[pve-devel] new bridge code doesn't work with redhat kernel

Stefan Priebe - Profihost AG s.priebe at profihost.ag
Thu Feb 7 13:14:45 CET 2013 

But ovirt does it also the other way.

Stefan
Am 07.02.2013 13:13, schrieb Alexandre DERUMIER:
> I think it must a be a bug in redhat kernel, as it's working fine with newer kernels.
> 
> 
> 
> 
> ----- Mail original ----- 
> 
> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
> Cc: pve-devel at pve.proxmox.com 
> Envoyé: Jeudi 7 Février 2013 12:59:21 
> Objet: Re: [pve-devel] new bridge code doesn't work with redhat kernel 
> 
> Hi, 
> 
> patrick on the kernel mailing list also suggests to add the vlan on top 
> of the bridge like my patch does for PVE and not on top of the ethernet 
> device. It seems nobody knows what is the correct way. So on kernel is 
> broken - RHEL or vanilla ;-) 
> 
> Stefan 
> 
> Am 07.02.2013 12:20, schrieb Alexandre DERUMIER: 
>> ok, so you are sure that is the bridge which cause the problem ? 
>>
>> I'll try to find some infos/bugreport about it. 
>>
>>
>> ----- Mail original ----- 
>>
>> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
>> Cc: pve-devel at pve.proxmox.com 
>> Envoyé: Jeudi 7 Février 2013 11:57:40 
>> Objet: Re: [pve-devel] new bridge code doesn't work with redhat kernel 
>>
>> Hi, 
>>
>> the kernel just stops sending out GVRP packets after adding a bridge or 
>> does not even start to sending packets when the device already has a 
>> bridge except the initial packet when creating the vlan. 
>>
>> Stefan 
>> Am 07.02.2013 11:44, schrieb Alexandre DERUMIER: 
>>>>> OK my findings are wrong. The gvrp bridge disappears even without adding 
>>>>> a bridge. It seems the first initial gvrp package is send but then the 
>>>>> "keep-alive" packages aren't. 
>>>
>>> How does work gvrp exactly ? (Don't have switch with gvrp to test). 
>>>
>>> is it sending constantly vlans info to the switch ? 
>>>
>>>
>>> I have checked the redhat init script when they have implemeted gvrp 
>>> https://bugzilla.redhat.com/attachment.cgi?id=417903&action=diff 
>>>
>>> ip link add dev ${DEVICE} link ${PHYSDEV} type vlan id ${VID} ${FLAG_REORDER_HDR} ${FLAG_GVRP} 
>>>
>>> so, it should work 
>>>
>>>
>>> Maybe wireshark could help ? 
>>>
>>> ----- Mail original ----- 
>>>
>>> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>>> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
>>> Cc: pve-devel at pve.proxmox.com 
>>> Envoyé: Jeudi 7 Février 2013 11:37:46 
>>> Objet: Re: [pve-devel] new bridge code doesn't work with redhat kernel 
>>>
>>> Hi, 
>>>
>>> OK my findings are wrong. The gvrp bridge disappears even without adding 
>>> a bridge. It seems the first initial gvrp package is send but then the 
>>> "keep-alive" packages aren't. 
>>>
>>> Stefan 
>>> Am 07.02.2013 11:34, schrieb Stefan Priebe - Profihost AG: 
>>>> Hi Alexandre, 
>>>>
>>>> i've discovered something even more strange: 
>>>>
>>>> # ip link add link eth1 name eth1.99 type vlan id 99 reorder_hdr on gvrp on 
>>>> # ip link set eth1.99 up 
>>>>
>>>> Switch: 
>>>>
>>>> # show vlan 
>>>> VLAN ID Name Status Jumbo 
>>>> ------- -------------------- ------------ ----- 
>>>> 99 GVRP_99 Dynamic 
>>>>
>>>>
>>>> Now i add a bridge just the bridge i do not even assign an interface: 
>>>> # brctl addbr vmbr1v99 
>>>>
>>>> Switch: 
>>>>
>>>> # show vlan 
>>>> VLAN ID Name Status Jumbo 
>>>> ------- -------------------- ------------ ----- 
>>>>
>>>> The gvrp vlan disappears when i just add a bridge to the host. 
>>>>
>>>>
>>>>> so, GVRP doesn't work when vlan are defined on interfaces or bond 
>>>>> with redhat kernel and vanilla kernel ? 
>>>>>
>>>>> gvrp seem available on redhat kernel 
>>>>> CONFIG_VLAN_8021Q=m 
>>>>> CONFIG_VLAN_8021Q_GVRP=y 
>>>>
>>>> Yes - but i seems it should work. It disappears after using brctl. Maybe 
>>>> a bug in brctl code? I'll try to find out more. 
