[pve-devel] new bridge code doesn't work with redhat kernel

Alexandre DERUMIER aderumier at odiso.com
Thu Feb 7 11:44:48 CET 2013 

>>OK my findings are wrong. The gvrp bridge disappears even without adding 
>>a bridge. It seems the first initial gvrp package is send but then the 
>>"keep-alive" packages aren't. 

How does work gvrp exactly ? (Don't have switch with gvrp to test).

is it sending constantly vlans info to the switch ?


I have checked  the redhat init script when they have implemeted gvrp
https://bugzilla.redhat.com/attachment.cgi?id=417903&action=diff

ip link add dev ${DEVICE} link ${PHYSDEV} type vlan id ${VID} ${FLAG_REORDER_HDR} ${FLAG_GVRP}

so, it should work


Maybe wireshark could help ?

----- Mail original ----- 

De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Jeudi 7 Février 2013 11:37:46 
Objet: Re: [pve-devel] new bridge code doesn't work with redhat kernel 

Hi, 

OK my findings are wrong. The gvrp bridge disappears even without adding 
a bridge. It seems the first initial gvrp package is send but then the 
"keep-alive" packages aren't. 

Stefan 
Am 07.02.2013 11:34, schrieb Stefan Priebe - Profihost AG: 
> Hi Alexandre, 
> 
> i've discovered something even more strange: 
> 
> # ip link add link eth1 name eth1.99 type vlan id 99 reorder_hdr on gvrp on 
> # ip link set eth1.99 up 
> 
> Switch: 
> 
> # show vlan 
> VLAN ID Name Status Jumbo 
> ------- -------------------- ------------ ----- 
> 99 GVRP_99 Dynamic 
> 
> 
> Now i add a bridge just the bridge i do not even assign an interface: 
> # brctl addbr vmbr1v99 
> 
> Switch: 
> 
> # show vlan 
> VLAN ID Name Status Jumbo 
> ------- -------------------- ------------ ----- 
> 
> The gvrp vlan disappears when i just add a bridge to the host. 
> 
> 
>> so, GVRP doesn't work when vlan are defined on interfaces or bond 
>> with redhat kernel and vanilla kernel ? 
>> 
>> gvrp seem available on redhat kernel 
>> CONFIG_VLAN_8021Q=m 
>> CONFIG_VLAN_8021Q_GVRP=y 
> 
> Yes - but i seems it should work. It disappears after using brctl. Maybe 
> a bug in brctl code? I'll try to find out more. 
> 
> Stefan 
> 
> Am 07.02.2013 11:25, schrieb Alexandre DERUMIER: 
>>>> yes while rechecking the code i saw the same. But then GVRP does not 
>>>> work. The relevant packet does not leave the network interface. So maybe 
>>>> it's a vanilla kernel bug? Right now i've no more ideas how / what to test. 
>> 
>> so, GVRP doesn't work when vlan are defined on interfaces or bond with redhat kernel and vanilla kernel ? 
>> 
>> gvrp seem available on redhat kernel 
>> CONFIG_VLAN_8021Q=m 
>> CONFIG_VLAN_8021Q_GVRP=y 
>> 
>> 
>> 
>> ----- Mail original ----- 
>> 
>> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
>> Cc: pve-devel at pve.proxmox.com 
>> Envoyé: Jeudi 7 Février 2013 11:10:42 
>> Objet: Re: [pve-devel] new bridge code doesn't work with redhat kernel 
>> 
>> Hi, 
>> 
>> yes while rechecking the code i saw the same. But then GVRP does not 
>> work. The relevant packet does not leave the network interface. So maybe 
>> it's a vanilla kernel bug? Right now i've no more ideas how / what to test. 
>> 
>> Greets, 
>> Stefan 
>> Am 07.02.2013 10:59, schrieb Alexandre DERUMIER: 
>>>>> Right now I'm not sure how it works under PVE. I've to recheck the code. 
>>> 
>>> It's work like redhat 
>>> 
>>> eth0 ---vmbrx 
>>> eth0 -- eth0.10 --- vmbrxV10 
>>> 
>>> eth0 --bond0 -- bond0.10 --- vmbrxV10 
>>> eth1 -| 
>>> 
>>> ----- Mail original ----- 
>>> 
>>> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>>> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
>>> Cc: pve-devel at pve.proxmox.com 
>>> Envoyé: Jeudi 7 Février 2013 10:12:14 
>>> Objet: Re: [pve-devel] new bridge code doesn't work with redhat kernel 
>>> 
>>> Hi, 
>>> 
>>> oh i think it's clear. 
>>> 
>>> They put the vlan on top of the bond and then the bridge on top of the vlan. 
>>> 
>>> without a bond they add the vlan on top of the nic and then on top of 
>>> the vlan the bridge. 
>>> 
>>> Right now I'm not sure how it works under PVE. I've to recheck the code. 
