[pve-devel] [PATCH] Virtual vlan tagging to bridge interface

Andrew Thrift andrew at networklabs.co.nz
Mon Jan 13 22:53:17 CET 2014 

I should add that some switches will only accept QinQ using an SVID of
0x88a8 and a CVID of 0x8100.  Which is why support for it was needed on
Linux.

A lot of switches will allow you to specify the SVID type, either globally,
per port or per vlan.





On Tue, Jan 14, 2014 at 10:42 AM, Andrew Thrift <andrew at networklabs.co.nz>wrote:

> Ok, so in my example of eth0,eth1,eth2,eth3---->bond0-
> --->bond0.101---->vmbr0---->vmbr0.201<----tap interface
>
> The packet is DOUBLE TAGGED with 0x8100 tags.  So the outer tag (SVID) is
> 101 with an inner (CVID) tag of 201.
>
> 802.1ad support adds the capability to have an SVID of 0x88a8 with a CVID
> of 0x8100.   Before this support was added you could only do QinQ using the
> "stacked" 0x8100 tags.
>
>
>
>
> On Mon, Jan 13, 2014 at 9:31 PM, Alexandre DERUMIER <aderumier at odiso.com>wrote:
>
>> Also,I see that support of 802.1ad has been added to kernel since 3.10
>> only. So how do is work before ?
>>
>>
>> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ad227ff89a7e6f05d07cd0acfd95ed3a24450ca
>>
>>
>> # ip link add link eth0 eth0.1000 \
>>         type vlan proto 802.1ad id 1000
>>
>> ----- Mail original -----
>>
>> De: "Alexandre DERUMIER" <aderumier at odiso.com>
>> À: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag>
>> Cc: pve-devel at pve.proxmox.com
>> Envoyé: Lundi 13 Janvier 2014 09:10:59
>> Objet: Re: [pve-devel] [PATCH] Virtual vlan tagging to bridge interface
>>
>> >>this should explain it:
>> >>http://en.wikipedia.org/wiki/IEEE_802.1ad
>>
>> Thanks, I understand now.
>>
>> So, for this setup:
>>
>> bond0.101---->vmbr0---->vmbr0.201<----tap interface
>>
>>
>> when the packet from tap (tagged 201) is going out through bond0.101,
>>
>> what happen ?
>>
>> is the packet vlan retagged 101 ?
>> or is the packet vlan 201 encapsuled in vlan101 ?
>>
>>
>>
>>
>>
>> ----- Mail original -----
>>
>> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag>
>> À: "Alexandre DERUMIER" <aderumier at odiso.com>, "Andrew Thrift" <
>> andrew at networklabs.co.nz>
>> Cc: pve-devel at pve.proxmox.com
>> Envoyé: Lundi 13 Janvier 2014 08:24:19
>> Objet: Re: [pve-devel] [PATCH] Virtual vlan tagging to bridge interface
>>
>> Am 13.01.2014 07:54, schrieb Alexandre DERUMIER:
>> >>> QinQ vlan tagging.
>> >
>> > can somebody explain me how qinq works exactly ? (I'm reading cisco
>> doc, but I'm not sure to understand how tagging is working exactly)
>>
>> this should explain it:
>> http://en.wikipedia.org/wiki/IEEE_802.1ad
>>
>>
>> > ----- Mail original -----
>> >
>> > De: "Andrew Thrift" <andrew at networklabs.co.nz>
>> > À: pve-devel at pve.proxmox.com
>> > Envoyé: Lundi 13 Janvier 2014 01:33:24
>> > Objet: Re: [pve-devel] [PATCH] Virtual vlan tagging to bridge interface
>> >
>> >
>> > FYI we are using vlan tagging on bridges with Proxmox in production for
>> over a year now, initially on 2.6.32 kernel and then on 3.10. We are using
>> Intel gigabit and 10gigabit adapters.
>> >
>> >
>> > We posted the patches to the list a few months back, I believe these
>> are very similar to Alexandre's patches. We have a more complex config in
>> that we are also doing bonding and QinQ vlan tagging.
>> >
>> >
>> > Our setup looks like this:
>> >
>> >
>> >
>> eth0,eth1,eth2,eth3---->bond0---->bond0.101---->vmbr0---->vmbr0.201<----tap
>> interface
>> >
>> >
>> >
>> > That is using an outer tag of 101 and an inner tag of 201.
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > On Sat, Jan 11, 2014 at 7:59 AM, Alexandre DERUMIER <
>> aderumier at odiso.com > wrote:
>> >
>> >
>> >
>> >>> If alexandre’s patch don’t work with any devices it isn’t really
>> interesting because it addressing other functionality and devices. I
>> checked the patch and it use the same problematic part with eth*, wifi* and
>> >>bond* check which fails with virtual devices like gre, ipsec,..
>> >
>> > What do you mean by "don't work with any devices" ?
>> >
>> > My patch is to manage vlan tags on the bridge, not eth interface.
>> >
>> > eth0---->vmbr0<------tap interface
>> >
>> > vlan are tagged on tap interfaces plugged on vmbr0, with new "bridge"
>> cmd. (like an access port on a cisco switch)
>> > and vlans are allowed to pass through eth0.(like a trunk port on cisco
>> switch)
>> >
>> > So I think it should work with gre,ipsec,...(But I don't have tested it
>> yet)
>> >
>> >
>> >
>> >
>> >
>> >
>> > ----- Mail original -----
>> >
>> > De: "Johannes Ernst" < info at filemedia.de >
>> > À: pve-devel at pve.proxmox.com
>> > Envoyé: Vendredi 10 Janvier 2014 18:16:30
>> >
>> > Objet: Re: [pve-devel] [PATCH] Virtual vlan tagging to bridge interface
>> >
>> >
>> >
>> > Thus, it’s a configuration issue and NOT a kernel issue.
>> >
>> > If alexandre’s patch don’t work with any devices it isn’t really
>> interesting because it addressing other functionality and devices. I
>> checked the patch and it use the same problematic part with eth*, wifi* and
>> bond* check which fails with virtual devices like gre, ipsec,..
>> >
>> > Am 10.01.2014 um 17:18 schrieb Dietmar Maurer < dietmar at proxmox.com >:
>> >
>> >>> Sure? Do you have additional information? I think it's not correct
>> and it works!
>> >>
>> >> We tested that a few times (and failed), so nobody is keen to test
>> that again.
>> >>
>> >> We currently try to use the new bridge VLAN features - that looks more
>> promising (see patches from Alexandre).
>> >>
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > pve-devel mailing list
>> > pve-devel at pve.proxmox.com
>> > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>> > _______________________________________________
>> > pve-devel mailing list
>> > pve-devel at pve.proxmox.com
>> > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > pve-devel mailing list
>> > pve-devel at pve.proxmox.com
>> > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>> > _______________________________________________
>> > pve-devel mailing list
>> > pve-devel at pve.proxmox.com
>> > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>> >
>> _______________________________________________
>> pve-devel mailing list
>> pve-devel at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>> _______________________________________________
>> pve-devel mailing list
>> pve-devel at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20140114/ac5e6ed9/attachment.htm>

More information about the pve-devel mailing list