[pve-devel] new bridge code doesn't work with redhat kernel

Stefan Priebe - Profihost AG s.priebe at profihost.ag
Thu Feb 7 12:59:21 CET 2013


Hi,

patrick on the kernel mailing list also suggests to add the vlan on top
of the bridge like my patch does for PVE and not on top of the ethernet
device. It seems nobody knows what is the correct way. So on kernel is
broken - RHEL or vanilla ;-)

Stefan

Am 07.02.2013 12:20, schrieb Alexandre DERUMIER:
> ok, so you are sure that is the bridge which cause the problem ?
> 
> I'll try to find some infos/bugreport about it.
> 
> 
> ----- Mail original ----- 
> 
> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
> Cc: pve-devel at pve.proxmox.com 
> Envoyé: Jeudi 7 Février 2013 11:57:40 
> Objet: Re: [pve-devel] new bridge code doesn't work with redhat kernel 
> 
> Hi, 
> 
> the kernel just stops sending out GVRP packets after adding a bridge or 
> does not even start to sending packets when the device already has a 
> bridge except the initial packet when creating the vlan. 
> 
> Stefan 
> Am 07.02.2013 11:44, schrieb Alexandre DERUMIER: 
>>>> OK my findings are wrong. The gvrp bridge disappears even without adding 
>>>> a bridge. It seems the first initial gvrp package is send but then the 
>>>> "keep-alive" packages aren't. 
>>
>> How does work gvrp exactly ? (Don't have switch with gvrp to test). 
>>
>> is it sending constantly vlans info to the switch ? 
>>
>>
>> I have checked the redhat init script when they have implemeted gvrp 
>> https://bugzilla.redhat.com/attachment.cgi?id=417903&action=diff 
>>
>> ip link add dev ${DEVICE} link ${PHYSDEV} type vlan id ${VID} ${FLAG_REORDER_HDR} ${FLAG_GVRP} 
>>
>> so, it should work 
>>
>>
>> Maybe wireshark could help ? 
>>
>> ----- Mail original ----- 
>>
>> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
>> Cc: pve-devel at pve.proxmox.com 
>> Envoyé: Jeudi 7 Février 2013 11:37:46 
>> Objet: Re: [pve-devel] new bridge code doesn't work with redhat kernel 
>>
>> Hi, 
>>
>> OK my findings are wrong. The gvrp bridge disappears even without adding 
>> a bridge. It seems the first initial gvrp package is send but then the 
>> "keep-alive" packages aren't. 
>>
>> Stefan 
>> Am 07.02.2013 11:34, schrieb Stefan Priebe - Profihost AG: 
>>> Hi Alexandre, 
>>>
>>> i've discovered something even more strange: 
>>>
>>> # ip link add link eth1 name eth1.99 type vlan id 99 reorder_hdr on gvrp on 
>>> # ip link set eth1.99 up 
>>>
>>> Switch: 
>>>
>>> # show vlan 
>>> VLAN ID Name Status Jumbo 
>>> ------- -------------------- ------------ ----- 
>>> 99 GVRP_99 Dynamic 
>>>
>>>
>>> Now i add a bridge just the bridge i do not even assign an interface: 
>>> # brctl addbr vmbr1v99 
>>>
>>> Switch: 
>>>
>>> # show vlan 
>>> VLAN ID Name Status Jumbo 
>>> ------- -------------------- ------------ ----- 
>>>
>>> The gvrp vlan disappears when i just add a bridge to the host. 
>>>
>>>
>>>> so, GVRP doesn't work when vlan are defined on interfaces or bond 
>>>> with redhat kernel and vanilla kernel ? 
>>>>
>>>> gvrp seem available on redhat kernel 
>>>> CONFIG_VLAN_8021Q=m 
>>>> CONFIG_VLAN_8021Q_GVRP=y 
>>>
>>> Yes - but i seems it should work. It disappears after using brctl. Maybe 
>>> a bug in brctl code? I'll try to find out more. 
>>>
>>> Stefan 
>>>
>>> Am 07.02.2013 11:25, schrieb Alexandre DERUMIER: 
>>>>>> yes while rechecking the code i saw the same. But then GVRP does not 
>>>>>> work. The relevant packet does not leave the network interface. So maybe 
>>>>>> it's a vanilla kernel bug? Right now i've no more ideas how / what to test. 
>>>>
>>>> so, GVRP doesn't work when vlan are defined on interfaces or bond with redhat kernel and vanilla kernel ? 
