[pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge
Alexandre DERUMIER
aderumier at odiso.com
Tue Aug 4 14:25:46 CEST 2015
This seem to work.
(I'm not sure about tcpdump result when vlan are stacked)
auto vmbrcustomer1
iface vmbrcustomer1 inet manual
bridge_vlan_aware yes
bridge_ports customer1lp
bridge_stp off
bridge_fd 0
pre-up ip link add dev customer1l type veth peer name customer1lp
post-up ip link set customer1l up
auto vmbr0
iface vmbr0 inet manual
bridge_vlan_aware yes
bridge_ports eth0 customer1l
bridge_stp off
bridge_fd 0
post-up echo 0x88a8 > /sys/class/net/vmbr0/bridge/vlan_protocol
post-up bridge vlan add dev customer1l vid 10 pvid untagged
----- Mail original -----
De: "aderumier" <aderumier at odiso.com>
À: "Andrew Thrift" <andrew at networklabs.co.nz>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Mardi 4 Août 2015 14:02:46
Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge
Another way,
but I'm not sure it's working, is to tag 802.1ad on the physical interface
eth0.10---->vmbrcustomer<--(vlanX)------tapX
auto vmbrcustomer1
iface vmbrcustomer1 inet manual
bridge_vlan_aware yes
bridge_ports eth0.10
bridge_stp off
bridge_fd 0
pre-up ip link add link eth0 eth0.10 type vlan proto 802.1ad id 10
----- Mail original -----
De: "aderumier" <aderumier at odiso.com>
À: "Andrew Thrift" <andrew at networklabs.co.nz>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Mardi 4 Août 2015 12:22:47
Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge
>>Hi Alexandre,
Hi,
>>We also use QinQ and have submitted patches for the previous network implementation that made use of a "bridge in bridge" design to achieve the QinQ functionality.
They are also a new way to implement q-in-q with vlan aware bridge
http://www.spinics.net/lists/linux-ethernet-bridging/msg05514.html
+----+ +-------+p/u +------+ +----+ +--+
|eth0|--|802.1ad|----veth----|802.1Q|--|vnet|--|VM|
+----+ |bridge | |bridge| +----+ +--+
+-------+ +------+
p/u: pvid/untagged
Currently we have implemented 802.1Q bridge.
for qinq, we need to create a root bridge, with 802.1ad enabled, linked through a veth pair to 802.1Q bridge.
The qinq bridge is managed exactly in the same way than 802.1ad, but it's enabled with
echo 0x88a8 > /sys/class/net/XXX/bridge/vlan_protocol
for example
------------
eth0----vmbr0--(vlan10)<---brigelink-------bridgelinkpeer---->vmbrcustomer<--(vlanX)------tapX
brctl addbr vmbr0
echo 0x88a8 > /sys/class/net/vmbr0/bridge/vlan_protocol
ip link add dev bridgelink type veth peer name bridgelinkpeer
brctl addif vmbr0 bridgelink
brctl addif vmbrcustomer1 bridgelinkpeer
bridge vlan add dev bridgelink vid 10 pvid untagged
something like that
I can try to make a patch, but I don't have hardware which support q-in-q for testing.
----- Mail original -----
De: "Andrew Thrift" <andrew at networklabs.co.nz>
À: "aderumier" <aderumier at odiso.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Mardi 4 Août 2015 10:49:26
Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge
Hi Alexandre,
We also use QinQ and have submitted patches for the previous network implementation that made use of a "bridge in bridge" design to achieve the QinQ functionality.
The new vlan aware bridge implementation will be a lot cleaner.
When your patches are ready we will test them and provide feedback.
Thanks,
Andrew
On Tue, Jul 28, 2015 at 2:09 AM, Alexandre DERUMIER < aderumier at odiso.com > wrote:
does somebody have tested my vlan bridges patches ? (note that that need iproute2 from debian sid, for vlan ranges)
It's working really fine here, I'm looking to add a patch for Q-in-Q bridge too. (I think Stefan Priebe use them)
----- Mail original -----
De: "aderumier" < aderumier at odiso.com >
À: "Wolfgang Bumiller" < w.bumiller at proxmox.com >
Cc: "pve-devel" < pve-devel at pve.proxmox.com >
Envoyé: Vendredi 24 Juillet 2015 18:49:18
Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge
>>Why is `bridge_add_interface` now restricted to the firewall-else
>>branch?
I manage it like openvswitch,
vlan tagging is always done on the main bridge, not firewall bridge.
> + if ($firewall) {
> + &$create_firewall_bridge_linux($iface, $bridge, $tag);
create_firewall_bridge_linux($iface, $bridge, $tag)
have
- &$bridge_add_interface($bridge, $vethfwpeer);
+ &$bridge_add_interface($bridge, $vethfwpeer, $tag); #tag on the main bridge
- return $fwbr;
+ &$bridge_add_interface($fwbr, $iface); # add vm tap interface on fwbridge without vlan tag
----- Mail original -----
De: "Wolfgang Bumiller" < w.bumiller at proxmox.com >
À: "aderumier" < aderumier at odiso.com >
Cc: "pve-devel" < pve-devel at pve.proxmox.com >
Envoyé: Vendredi 24 Juillet 2015 15:20:06
Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge
On Fri, Jul 24, 2015 at 01:52:59PM +0200, Alexandre Derumier wrote:
> - $newbridge = &$create_firewall_bridge_linux($iface, $newbridge) if $firewall;
> + if (!$vlan_aware) {
> + my $newbridge = activate_bridge_vlan($bridge, $tag);
> + copy_bridge_config($bridge, $newbridge) if $bridge ne $newbridge;
> + $tag = undef;
> + }
> +
> + if ($firewall) {
> + &$create_firewall_bridge_linux($iface, $bridge, $tag);
> + } else {
> + &$bridge_add_interface($bridge, $iface, $tag);
> + }
>
> - &$bridge_add_interface($newbridge, $iface);
Why is `bridge_add_interface` now restricted to the firewall-else
branch?
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list