[pve-devel] kernel 3.10 : bridge vlan test

Alexandre DERUMIER aderumier at odiso.com
Fri Dec 13 16:24:51 CET 2013


Ok,we need to enable filtering with

 echo 1 > /sys/class/net/vmbrX/bridge/vlan_filtering 


But now, both vm doesn't ping together...

I'll continue tests
----- Mail original ----- 

De: "Alexandre DERUMIER" <aderumier at odiso.com> 
À: "pve-devel" <pve-devel at pve.proxmox.com> 
Envoyé: Vendredi 13 Décembre 2013 16:17:40 
Objet: [pve-devel] kernel 3.10 : bridge vlan test 

Ok, here first tests results, bad new I can't get it work :( 

setup: 

1 vm id 100 with tap100i0 on vmbr1 
1 vm id 101 with tap101i0 on vmbr1 

vmbr1 is an isolated bridge, without physical ethx plugged 

I have compiled iproute2 to have the new bridge util 

# ./bridge vlan add dev tap100i0 vid 94 pvid 
# ./bridge vlan add dev tap101i0 vid 95 pvid 

./bridge vlan show 
port vlan ids 
tap100i0 94 PVID 
tap101i0 95 PVID 


That seem ok, but both vms can ping together .... 
So, it's like filtering doesn't work 

I have also try same commandes without pvid option, it doesn't work too. 

Maybe somebody have an idea ? 



The only doc about bridge command I found is this : 
" 
To configure the VLANs on the bridge and its ports a new command is 
added to the 'bridge' utility. 

# bridge vlan add dev eth0 vid 10 pvid untagged brdev 
# bridge vlan add 
# bridge vlan delete dev eth0 vid 10 
# bridge vlan show 

This command supports the following flags: 
master - peform the operation on the software bridge device. This is 
the default behavior. 
self - perform the operation on the hardware associated with the port. 
This flag is required when the device is the bridge device and 
the configuration is desired on the bridge device itself (not 
one of the ports). 
pvid - Set the PVID (port vlan id) for a given port. Any untagged 
frames arriving on the port will be assigned to this vlan. 
untagged - Sets the egress policy of for a given vlan. Default port 
egress policy is tagged. Set this flag if you wish traffic 
associated with this VLAN to exit the port untagged. 
" 
_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 



More information about the pve-devel mailing list