>>>>
>>>> gvrp seem available on redhat kernel 
>>>> CONFIG_VLAN_8021Q=m 
>>>> CONFIG_VLAN_8021Q_GVRP=y 
>>>>
>>>>
>>>>
>>>> ----- Mail original ----- 
>>>>
>>>> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>>>> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
>>>> Cc: pve-devel at pve.proxmox.com 
>>>> Envoyé: Jeudi 7 Février 2013 11:10:42 
>>>> Objet: Re: [pve-devel] new bridge code doesn't work with redhat kernel 
>>>>
>>>> Hi, 
>>>>
>>>> yes while rechecking the code i saw the same. But then GVRP does not 
>>>> work. The relevant packet does not leave the network interface. So maybe 
>>>> it's a vanilla kernel bug? Right now i've no more ideas how / what to test. 
>>>>
>>>> Greets, 
>>>> Stefan 
>>>> Am 07.02.2013 10:59, schrieb Alexandre DERUMIER: 
>>>>>>> Right now I'm not sure how it works under PVE. I've to recheck the code. 
>>>>>
>>>>> It's work like redhat 
>>>>>
>>>>> eth0 ---vmbrx 
>>>>> eth0 -- eth0.10 --- vmbrxV10 
>>>>>
>>>>> eth0 --bond0 -- bond0.10 --- vmbrxV10 
>>>>> eth1 -| 
>>>>>
>>>>> ----- Mail original ----- 
>>>>>
>>>>> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>>>>> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
>>>>> Cc: pve-devel at pve.proxmox.com 
>>>>> Envoyé: Jeudi 7 Février 2013 10:12:14 
>>>>> Objet: Re: [pve-devel] new bridge code doesn't work with redhat kernel 
>>>>>
>>>>> Hi, 
>>>>>
>>>>> oh i think it's clear. 
>>>>>
>>>>> They put the vlan on top of the bond and then the bridge on top of the vlan. 
>>>>>
>>>>> without a bond they add the vlan on top of the nic and then on top of 
>>>>> the vlan the bridge. 
>>>>>
>>>>> Right now I'm not sure how it works under PVE. I've to recheck the code. 
>>>>>
>>>>> Stefan 
>>>>> Am 06.02.2013 16:15, schrieb Alexandre DERUMIER: 
>>>>>>>> mhm strange i was sure that i've tested it with latest proxmox kernel. 
>>>>>>>> Will retest. Didn't redhat backport all those changes done in vanilla? 
>>>>>>
>>>>>> Not all new features are backported. (I think we need to wait for rhel7 to have a big jump in kernel version) 
>>>>>>
>>>>>>
>>>>>>>> mean what's the correct workflow under redhat to use bond + bridge + vlan. 
>>>>>>
>>>>>> here the ovirt (and rhev) network setup 
>>>>>>
>>>>>> http://www.ovirt.org/Vdsm_Network 
>>>>>>
>>>>>> But it's not clear if they put vlan on bridge or on interface. 
>>>>>>
>>>>>> ----- Mail original ----- 
>>>>>>
>>>>>> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>>>>>> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
>>>>>> Cc: pve-devel at pve.proxmox.com 
>>>>>> Envoyé: Mercredi 6 Février 2013 14:48:11 
>>>>>> Objet: Re: [pve-devel] new bridge code doesn't work with redhat kernel 
>>>>>>
>>>>>> Hio, 
>>>>>>
>>>>>> mhm strange i was sure that i've tested it with latest proxmox kernel. 
>>>>>> Will retest. Didn't redhat backport all those changes done in vanilla? I 
>>>>>> mean what's the correct workflow under redhat to use bond + bridge + vlan. 
>>>>>>
>>>>>> Stefan 
>>>>>>
>>>>>> Am 06.02.2013 14:35, schrieb Alexandre DERUMIER: 
>>>>>>>>> Maybe, I'll do test without bond. 
>>>>>>>
>>>>>>> Doesn't work without bond too :( 
>>>>>>>
>>>>>>>
>>>>>>> ----- Mail original ----- 
>>>>>>>
>>>>>>> De: "Alexandre DERUMIER" <aderumier at odiso.com> 
>>>>>>> À: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>>>>>>> Cc: pve-devel at pve.proxmox.com 
>>>>>>> Envoyé: Mercredi 6 Février 2013 14:22:08 
>>>>>>> Objet: Re: [pve-devel] new bridge code doesn't work with redhat kernel 
>>>>>>>
>>>>>>>>> Urgh... that's pretty sad. It was working fine my test. But maybe i 
>>>>>>>>> didn't test everything. Could you desribe me how exactly you've done the 
>>>>>>>>> test? 