>>> 
>>> Stefan 
>>> Am 06.02.2013 16:15, schrieb Alexandre DERUMIER: 
>>>>>> mhm strange i was sure that i've tested it with latest proxmox kernel. 
>>>>>> Will retest. Didn't redhat backport all those changes done in vanilla? 
>>>> 
>>>> Not all new features are backported. (I think we need to wait for rhel7 to have a big jump in kernel version) 
>>>> 
>>>> 
>>>>>> mean what's the correct workflow under redhat to use bond + bridge + vlan. 
>>>> 
>>>> here the ovirt (and rhev) network setup 
>>>> 
>>>> http://www.ovirt.org/Vdsm_Network 
>>>> 
>>>> But it's not clear if they put vlan on bridge or on interface. 
>>>> 
>>>> ----- Mail original ----- 
>>>> 
>>>> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>>>> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
>>>> Cc: pve-devel at pve.proxmox.com 
>>>> Envoyé: Mercredi 6 Février 2013 14:48:11 
>>>> Objet: Re: [pve-devel] new bridge code doesn't work with redhat kernel 
>>>> 
>>>> Hio, 
>>>> 
>>>> mhm strange i was sure that i've tested it with latest proxmox kernel. 
>>>> Will retest. Didn't redhat backport all those changes done in vanilla? I 
>>>> mean what's the correct workflow under redhat to use bond + bridge + vlan. 
>>>> 
>>>> Stefan 
>>>> 
>>>> Am 06.02.2013 14:35, schrieb Alexandre DERUMIER: 
>>>>>>> Maybe, I'll do test without bond. 
>>>>> 
>>>>> Doesn't work without bond too :( 
>>>>> 
>>>>> 
>>>>> ----- Mail original ----- 
>>>>> 
>>>>> De: "Alexandre DERUMIER" <aderumier at odiso.com> 
>>>>> À: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>>>>> Cc: pve-devel at pve.proxmox.com 
>>>>> Envoyé: Mercredi 6 Février 2013 14:22:08 
>>>>> Objet: Re: [pve-devel] new bridge code doesn't work with redhat kernel 
>>>>> 
>>>>>>> Urgh... that's pretty sad. It was working fine my test. But maybe i 
>>>>>>> didn't test everything. Could you desribe me how exactly you've done the 
>>>>>>> test? 
>>>>> 
>>>>> simply start the vm with old code and new code. (I have reboot the host to be sure) 
>>>>> can't ping the vm with new code. 
>>>>> 
>>>>> But it's work fine with kernel 3.7. 
>>>>> 
>>>>> 
>>>>>>> I've no bond running - just plain eth => bridge. Maybe that's the 
>>>>>>> important difference? 
>>>>> 
>>>>> Maybe, I'll do test without bond. 
>>>>> 
>>>>> 
>>>>> It's really possible it's a kernel problem, because like I said it, a lot of work has been done in kernel around 2.6.39 on the vlan code. 
>>>>> 
>>>>> 
>>>>> ----- Mail original ----- 
>>>>> 
>>>>> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>>>>> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
>>>>> Cc: "Dietmar Maurer" <dietmar at proxmox.com>, pve-devel at pve.proxmox.com 
>>>>> Envoyé: Mercredi 6 Février 2013 13:56:08 
>>>>> Objet: Re: new bridge code doesn't work with redhat kernel 
>>>>> 
>>>>> Hi, 
>>>>> 
>>>>> Urgh... that's pretty sad. It was working fine my test. But maybe i 
>>>>> didn't test everything. Could you desribe me how exactly you've done the 
>>>>> test? 
>>>>> 
>>>>> I've no bond running - just plain eth => bridge. Maybe that's the 
>>>>> important difference? 
>>>>> 
>>>>> Stefan 
>>>>> 
>>>>> Am 06.02.2013 09:47, schrieb Alexandre DERUMIER: 
>>>>>> Hi, 
>>>>>> I'm testing the new bridge code, and it doesn't work for me ! 
>>>>>> 
>>>>>> setup: bridge vmbr1, on top of bond0 
>>>>>> guest vm (id 115) have an interface in vlan95 
>>>>>> host kernel 2.6.32-18-pve 
>>>>>> 
>>>>>> 
>>>>>> But it's working fine with 3.7 kernel 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Also I notice than we update the pve-common code, the old tagged network interface remain in bridge, 
>>>>>> I don't known if it's can do network loop. (bond0.95 and vmbr1.95 in same bridge in my example) 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> old 
>>>>>> -------------- 
>>>>>> #brctl show 
>>>>>> 
>>>>>> vmbr1 8000.001aa03c98c5 no bond0 
>>>>>> 
>>>>>> vmbr1v95 8000.001aa03c98c5 no bond0.95 
>>>>>> tap115i0 
>>>>>> 
>>>>>> 
>>>>>> update to last pve-common, restart the vm 
>>>>>> ------------------------------------------- 
