[pve-devel] [PATCH pve-network] add vnet vlan-aware option

Alexandre Derumier aderumier at odiso.com
Mon May 25 15:03:23 CEST 2020


Some users would like to be able to defined vlans at
vm level, or allow trunks,  on top of already
tagged vnet. (including vlan on top of vxlan tunnel)

Allow it on all layer2 plugins, and add a warn
for evpn layer3 plugin.

Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
 PVE/Network/SDN/VnetPlugin.pm        |  5 +++++
 PVE/Network/SDN/Zones.pm             | 14 +------------
 PVE/Network/SDN/Zones/EvpnPlugin.pm  |  1 +
 PVE/Network/SDN/Zones/Plugin.pm      | 31 +++++-----------------------
 PVE/Network/SDN/Zones/QinQPlugin.pm  |  4 ++++
 PVE/Network/SDN/Zones/VlanPlugin.pm  |  4 ++++
 PVE/Network/SDN/Zones/VxlanPlugin.pm |  4 ++++
 7 files changed, 24 insertions(+), 39 deletions(-)

diff --git a/PVE/Network/SDN/VnetPlugin.pm b/PVE/Network/SDN/VnetPlugin.pm
index 179bfa4..2433013 100644
--- a/PVE/Network/SDN/VnetPlugin.pm
+++ b/PVE/Network/SDN/VnetPlugin.pm
@@ -58,6 +58,10 @@ sub properties {
             type => 'integer',
             description => "vlan or vxlan id",
 	},
+	vlanaware => {
+	    type => 'boolean',
+	    description => 'Allow vm VLANs to pass through this vnet.',
+	},
         alias => {
             type => 'string',
             description => "alias name of the vnet",
@@ -89,6 +93,7 @@ sub options {
         ipv4 => { optional => 1 },
         ipv6 => { optional => 1 },
         mac => { optional => 1 },
+        vlanaware => { optional => 1 },
     };
 }
 
diff --git a/PVE/Network/SDN/Zones.pm b/PVE/Network/SDN/Zones.pm
index 436b103..b8dc54c 100644
--- a/PVE/Network/SDN/Zones.pm
+++ b/PVE/Network/SDN/Zones.pm
@@ -214,18 +214,6 @@ sub status {
     return($zone_status, $vnet_status);
 }
 
-sub get_bridge_vlan {
-    my ($vnetid) = @_;
-
-    my $vnet = PVE::Network::SDN::Vnets::get_vnet($vnetid);
-
-    return ($vnetid, undef) if !$vnet; # fallback for classic bridge
-
-    my $plugin_config = get_plugin_config($vnet);
-    my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type});
-    return $plugin->get_bridge_vlan($plugin_config, $vnetid, $vnet->{tag});
-}
-
 sub tap_create {
     my ($iface, $bridge) = @_;
 
@@ -270,7 +258,7 @@ sub tap_plug {
 	if $plugin_config->{nodes} && !defined($plugin_config->{nodes}->{$nodename});
 
     my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type});
-    $plugin->tap_plug($plugin_config, $vnet, $iface, $bridge, $firewall, $rate);
+    $plugin->tap_plug($plugin_config, $vnet, $tag, $iface, $bridge, $firewall, $trunks, $rate);
 }
 
 1;
diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm b/PVE/Network/SDN/Zones/EvpnPlugin.pm
index 973e8e0..95fbb64 100644
--- a/PVE/Network/SDN/Zones/EvpnPlugin.pm
+++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm
@@ -50,6 +50,7 @@ sub generate_sdn_config {
     my $vrfvxlan = $plugin_config->{'vrf-vxlan'};
 
     die "missing vxlan tag" if !$tag;
+    warn "vlan-aware vnet can't be enabled with evpn plugin" if $vnet->{vlanaware};
 
     my @peers = split(',', $controller->{'peers'});
     my ($ifaceip, $iface) = PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers);
diff --git a/PVE/Network/SDN/Zones/Plugin.pm b/PVE/Network/SDN/Zones/Plugin.pm
index 9ea7a50..0633b78 100644
--- a/PVE/Network/SDN/Zones/Plugin.pm
+++ b/PVE/Network/SDN/Zones/Plugin.pm
@@ -205,44 +205,23 @@ sub status {
 }
 