>>>>
>>>> Stefan 
>>>>
>>>> Am 07.02.2013 11:25, schrieb Alexandre DERUMIER: 
>>>>>>> yes while rechecking the code i saw the same. But then GVRP does not 
>>>>>>> work. The relevant packet does not leave the network interface. So maybe 
>>>>>>> it's a vanilla kernel bug? Right now i've no more ideas how / what to test. 
>>>>>
>>>>> so, GVRP doesn't work when vlan are defined on interfaces or bond with redhat kernel and vanilla kernel ? 
>>>>>
>>>>> gvrp seem available on redhat kernel 
>>>>> CONFIG_VLAN_8021Q=m 
>>>>> CONFIG_VLAN_8021Q_GVRP=y 
>>>>>
>>>>>
>>>>>
>>>>> ----- Mail original ----- 
>>>>>
>>>>> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>>>>> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
>>>>> Cc: pve-devel at pve.proxmox.com 
>>>>> Envoyé: Jeudi 7 Février 2013 11:10:42 
>>>>> Objet: Re: [pve-devel] new bridge code doesn't work with redhat kernel 
>>>>>
>>>>> Hi, 
>>>>>
>>>>> yes while rechecking the code i saw the same. But then GVRP does not 
>>>>> work. The relevant packet does not leave the network interface. So maybe 
>>>>> it's a vanilla kernel bug? Right now i've no more ideas how / what to test. 
>>>>>
>>>>> Greets, 
>>>>> Stefan 
>>>>> Am 07.02.2013 10:59, schrieb Alexandre DERUMIER: 
>>>>>>>> Right now I'm not sure how it works under PVE. I've to recheck the code. 
>>>>>>
>>>>>> It's work like redhat 
>>>>>>
>>>>>> eth0 ---vmbrx 
>>>>>> eth0 -- eth0.10 --- vmbrxV10 
>>>>>>
>>>>>> eth0 --bond0 -- bond0.10 --- vmbrxV10 
>>>>>> eth1 -| 
>>>>>>
>>>>>> ----- Mail original ----- 
>>>>>>
>>>>>> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>>>>>> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
>>>>>> Cc: pve-devel at pve.proxmox.com 
>>>>>> Envoyé: Jeudi 7 Février 2013 10:12:14 
>>>>>> Objet: Re: [pve-devel] new bridge code doesn't work with redhat kernel 
>>>>>>
>>>>>> Hi, 
>>>>>>
>>>>>> oh i think it's clear. 
>>>>>>
>>>>>> They put the vlan on top of the bond and then the bridge on top of the vlan. 
>>>>>>
>>>>>> without a bond they add the vlan on top of the nic and then on top of 
>>>>>> the vlan the bridge. 
>>>>>>
>>>>>> Right now I'm not sure how it works under PVE. I've to recheck the code. 
>>>>>>
>>>>>> Stefan 
>>>>>> Am 06.02.2013 16:15, schrieb Alexandre DERUMIER: 
>>>>>>>>> mhm strange i was sure that i've tested it with latest proxmox kernel. 
>>>>>>>>> Will retest. Didn't redhat backport all those changes done in vanilla? 
>>>>>>>
>>>>>>> Not all new features are backported. (I think we need to wait for rhel7 to have a big jump in kernel version) 
>>>>>>>
>>>>>>>
>>>>>>>>> mean what's the correct workflow under redhat to use bond + bridge + vlan. 
>>>>>>>
>>>>>>> here the ovirt (and rhev) network setup 
>>>>>>>
>>>>>>> http://www.ovirt.org/Vdsm_Network 
>>>>>>>
>>>>>>> But it's not clear if they put vlan on bridge or on interface. 
>>>>>>>
>>>>>>> ----- Mail original ----- 
>>>>>>>
>>>>>>> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>>>>>>> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
>>>>>>> Cc: pve-devel at pve.proxmox.com 
>>>>>>> Envoyé: Mercredi 6 Février 2013 14:48:11 
>>>>>>> Objet: Re: [pve-devel] new bridge code doesn't work with redhat kernel 
>>>>>>>
>>>>>>> Hio, 
>>>>>>>
>>>>>>> mhm strange i was sure that i've tested it with latest proxmox kernel. 
>>>>>>> Will retest. Didn't redhat backport all those changes done in vanilla? I 
>>>>>>> mean what's the correct workflow under redhat to use bond + bridge + vlan. 
>>>>>>>
>>>>>>> Stefan 
>>>>>>>
>>>>>>> Am 06.02.2013 14:35, schrieb Alexandre DERUMIER: 
>>>>>>>>>> Maybe, I'll do test without bond. 
