[pve-devel] [PATCH] support QinQ / vlan stacking

Alexandre DERUMIER aderumier at odiso.com
Tue Mar 17 16:18:59 CET 2015


>>Does that make sense to support both or is the future openvswitch anyway? 

They are missing thing in openvswitch (qinq for example, also igmp snooping,...)
So I think it's okay to keep both currently.

(I think the real future will be something like snabbswitch, but not before 1 or 2 years)


----- Mail original -----
De: "Stefan Priebe" <s.priebe at profihost.ag>
À: "aderumier" <aderumier at odiso.com>
Cc: "dietmar" <dietmar at proxmox.com>, "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Mardi 17 Mars 2015 16:14:09
Objet: Re: [pve-devel] [PATCH] support QinQ / vlan stacking

Am 17.03.2015 um 15:41 schrieb Alexandre DERUMIER <aderumier at odiso.com>: 

>>> That means we can get rid of the whole new and copy bridge code for vlans? 
> 
> yes, I think we can only have 1 bridge, and manage all vlans by port, like for openvswitch. 
> 
> I never tested it with firewall, with fwbridge on top of bridge. 
> 
> Need to be tested :) 

Does that make sense to support both or is the future openvswitch anyway? 


> 
> 
> 
> 
> ----- Mail original ----- 
> De: "Stefan Priebe" <s.priebe at profihost.ag> 
> À: "aderumier" <aderumier at odiso.com> 
> Cc: "dietmar" <dietmar at proxmox.com>, "pve-devel" <pve-devel at pve.proxmox.com> 
> Envoyé: Mardi 17 Mars 2015 10:48:55 
> Objet: Re: [pve-devel] [PATCH] support QinQ / vlan stacking 
> 
> Hi, 
>> Am 16.03.2015 um 06:15 schrieb Alexandre DERUMIER: 
>> Hi Stefan, 
>> 
>>>> So the problem in my case is that there a some VMs i would like to have 
>>>> a filter and others where i don't want to have that filter so VLANs 
>>>> inside the VM are working. 
>> 
>> 
>> I think it's possible to allow vlans (tagged from guest), 
>> to go inside a bridge with vlan_filtering enabled. 
>> 
>> with: 
>> 
>> #bridge vlan add dev tapx vid $tag1 
>> #bridge vlan add dev tapx vid $tag2 
>> 
>> (This is something like a trunk is a cisco switch, with allowed vlans) 
>> 
>> 
>> 
>> if we want to force a tag, for an untagged guest 
>> #bridge vlan add dev tapx vid $tag pvid untagged" 
> 
> That means we can get rid of the whole new and copy bridge code for vlans? 
> 
> Stefan 
> 
> 
>> 
>> ----- Mail original ----- 
>> De: "Stefan Priebe" <s.priebe at profihost.ag> 
>> À: "dietmar" <dietmar at proxmox.com> 
>> Cc: "pve-devel" <pve-devel at pve.proxmox.com> 
>> Envoyé: Jeudi 12 Mars 2015 08:42:48 
>> Objet: Re: [pve-devel] [PATCH] support QinQ / vlan stacking 
>> 
>> Am 12.03.2015 um 06:42 schrieb Dietmar Maurer: 
>>>>>> The old behaviour can be restored by enabling vlan_filtering on the bridge. 
>>>>> 
>>>>> Please can you give me further hints howto enable/disable "vlan_filtering"? 
>>>> 
>>>> It's 
>>>> # echo 1 > /sys/class/net/<bridge>/bridge/vlan_filtering 
>>> 
>>> So you think we should set that in PVE::Network::activate_bridge_vlan_slave ? 
>> 
>> This would at least activate the old behaviour. But there are also use 
>> cases where you don't want that filtering. 
>> 
>> So the problem in my case is that there a some VMs i would like to have 
>> a filter and others where i don't want to have that filter so VLANs 
>> inside the VM are working. 
>> 
>> This can again only be archieved by the ebtables filter as it allows us 
>> to control traffic types by VM NIC. 
>> 
>> Greets, 
>> Stefan 
>> _______________________________________________ 
>> pve-devel mailing list 
>> pve-devel at pve.proxmox.com 
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
> 



More information about the pve-devel mailing list