>>>>>>>
>>>>>>> simply start the vm with old code and new code. (I have reboot the host to be sure) 
>>>>>>> can't ping the vm with new code. 
>>>>>>>
>>>>>>> But it's work fine with kernel 3.7. 
>>>>>>>
>>>>>>>
>>>>>>>>> I've no bond running - just plain eth => bridge. Maybe that's the 
>>>>>>>>> important difference? 
>>>>>>>
>>>>>>> Maybe, I'll do test without bond. 
>>>>>>>
>>>>>>>
>>>>>>> It's really possible it's a kernel problem, because like I said it, a lot of work has been done in kernel around 2.6.39 on the vlan code. 
>>>>>>>
>>>>>>>
>>>>>>> ----- Mail original ----- 
>>>>>>>
>>>>>>> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>>>>>>> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
>>>>>>> Cc: "Dietmar Maurer" <dietmar at proxmox.com>, pve-devel at pve.proxmox.com 
>>>>>>> Envoyé: Mercredi 6 Février 2013 13:56:08 
>>>>>>> Objet: Re: new bridge code doesn't work with redhat kernel 
>>>>>>>
>>>>>>> Hi, 
>>>>>>>
>>>>>>> Urgh... that's pretty sad. It was working fine my test. But maybe i 
>>>>>>> didn't test everything. Could you desribe me how exactly you've done the 
>>>>>>> test? 
>>>>>>>
>>>>>>> I've no bond running - just plain eth => bridge. Maybe that's the 
>>>>>>> important difference? 
>>>>>>>
>>>>>>> Stefan 
>>>>>>>
>>>>>>> Am 06.02.2013 09:47, schrieb Alexandre DERUMIER: 
>>>>>>>> Hi, 
>>>>>>>> I'm testing the new bridge code, and it doesn't work for me ! 
>>>>>>>>
>>>>>>>> setup: bridge vmbr1, on top of bond0 
>>>>>>>> guest vm (id 115) have an interface in vlan95 
>>>>>>>> host kernel 2.6.32-18-pve 
>>>>>>>>
>>>>>>>>
>>>>>>>> But it's working fine with 3.7 kernel 
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Also I notice than we update the pve-common code, the old tagged network interface remain in bridge, 
>>>>>>>> I don't known if it's can do network loop. (bond0.95 and vmbr1.95 in same bridge in my example) 
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> old 
>>>>>>>> -------------- 
>>>>>>>> #brctl show 
>>>>>>>>
>>>>>>>> vmbr1 8000.001aa03c98c5 no bond0 
>>>>>>>>
>>>>>>>> vmbr1v95 8000.001aa03c98c5 no bond0.95 
>>>>>>>> tap115i0 
>>>>>>>>
>>>>>>>>
>>>>>>>> update to last pve-common, restart the vm 
>>>>>>>> ------------------------------------------- 
>>>>>>>> #qm stop 115 
>>>>>>>> #qm start 115 
>>>>>>>> #brctl show 
>>>>>>>>
>>>>>>>> vmbr1 8000.001aa03c98c5 no bond0 
>>>>>>>> vmbr1v95 8000.001aa03c98c5 no bond0.95 -->old bond0.95 always attached (don't known if it can cause network loop ?) 
>>>>>>>> tap115i0 
>>>>>>>> vmbr1.95 
>>>>>>>>
>>>>>>>>
>>>>>>>> (I have also restart the server to have a clean bridge, doesn't work too) 
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ----- Mail original ----- 
>>>>>>>>
>>>>>>>> De: "Stefan Priebe" <s.priebe at profihost.ag> 
>>>>>>>> À: "Dietmar Maurer" <dietmar at proxmox.com> 
>>>>>>>> Cc: pve-devel at pve.proxmox.com 
>>>>>>>> Envoyé: Lundi 28 Janvier 2013 17:45:27 
>>>>>>>> Objet: Re: [pve-devel] [PATCH] pve-common: PVE/Network: rework of activate_bridge_vlan 
>>>>>>>>
>>>>>>>> Thanks! 
>>>>>>>> Am 28.01.2013 12:00, schrieb Dietmar Maurer: 
>>>>>>>>> applied, thanks! 