>>>>>>>>
>>>>>>>> Doesn't work without bond too :( 
>>>>>>>>
>>>>>>>>
>>>>>>>> ----- Mail original ----- 
>>>>>>>>
>>>>>>>> De: "Alexandre DERUMIER" <aderumier at odiso.com> 
>>>>>>>> À: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>>>>>>>> Cc: pve-devel at pve.proxmox.com 
>>>>>>>> Envoyé: Mercredi 6 Février 2013 14:22:08 
>>>>>>>> Objet: Re: [pve-devel] new bridge code doesn't work with redhat kernel 
>>>>>>>>
>>>>>>>>>> Urgh... that's pretty sad. It was working fine my test. But maybe i 
>>>>>>>>>> didn't test everything. Could you desribe me how exactly you've done the 
>>>>>>>>>> test? 
>>>>>>>>
>>>>>>>> simply start the vm with old code and new code. (I have reboot the host to be sure) 
>>>>>>>> can't ping the vm with new code. 
>>>>>>>>
>>>>>>>> But it's work fine with kernel 3.7. 
>>>>>>>>
>>>>>>>>
>>>>>>>>>> I've no bond running - just plain eth => bridge. Maybe that's the 
>>>>>>>>>> important difference? 
>>>>>>>>
>>>>>>>> Maybe, I'll do test without bond. 
>>>>>>>>
>>>>>>>>
>>>>>>>> It's really possible it's a kernel problem, because like I said it, a lot of work has been done in kernel around 2.6.39 on the vlan code. 
>>>>>>>>
>>>>>>>>
>>>>>>>> ----- Mail original ----- 
>>>>>>>>
>>>>>>>> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>>>>>>>> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
>>>>>>>> Cc: "Dietmar Maurer" <dietmar at proxmox.com>, pve-devel at pve.proxmox.com 
>>>>>>>> Envoyé: Mercredi 6 Février 2013 13:56:08 
>>>>>>>> Objet: Re: new bridge code doesn't work with redhat kernel 
>>>>>>>>
>>>>>>>> Hi, 
>>>>>>>>
>>>>>>>> Urgh... that's pretty sad. It was working fine my test. But maybe i 
>>>>>>>> didn't test everything. Could you desribe me how exactly you've done the 
>>>>>>>> test? 
>>>>>>>>
>>>>>>>> I've no bond running - just plain eth => bridge. Maybe that's the 
>>>>>>>> important difference? 
>>>>>>>>
>>>>>>>> Stefan 
>>>>>>>>
>>>>>>>> Am 06.02.2013 09:47, schrieb Alexandre DERUMIER: 
>>>>>>>>> Hi, 
>>>>>>>>> I'm testing the new bridge code, and it doesn't work for me ! 
>>>>>>>>>
>>>>>>>>> setup: bridge vmbr1, on top of bond0 
>>>>>>>>> guest vm (id 115) have an interface in vlan95 
>>>>>>>>> host kernel 2.6.32-18-pve 
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> But it's working fine with 3.7 kernel 
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Also I notice than we update the pve-common code, the old tagged network interface remain in bridge, 
>>>>>>>>> I don't known if it's can do network loop. (bond0.95 and vmbr1.95 in same bridge in my example) 
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> old 
>>>>>>>>> -------------- 
>>>>>>>>> #brctl show 
>>>>>>>>>
>>>>>>>>> vmbr1 8000.001aa03c98c5 no bond0 
>>>>>>>>>
>>>>>>>>> vmbr1v95 8000.001aa03c98c5 no bond0.95 
>>>>>>>>> tap115i0 
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> update to last pve-common, restart the vm 
>>>>>>>>> ------------------------------------------- 
>>>>>>>>> #qm stop 115 
>>>>>>>>> #qm start 115 
>>>>>>>>> #brctl show 
>>>>>>>>>
>>>>>>>>> vmbr1 8000.001aa03c98c5 no bond0 
>>>>>>>>> vmbr1v95 8000.001aa03c98c5 no bond0.95 -->old bond0.95 always attached (don't known if it can cause network loop ?) 
>>>>>>>>> tap115i0 
>>>>>>>>> vmbr1.95 
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> (I have also restart the server to have a clean bridge, doesn't work too) 
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ----- Mail original ----- 
>>>>>>>>>
>>>>>>>>> De: "Stefan Priebe" <s.priebe at profihost.ag> 
>>>>>>>>> À: "Dietmar Maurer" <dietmar at proxmox.com> 
>>>>>>>>> Cc: pve-devel at pve.proxmox.com 
>>>>>>>>> Envoyé: Lundi 28 Janvier 2013 17:45:27 
>>>>>>>>> Objet: Re: [pve-devel] [PATCH] pve-common: PVE/Network: rework of activate_bridge_vlan 
>>>>>>>>>
>>>>>>>>> Thanks! 
>>>>>>>>> Am 28.01.2013 12:00, schrieb Dietmar Maurer: 
>>>>>>>>>> applied, thanks! 