 
-sub get_bridge_vlan {
-    my ($class, $plugin_config, $vnetid, $tag) = @_;
-
-    my $bridge = $vnetid;
-    $tag = undef;
-
-    die "bridge $bridge is missing" if !-d "/sys/class/net/$bridge/";
-
-    return ($bridge, $tag);
-}
-
 sub tap_create {
     my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_;
 
-    my $tag = $vnet->{tag};
-    my ($bridge, undef) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag);
-    die "unable to get bridge setting\n" if !$bridge;
-
-    PVE::Network::tap_create($iface, $bridge);
+    PVE::Network::tap_create($iface, $vnetid);
 }
 
 sub veth_create {
     my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_;
 
-    my $tag = $vnet->{tag};
-    my ($bridge, undef) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag);
-    die "unable to get bridge setting\n" if !$bridge;
-
-    PVE::Network::veth_create($veth, $vethpeer, $bridge, $hwaddr);
+    PVE::Network::veth_create($veth, $vethpeer, $vnetid, $hwaddr);
 }
 
 sub tap_plug {
-    my ($class, $plugin_config, $vnet, $iface, $vnetid, $firewall, $rate) = @_;
-
-    my $tag = $vnet->{tag};
+    my ($class, $plugin_config, $vnet, $tag, $iface, $vnetid, $firewall, $trunks, $rate) = @_;
 
-    ($vnetid, $tag) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag);
-    my $trunks = undef;
+    my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$vnetid/bridge/vlan_filtering");
+    die "vm vlans are not allowed on vnet $vnetid" if !$vlan_aware && ($tag || $trunks);
 
     PVE::Network::tap_plug($iface, $vnetid, $tag, $firewall, $trunks, $rate);
 }
diff --git a/PVE/Network/SDN/Zones/QinQPlugin.pm b/PVE/Network/SDN/Zones/QinQPlugin.pm
index fe43d42..9077713 100644
--- a/PVE/Network/SDN/Zones/QinQPlugin.pm
+++ b/PVE/Network/SDN/Zones/QinQPlugin.pm
@@ -148,6 +148,10 @@ sub generate_sdn_config {
     push @iface_config, "bridge_ports $vnet_bridge_ports";
     push @iface_config, "bridge_stp off";
     push @iface_config, "bridge_fd 0";
+    if($vnet->{vlanaware}) {
+	push @iface_config, "bridge-vlan-aware yes";
+	push @iface_config, "bridge-vids 2-4094";
+    }
     push @iface_config, "mtu $mtu" if $mtu;
     push @iface_config, "alias $alias" if $alias;
     push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};
diff --git a/PVE/Network/SDN/Zones/VlanPlugin.pm b/PVE/Network/SDN/Zones/VlanPlugin.pm
index 9d459cd..8364451 100644
--- a/PVE/Network/SDN/Zones/VlanPlugin.pm
+++ b/PVE/Network/SDN/Zones/VlanPlugin.pm
@@ -112,6 +112,10 @@ sub generate_sdn_config {
     push @iface_config, "bridge_ports $vnet_uplink";
     push @iface_config, "bridge_stp off";
     push @iface_config, "bridge_fd 0";
+    if($vnet->{vlanaware}) {
+        push @iface_config, "bridge-vlan-aware yes";
+        push @iface_config, "bridge-vids 2-4094";
+    }
     push @iface_config, "mtu $mtu" if $mtu;
     push @iface_config, "alias $alias" if $alias;
     push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};
diff --git a/PVE/Network/SDN/Zones/VxlanPlugin.pm b/PVE/Network/SDN/Zones/VxlanPlugin.pm
index b3ed05f..bc585c6 100644
--- a/PVE/Network/SDN/Zones/VxlanPlugin.pm
+++ b/PVE/Network/SDN/Zones/VxlanPlugin.pm
@@ -82,6 +82,10 @@ sub generate_sdn_config {
     push @iface_config, "bridge_ports $vxlan_iface";
     push @iface_config, "bridge_stp off";
     push @iface_config, "bridge_fd 0";
+    if($vnet->{vlanaware}) {
+        push @iface_config, "bridge-vlan-aware yes";
+        push @iface_config, "bridge-vids 2-4094";
+    }
     push @iface_config, "mtu $mtu" if $mtu;
     push @iface_config, "alias $alias" if $alias;
     push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};
-- 
2.20.1




More information about the pve-devel mailing list