[pve-devel] kernel 3.10 : bridge vlan test

Alexandre DERUMIER aderumier at odiso.com
Tue Dec 17 07:56:41 CET 2013


>>it just works for me with vanilla 3.10 and the additional patch. BUT 
>>without VLAN filtering i don't use it. 

Don't you use special setup with bridge on top of another bridge ? (It was about gvrp support If I remember)



About vlan filtering
--------------------
>>could you send me: 
>>zgrep 'VLAN' /prof/config.gz 
 ???? what is this ?

and 

sysctl -a | grep bridge

net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-filter-pppoe-tagged = 0
net.bridge.bridge-nf-filter-vlan-tagged = 0
net.bridge.bridge-nf-pass-vlan-input-dev = 0




I really don't understand why vlan filtering doesn't work( but it's not the first time that bridge module is buggy).
I'll try to ask to the netdev mailing list.




about openvswitch
-----------------
I have done some tests with openvswitch, and it's work really fine. 
iperf show me 20Gb/s, I never reach more than 8gb/s with linux bridge.
vlan work out of the box. 



@Dietmar

about openvswitch, I would like to add support to be able to plug kvm tap interface into it.
(simple detection if vmbrX is a linux bridge or openvswitch through sysfs, and then use brctl or ovz-ctl command to plug tap interface).

So advanced users could use them if they want. (create openvswitch command line, no support from gui)





A the end, I would like to have a proper implementation of linux bridge vlan_filtering and openvswitch. 
(with same network architecture,1 bridge with vlan management, so both can be interchanged)


----- Mail original ----- 

De: "Stefan Priebe" <s.priebe at profihost.ag> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: "pve-devel" <pve-devel at pve.proxmox.com> 
Envoyé: Lundi 16 Décembre 2013 20:08:18 
Objet: Re: [pve-devel] kernel 3.10 : bridge vlan test 

Hi, 

it just works for me with vanilla 3.10 and the additional patch. BUT 
without VLAN filtering i don't use it. 

could you send me: 
zgrep 'VLAN' /prof/config.gz 

and 

sysctl -a | grep bridge 

Stefan 
Am 16.12.2013 16:37, schrieb Alexandre DERUMIER: 
> Stefan, 
> 
> you could send how you manage bridge vlan on top of other bridge ? 
> 
> (I would like to test with 3.10 kernel, as I had problem last year with 2.6.32 kernel) 
> 
> 
> 
> I'm also looking at openvswitch, as it seem it's possible to mix bridge and openvswitch. 
> Seem that openstack can manage this kind of setup: 
> 
> host eth0---->openvzswitch---veth0-----veth1---linuxbridge<----tap interface 
> 
> using 1 bridge by tap interface. 
> So it's possible to use iptables with the linux bridge. 
> And manage vlans on openvswitch (and also other features, like netflow) 
> 
> 
> 
> ----- Mail original ----- 
> 
> De: "Alexandre DERUMIER" <aderumier at odiso.com> 
> À: "Dietmar Maurer" <dietmar at proxmox.com> 
> Cc: "pve-devel" <pve-devel at pve.proxmox.com> 
> Envoyé: Dimanche 15 Décembre 2013 20:15:04 
> Objet: Re: [pve-devel] kernel 3.10 : bridge vlan test 
> 
>>> I just added the patch from Stefan and compiled and uploaded a new kernel package. 
>>> Please can you test if that helps? 
> 
> Don't help :( 
> 
> once vlan_filterning is enabled, I can't ping between vms 
> 
> ----- Mail original ----- 
> 
> De: "Dietmar Maurer" <dietmar at proxmox.com> 
> À: "Alexandre DERUMIER" <aderumier at odiso.com>, "Stefan Priebe (s.priebe at profihost.ag)" <s.priebe at profihost.ag> 
> Cc: "pve-devel" <pve-devel at pve.proxmox.com> 
> Envoyé: Samedi 14 Décembre 2013 10:09:33 
> Objet: RE: [pve-devel] kernel 3.10 : bridge vlan test 
> 
>> Oh, sorry, forget to say : both was in same vlan when it doesn't ping. 
>> 
>> Also, if I don't configure any vlan, and enable filtering, it doesn't work. 
>> 
>> Maybe it doesn't work with tap interfaces ? Need to ask to the kernel mailing. 
> 
> I just added the patch from Stefan and compiled and uploaded a new kernel package. 
> Please can you test if that helps? 
> _______________________________________________ 
> pve-devel mailing list 
> pve-devel at pve.proxmox.com 
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
> 



More information about the pve-devel mailing list