DERUMIER" <aderumier at odiso.com>
> À: "Dietmar Maurer" <dietmar at proxmox.com>
> Cc: "pve-devel" <pve-devel at pve.proxmox.com>
> Envoyé: Dimanche 15 Décembre 2013 20:15:04
> Objet: Re: [pve-devel] kernel 3.10 : bridge vlan test
>
>>> I just added the patch from Stefan and compiled and uploaded a new kernel package.
>>> Please can you test if that helps?
>
> Don't help :(
>
> once vlan_filterning is enabled, I can't ping between vms
>
> ----- Mail original -----
>
> De: "Dietmar Maurer" <dietmar at proxmox.com>
> À: "Alexandre DERUMIER" <aderumier at odiso.com>, "Stefan Priebe (s.priebe at profihost.ag)" <s.priebe at profihost.ag>
> Cc: "pve-devel" <pve-devel at pve.proxmox.com>
> Envoyé: Samedi 14 Décembre 2013 10:09:33
> Objet: RE: [pve-devel] kernel 3.10 : bridge vlan test
>
>> Oh, sorry, forget to say : both was in same vlan when it doesn't ping.
>>
>> Also, if I don't configure any vlan, and enable filtering, it doesn't work.
>>
>> Maybe it doesn't work with tap interfaces ? Need to ask to the kernel mailing.
>
> I just added the patch from Stefan and compiled and uploaded a new kernel package.
> Please can you test if that helps?
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
More information about the pve-devel
mailing list