>>>>>> #qm stop 115 
>>>>>> #qm start 115 
>>>>>> #brctl show 
>>>>>> 
>>>>>> vmbr1 8000.001aa03c98c5 no bond0 
>>>>>> vmbr1v95 8000.001aa03c98c5 no bond0.95 -->old bond0.95 always attached (don't known if it can cause network loop ?) 
>>>>>> tap115i0 
>>>>>> vmbr1.95 
>>>>>> 
>>>>>> 
>>>>>> (I have also restart the server to have a clean bridge, doesn't work too) 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> ----- Mail original ----- 
>>>>>> 
>>>>>> De: "Stefan Priebe" <s.priebe at profihost.ag> 
>>>>>> À: "Dietmar Maurer" <dietmar at proxmox.com> 
>>>>>> Cc: pve-devel at pve.proxmox.com 
>>>>>> Envoyé: Lundi 28 Janvier 2013 17:45:27 
>>>>>> Objet: Re: [pve-devel] [PATCH] pve-common: PVE/Network: rework of activate_bridge_vlan 
>>>>>> 
>>>>>> Thanks! 
>>>>>> Am 28.01.2013 12:00, schrieb Dietmar Maurer: 
>>>>>>> applied, thanks! 
>>>>>>> 
>>>>>>>> -----Original Message----- 
>>>>>>>> From: pve-devel-bounces at pve.proxmox.com [mailto:pve-devel- 
>>>>>>>> bounces at pve.proxmox.com] On Behalf Of Stefan Priebe 
>>>>>>>> Sent: Freitag, 25. Jänner 2013 22:16 
>>>>>>>> To: pve-devel at pve.proxmox.com 
>>>>>>>> Subject: [pve-devel] [PATCH] pve-common: PVE/Network: rework of 
>>>>>>>> activate_bridge_vlan 
>>>>>>>> 
>>>>>>>> - use ip command instead of old vconfig 
>>>>>>>> - activate gvrp by default (it doesn't harm if the switch does not support it or 
>>>>>>>> it is disabled) 
>>>>>>>> - use bridge instead of raw ethernet device as vlan bridge 
>>>>>>>> 
>>>>>>>> Signed-off-by: Stefan Priebe <s.priebe at profihost.ag> 
>>>>>>>> --- 
>>>>>>>> data/PVE/Network.pm | 22 ++++------------------ 
>>>>>>>> 1 file changed, 4 insertions(+), 18 deletions(-) 
>>>>>>>> 
>>>>>>>> diff --git a/data/PVE/Network.pm b/data/PVE/Network.pm index 
>>>>>>>> 2c356eb..71045fe 100644 
>>>>>>>> --- a/data/PVE/Network.pm 
>>>>>>>> +++ b/data/PVE/Network.pm 
>>>>>>>> @@ -72,28 +72,14 @@ sub activate_bridge_vlan { 
>>>>>>>> die "got strange vlan tag '$tag_param'\n" if $tag < 1 || $tag > 4094; 
>>>>>>>> 
>>>>>>>> my $bridgevlan = "${bridge}v$tag"; 
>>>>>>>> - 
>>>>>>>> - my $dir = "/sys/class/net/$bridge/brif"; 
>>>>>>>> - 
>>>>>>>> - #check if we have an only one ethX or bondX interface in the bridge 
>>>>>>>> - 
>>>>>>>> - my $iface; 
>>>>>>>> - PVE::Tools::dir_glob_foreach($dir, '((eth|bond)\d+)', sub { 
>>>>>>>> - my ($slave) = @_; 
>>>>>>>> - 
>>>>>>>> - die "more then one physical interfaces on bridge '$bridge'\n" if 
>>>>>>>> $iface; 
>>>>>>>> - $iface = $slave; 
>>>>>>>> - 
>>>>>>>> - }); 
>>>>>>>> - 
>>>>>>>> - die "no physical interface on bridge '$bridge'\n" if !$iface; 
>>>>>>>> - 
>>>>>>>> + my $iface = $bridge; 
>>>>>>>> my $ifacevlan = "${iface}.$tag"; 
>>>>>>>> + my $vlanflags = "reorder_hdr on gvrp on"; 
>>>>>>>> 
>>>>>>>> # create vlan on $iface is not already exist 
>>>>>>>> if (! -d "/sys/class/net/$ifacevlan") { 
>>>>>>>> - system("/sbin/vconfig add $iface $tag") == 0 || 
>>>>>>>> - die "can't add vlan tag $tag to interface $iface\n"; 
>>>>>>>> + system("/sbin/ip link add link $iface name $ifacevlan type vlan id $tag 
>>>>>>>> $vlanflags") == 0 || 
>>>>>>>> + die "can't add vlan tag $tag to interface $iface\n"; 
>>>>>>>> } 
>>>>>>>> 
>>>>>>>> # be sure to have the $ifacevlan up 
>>>>>>>> -- 
>>>>>>>> 1.7.10.4 
>>>>>>>> 
>>>>>>>> _______________________________________________ 
>>>>>>>> pve-devel mailing list 
>>>>>>>> pve-devel at pve.proxmox.com 
>>>>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
>>>>>>> 
>>>>>>> 
>>>>>> _______________________________________________ 
>>>>>> pve-devel mailing list 
>>>>>> pve-devel at pve.proxmox.com 
>>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
>>>>>> 
>>>>> _______________________________________________ 
>>>>> pve-devel mailing list 
>>>>> pve-devel at pve.proxmox.com 
>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
>>>>> 
> _______________________________________________ 
> pve-devel mailing list 
> pve-devel at pve.proxmox.com 
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
>

More information about the pve-devel mailing list