[pve-devel] [PATCH V3 ifupdown2 0/3] ifupdown2 package

Alexandre DERUMIER aderumier at odiso.com
Fri Jun 15 17:46:36 CEST 2018


I have found the correct check code, it's in utils.py

is_addr_ip_allowed_on

I have open an issue to see why it's disable 
https://github.com/CumulusNetworks/ifupdown2/issues/58


(But it's to remove the check if needed)
----- Mail original -----
De: "aderumier" <aderumier at odiso.com>
À: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Vendredi 15 Juin 2018 16:22:58
Objet: Re: [pve-devel] [PATCH V3 ifupdown2 0/3] ifupdown2 package

It seem that indeed, in classic ifupdown, 
we can setup an ip on vlan aware bridge. (untagged ip, then tagged on default vlan pvid (1)). 

I have looked in ifupdown2, it's not possible 

addons/address.py: 

def _process_bridge(self, ifaceobj, up): 
hwaddress = self._get_hwaddress(ifaceobj) 
addrs = ifaceobj.get_attr_value_first('address') 
is_vlan_dev_on_vlan_aware_bridge = False 
is_bridge = self.ipcmd.is_bridge(ifaceobj.name) 
if not is_bridge: 
if ifaceobj.link_kind & ifaceLinkKind.VLAN: 
bridgename = ifaceobj.lowerifaces[0] 
vlan = self._get_vlan_id(ifaceobj) 
is_vlan_dev_on_vlan_aware_bridge = self.ipcmd.bridge_is_vlan_aware(bridgename) 
if ((is_bridge and not self.ipcmd.bridge_is_vlan_aware(ifaceobj.name)) 
or is_vlan_dev_on_vlan_aware_bridge): 
if self._address_valid(addrs): 
if up: 
self.write_file('/proc/sys/net/ipv4/conf/%s' %ifaceobj.name + 
'/arp_accept', '1') 
else: 
self.write_file('/proc/sys/net/ipv4/conf/%s' %ifaceobj.name + 
'/arp_accept', '0') 
if hwaddress and is_vlan_dev_on_vlan_aware_bridge: 
if up: 
self.ipcmd.bridge_fdb_add(bridgename, hwaddress, vlan) 
else: 
self.ipcmd.bridge_fdb_del(bridgename, hwaddress, vlan) 


but It's possible to define something like 

auto vmbr100 
iface vmbr100 inet manual 
bridge-vlan-aware yes 
bridge_port eth0 
bridge_stp off 
bridge_fd 0 
bridge-vids 1-4094 

auto vmbr100.1 
iface vmbr100.1 inet static 
address .... 
gateway ... 


I really don't known if users use the default vlan for the proxmox management ip ? (generally,It's a bad pratice) 

But I think it possible to add a patch to ifupdown2 to have the old behaviour. 



----- Mail original ----- 
De: "Alexandre Derumier" <aderumier at odiso.com> 
À: "pve-devel" <pve-devel at pve.proxmox.com> 
Envoyé: Vendredi 15 Juin 2018 15:56:27 
Objet: Re: [pve-devel] [PATCH V3 ifupdown2 0/3] ifupdown2 package 

>>So I'm having issues with vlan-aware bridges. They seem to not apply 
>>their addresses and then die at adding the gateway... 
>>Can you check? 

>>(ie. simpley standard config 1 physical interface on a vmbr0 with vlan 
>>filtering enabled) 

Also, on a bridge with vlan-aware option, 
I don't think you can setup ip on the bridge directly (I never tested this on classic ifupdown), as you need to define a vlan tag for the ip 

you need something like 

auto vmbr100 
iface vmbr100 inet manual 
bridge-vlan-aware yes 
bridge_port eth0 
bridge_stp off 
bridge_fd 0 
bridge-vids 2-4094 

auto vmbr100.X 
iface vmbr100.X inet static 
address .... 
gateway ... 


----- Mail original ----- 
De: "Alexandre Derumier" <aderumier at odiso.com> 
À: "Wolfgang Bumiller" <w.bumiller at proxmox.com> 
Cc: "pve-devel" <pve-devel at pve.proxmox.com> 
Envoyé: Vendredi 15 Juin 2018 15:19:35 
Objet: Re: [pve-devel] [PATCH V3 ifupdown2 0/3] ifupdown2 package 

Hi wolfgang, 

This thanks to apply my patches ! 


can you post your config ? 

also you need to add "bridge-vids 2-4094" to the bridge option, to match old config behaviour. 
to allow vlans. 

(I have add a note about this in the cover letter) 



----- Mail original ----- 
De: "Wolfgang Bumiller" <w.bumiller at proxmox.com> 
À: "aderumier" <aderumier at odiso.com> 
Cc: "pve-devel" <pve-devel at pve.proxmox.com> 
Envoyé: Vendredi 15 Juin 2018 13:11:34 
Objet: Re: [pve-devel] [PATCH V3 ifupdown2 0/3] ifupdown2 package 

So I'm having issues with vlan-aware bridges. They seem to not apply 
their addresses and then die at adding the gateway... 
Can you check? 

(ie. simpley standard config 1 physical interface on a vmbr0 with vlan 
filtering enabled) 

_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 

_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 

_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 



More information about the pve-devel mailing list