>>>>>>>>>>
>>>>>>>>>>> -----Original Message----- 
>>>>>>>>>>> From: pve-devel-bounces at pve.proxmox.com [mailto:pve-devel- 
>>>>>>>>>>> bounces at pve.proxmox.com] On Behalf Of Stefan Priebe 
>>>>>>>>>>> Sent: Freitag, 25. Jänner 2013 22:16 
>>>>>>>>>>> To: pve-devel at pve.proxmox.com 
>>>>>>>>>>> Subject: [pve-devel] [PATCH] pve-common: PVE/Network: rework of 
>>>>>>>>>>> activate_bridge_vlan 
>>>>>>>>>>>
>>>>>>>>>>> - use ip command instead of old vconfig 
>>>>>>>>>>> - activate gvrp by default (it doesn't harm if the switch does not support it or 
>>>>>>>>>>> it is disabled) 
>>>>>>>>>>> - use bridge instead of raw ethernet device as vlan bridge 
>>>>>>>>>>>
>>>>>>>>>>> Signed-off-by: Stefan Priebe <s.priebe at profihost.ag> 
>>>>>>>>>>> --- 
>>>>>>>>>>> data/PVE/Network.pm | 22 ++++------------------ 
>>>>>>>>>>> 1 file changed, 4 insertions(+), 18 deletions(-) 
>>>>>>>>>>>
>>>>>>>>>>> diff --git a/data/PVE/Network.pm b/data/PVE/Network.pm index 
>>>>>>>>>>> 2c356eb..71045fe 100644 
>>>>>>>>>>> --- a/data/PVE/Network.pm 
>>>>>>>>>>> +++ b/data/PVE/Network.pm 
>>>>>>>>>>> @@ -72,28 +72,14 @@ sub activate_bridge_vlan { 
>>>>>>>>>>> die "got strange vlan tag '$tag_param'\n" if $tag < 1 || $tag > 4094; 
>>>>>>>>>>>
>>>>>>>>>>> my $bridgevlan = "${bridge}v$tag"; 
>>>>>>>>>>> - 
>>>>>>>>>>> - my $dir = "/sys/class/net/$bridge/brif"; 
>>>>>>>>>>> - 
>>>>>>>>>>> - #check if we have an only one ethX or bondX interface in the bridge 
>>>>>>>>>>> - 
>>>>>>>>>>> - my $iface; 
>>>>>>>>>>> - PVE::Tools::dir_glob_foreach($dir, '((eth|bond)\d+)', sub { 
>>>>>>>>>>> - my ($slave) = @_; 
>>>>>>>>>>> - 
>>>>>>>>>>> - die "more then one physical interfaces on bridge '$bridge'\n" if 
>>>>>>>>>>> $iface; 
>>>>>>>>>>> - $iface = $slave; 
>>>>>>>>>>> - 
>>>>>>>>>>> - }); 
>>>>>>>>>>> - 
>>>>>>>>>>> - die "no physical interface on bridge '$bridge'\n" if !$iface; 
>>>>>>>>>>> - 
>>>>>>>>>>> + my $iface = $bridge; 
>>>>>>>>>>> my $ifacevlan = "${iface}.$tag"; 
>>>>>>>>>>> + my $vlanflags = "reorder_hdr on gvrp on"; 
>>>>>>>>>>>
>>>>>>>>>>> # create vlan on $iface is not already exist 
>>>>>>>>>>> if (! -d "/sys/class/net/$ifacevlan") { 
>>>>>>>>>>> - system("/sbin/vconfig add $iface $tag") == 0 || 
>>>>>>>>>>> - die "can't add vlan tag $tag to interface $iface\n"; 
>>>>>>>>>>> + system("/sbin/ip link add link $iface name $ifacevlan type vlan id $tag 
>>>>>>>>>>> $vlanflags") == 0 || 
>>>>>>>>>>> + die "can't add vlan tag $tag to interface $iface\n"; 
>>>>>>>>>>> } 
>>>>>>>>>>>
>>>>>>>>>>> # be sure to have the $ifacevlan up 
>>>>>>>>>>> -- 
>>>>>>>>>>> 1.7.10.4 
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________ 
>>>>>>>>>>> pve-devel mailing list 
>>>>>>>>>>> pve-devel at pve.proxmox.com 
>>>>>>>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> _______________________________________________ 
>>>>>>>>> pve-devel mailing list 
>>>>>>>>> pve-devel at pve.proxmox.com 
>>>>>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
>>>>>>>>>
>>>>>>>> _______________________________________________ 
>>>>>>>> pve-devel mailing list 
>>>>>>>> pve-devel at pve.proxmox.com 
>>>>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
>>>>>>>>
>>>> _______________________________________________ 
>>>> pve-devel mailing list 
>>>> pve-devel at pve.proxmox.com 
>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
>>>>

More information about the pve-devel mailing list