[pve-devel] can't add fwpr2004p0 to bridge vmbr0: Unknown error 524

Stefan Priebe - Profihost AG s.priebe at profihost.ag
Mon Jun 16 13:37:28 CEST 2014


Am 16.06.2014 11:49, schrieb Alexandre DERUMIER:
>>> I think this should get cleaned in that case? 
> 
> currently the cleanup is done:
> 
> at vm shutdown
> at vm start
> when you disable|enable firewall on netX through api
> 
> but indeed we can improve that (I'll try to have a look at it)
> 
> 
>>> I just don't get why it works for vmbr1 but not for vmbr0. 
> 
> can you try to manually add
> 
> #brctl addif fwln2004i0 fwbr2004i0
> #brctl addif fwpr2004p0 vmbr0


OK what i did:
# brctl addbr fwbr2004i0
# ip link set fwbr2004i0 up
# ip link add name fwln2004i0 type veth peer name fwpr2004p0 mtu 1500
# ip link set fwln2004i0 up
# ip link set fwpr2004p0 up
# brctl addif fwbr2004i0 fwln2004i0
# brctl addif vmbr0 fwpr2004p0
can't add fwpr2004p0 to bridge vmbr0: Unknown error 524

But brctl addif vmbr1 fwpr2004p0 works fine ?!?!
# brctl addif vmbr1 fwpr2004p0; echo $?
0
#

I don't get it.

Stefan


> ----- Mail original ----- 
> 
> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
> Cc: pve-devel at pve.proxmox.com 
> Envoyé: Lundi 16 Juin 2014 11:40:59 
> Objet: Re: [pve-devel] can't add fwpr2004p0 to bridge vmbr0: Unknown error 524 
> 
> Am 16.06.2014 11:37, schrieb Alexandre DERUMIER: 
>>>> What is the difference between the normal tap device without firewall - 
>>>> which works fine for me on vmbr0 and vmbr1 and the firewall tap one? 
>>
>> They are not difference. 
>>
>> we just need a dedicated bridge (fwbrxxx) by firewalled tap interface, 
>> and this bridge is plugged to vmbrX through a veth pair( fwprxxxx) 
> 
> I just don't get why it works for vmbr1 but not for vmbr0. 
> 
> I don't see a difference. 
> 
> Generally if adding the bridge fails for whatever reason there is a lot 
> of unremoved stuff: 
> 
> [: ~]# ip a l | grep fwbr 
> 14: fwbr2004i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
> state UP 
> 16: fwln2004i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc 
> pfifo_fast master fwbr2004i0 state UP qlen 1000 
> 
> [: ~]# ifconfig| grep ^fw 
> fwbr2004i0 Link encap:Ethernet HWaddr d2:74:33:d9:50:92 
> fwln2004i0 Link encap:Ethernet HWaddr d2:74:33:d9:50:92 
> fwpr2004p0 Link encap:Ethernet HWaddr b2:47:35:28:2c:de 
> 
> I think this should get cleaned in that case? 
> 
> Stefan 
> 
>>
>> ----- Mail original ----- 
>>
>> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
>> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
>> Cc: pve-devel at pve.proxmox.com 
>> Envoyé: Lundi 16 Juin 2014 11:29:00 
>> Objet: Re: [pve-devel] can't add fwpr2004p0 to bridge vmbr0: Unknown error 524 
>>
>> What is the difference between the normal tap device without firewall - 
>> which works fine for me on vmbr0 and vmbr1 and the firewall tap one? 
>>
>> Stefan 
>> Am 16.06.2014 11:10, schrieb Stefan Priebe - Profihost AG: 
>>> Hi, 
>>>
>>> i get the same problem with the official redhat PVE Kernel. 
>>>
>>> What i don't understand is that it works fine with vmbr1 but not with 
>>> vmbr0. 
>>>
>>> Interfaces file on host: 
>>>
>>> auto vmbr0 
>>> iface vmbr0 inet static 
>>> address XX.XX.XX.XX 
>>> netmask 255.255.255.128 
>>> gateway XX.XX.XX.XX 
>>> bridge_ports bond0 
>>> bridge_stp off 
>>> bridge_fd 0 
>>>
>>> auto vmbr1 
>>> iface vmbr1 inet manual 
>>> bridge_ports bond1 
>>> bridge_stp off 
>>> bridge_fd 0 
>>>
>>> Stefan 
>>>
>>> Am 16.06.2014 09:50, schrieb Alexandre DERUMIER: 
>>>>>> Do i need a special kernel feature? 
>>>> I don't think. 
>>>> It's just create a veth pair, then plug them in bridge. 
>>>>
>>>> I check my logs, I don't have theses 
>>>>
>>>> "netpoll: (null): fwpr2004p0 doesn't support polling, aborting " 
>>>>
>>>> do you use a custom kernel ? 
>>>
>>> Stefan 
>>>



More information about the pve-devel mailing list