>>>>>>>>>
>>>>>>>>>> -----Original Message----- 
>>>>>>>>>> From: pve-devel-bounces at pve.proxmox.com [mailto:pve-devel- 
>>>>>>>>>> bounces at pve.proxmox.com] On Behalf Of Stefan Priebe 
>>>>>>>>>> Sent: Freitag, 25. Jänner 2013 22:16 
>>>>>>>>>> To: pve-devel at pve.proxmox.com 
>>>>>>>>>> Subject: [pve-devel] [PATCH] pve-common: PVE/Network: rework of 
>>>>>>>>>> activate_bridge_vlan 
>>>>>>>>>>
>>>>>>>>>> - use ip command instead of old vconfig 
>>>>>>>>>> - activate gvrp by default (it doesn't harm if the switch does not support it or 
>>>>>>>>>> it is disabled) 
>>>>>>>>>> - use bridge instead of raw ethernet device as vlan bridge 
>>>>>>>>>>
>>>>>>>>>> Signed-off-by: Stefan Priebe <s.priebe at profihost.ag> 
>>>>>>>>>> --- 
>>>>>>>>>> data/PVE/Network.pm | 22 ++++------------------ 
>>>>>>>>>> 1 file changed, 4 insertions(+), 18 deletions(-) 
>>>>>>>>>>
>>>>>>>>>> diff --git a/data/PVE/Network.pm b/data/PVE/Network.pm index 
>>>>>>>>>> 2c356eb..71045fe 100644 
>>>>>>>>>> --- a/data/PVE/Network.pm 
>>>>>>>>>> +++ b/data/PVE/Network.pm 
>>>>>>>>>> @@ -72,28 +72,14 @@ sub activate_bridge_vlan { 
>>>>>>>>>> die "got strange vlan tag '$tag_param'\n" if $tag < 1 || $tag > 4094; 
>>>>>>>>>>
>>>>>>>>>> my $bridgevlan = "${bridge}v$tag"; 
>>>>>>>>>> - 
>>>>>>>>>> - my $dir = "/sys/class/net/$bridge/brif"; 
>>>>>>>>>> - 
>>>>>>>>>> - #check if we have an only one ethX or bondX interface in the bridge 
>>>>>>>>>> - 
>>>>>>>>>> - my $iface; 
>>>>>>>>>> - PVE::Tools::dir_glob_foreach($dir, '((eth|bond)\d+)', sub { 
>>>>>>>>>> - my ($slave) = @_; 
>>>>>>>>>> - 
>>>>>>>>>> - die "more then one physical interfaces on bridge '$bridge'\n" if 
>>>>>>>>>> $iface; 
>>>>>>>>>> - $iface = $slave; 
>>>>>>>>>> - 
>>>>>>>>>> - }); 
>>>>>>>>>> - 
>>>>>>>>>> - die "no physical interface on bridge '$bridge'\n" if !$iface; 
>>>>>>>>>> - 
>>>>>>>>>> + my $iface = $bridge; 
>>>>>>>>>> my $ifacevlan = "${iface}.$tag"; 
>>>>>>>>>> + my $vlanflags = "reorder_hdr on gvrp on"; 
>>>>>>>>>>
>>>>>>>>>> # create vlan on $iface is not already exist 
>>>>>>>>>> if (! -d "/sys/class/net/$ifacevlan") { 
>>>>>>>>>> - system("/sbin/vconfig add $iface $tag") == 0 || 
>>>>>>>>>> - die "can't add vlan tag $tag to interface $iface\n"; 
>>>>>>>>>> + system("/sbin/ip link add link $iface name $ifacevlan type vlan id $tag 
>>>>>>>>>> $vlanflags") == 0 || 
>>>>>>>>>> + die "can't add vlan tag $tag to interface $iface\n"; 
>>>>>>>>>> } 
>>>>>>>>>>
>>>>>>>>>> # be sure to have the $ifacevlan up 
>>>>>>>>>> -- 
>>>>>>>>>> 1.7.10.4 
>>>>>>>>>>
>>>>>>>>>> _______________________________________________ 
>>>>>>>>>> pve-devel mailing list 
>>>>>>>>>> pve-devel at pve.proxmox.com 
>>>>>>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
>>>>>>>>>
>>>>>>>>>
>>>>>>>> _______________________________________________ 
>>>>>>>> pve-devel mailing list 
>>>>>>>> pve-devel at pve.proxmox.com 
>>>>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
>>>>>>>>
>>>>>>> _______________________________________________ 
>>>>>>> pve-devel mailing list 
>>>>>>> pve-devel at pve.proxmox.com 
>>>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
>>>>>>>
>>> _______________________________________________ 
>>> pve-devel mailing list 
>>> pve-devel at pve.proxmox.com 
>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
>>>



More information about the pve-devel mailing list