[pve-devel] can't add fwpr2004p0 to bridge vmbr0: Unknown error 524

Alexandre DERUMIER aderumier at odiso.com
Mon Jun 16 11:49:24 CEST 2014 

>>I think this should get cleaned in that case? 

currently the cleanup is done:

at vm shutdown
at vm start
when you disable|enable firewall on netX through api

but indeed we can improve that (I'll try to have a look at it)


>>I just don't get why it works for vmbr1 but not for vmbr0. 

can you try to manually add

#brctl addif fwln2004i0 fwbr2004i0
#brctl addif fwpr2004p0 vmbr0

?




----- Mail original ----- 

De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Lundi 16 Juin 2014 11:40:59 
Objet: Re: [pve-devel] can't add fwpr2004p0 to bridge vmbr0: Unknown error 524 

Am 16.06.2014 11:37, schrieb Alexandre DERUMIER: 
>>> What is the difference between the normal tap device without firewall - 
>>> which works fine for me on vmbr0 and vmbr1 and the firewall tap one? 
> 
> They are not difference. 
> 
> we just need a dedicated bridge (fwbrxxx) by firewalled tap interface, 
> and this bridge is plugged to vmbrX through a veth pair( fwprxxxx) 

I just don't get why it works for vmbr1 but not for vmbr0. 

I don't see a difference. 

Generally if adding the bridge fails for whatever reason there is a lot 
of unremoved stuff: 

[: ~]# ip a l | grep fwbr 
14: fwbr2004i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
state UP 
16: fwln2004i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc 
pfifo_fast master fwbr2004i0 state UP qlen 1000 

[: ~]# ifconfig| grep ^fw 
fwbr2004i0 Link encap:Ethernet HWaddr d2:74:33:d9:50:92 
fwln2004i0 Link encap:Ethernet HWaddr d2:74:33:d9:50:92 
fwpr2004p0 Link encap:Ethernet HWaddr b2:47:35:28:2c:de 

I think this should get cleaned in that case? 

Stefan 

> 
> ----- Mail original ----- 
> 
> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
> Cc: pve-devel at pve.proxmox.com 
> Envoyé: Lundi 16 Juin 2014 11:29:00 
> Objet: Re: [pve-devel] can't add fwpr2004p0 to bridge vmbr0: Unknown error 524 
> 
> What is the difference between the normal tap device without firewall - 
> which works fine for me on vmbr0 and vmbr1 and the firewall tap one? 
> 
> Stefan 
> Am 16.06.2014 11:10, schrieb Stefan Priebe - Profihost AG: 
>> Hi, 
>> 
>> i get the same problem with the official redhat PVE Kernel. 
>> 
>> What i don't understand is that it works fine with vmbr1 but not with 
>> vmbr0. 
>> 
>> Interfaces file on host: 
>> 
>> auto vmbr0 
>> iface vmbr0 inet static 
>> address XX.XX.XX.XX 
>> netmask 255.255.255.128 
>> gateway XX.XX.XX.XX 
>> bridge_ports bond0 
>> bridge_stp off 
>> bridge_fd 0 
>> 
>> auto vmbr1 
>> iface vmbr1 inet manual 
>> bridge_ports bond1 
>> bridge_stp off 
>> bridge_fd 0 
>> 
>> Stefan 
>> 
>> Am 16.06.2014 09:50, schrieb Alexandre DERUMIER: 
>>>>> Do i need a special kernel feature? 
>>> I don't think. 
>>> It's just create a veth pair, then plug them in bridge. 
>>> 
>>> I check my logs, I don't have theses 
>>> 
>>> "netpoll: (null): fwpr2004p0 doesn't support polling, aborting " 
>>> 
>>> do you use a custom kernel ? 
>> 
>> Stefan 
>>

More information about the pve-devel mailing list