[pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge

Alexandre DERUMIER aderumier at odiso.com
Mon Aug 3 12:02:10 CEST 2015 

>>But you also now only add tap devices to vmbrX instead of vmbrXvY, 
>>which is wrong, the vmbrXvY bridges are now virtually unused. 

Yes, this is expected.
we don't need vmbrXvY anymore, because we tag vlan on vmbrX ports directly.


>>After: 
>>32: tap1000i0 at NONE: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN mode DEFAULT group default qlen 500 
>>33: tap1000i1 at NONE: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN mode DEFAULT group default qlen 500 
>>34: tap1000i2 at NONE: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN mode DEFAULT group default qlen 500 

try,

#brigge -c vlan


you should like vlan tag list for each tap interface.



----- Mail original -----
De: "Wolfgang Bumiller" <w.bumiller at proxmox.com>
À: "aderumier" <aderumier at odiso.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Lundi 3 Août 2015 11:54:34
Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge

> vlan tagging is always done on the main bridge, not firewall bridge. 

But you also now only add tap devices to vmbrX instead of vmbrXvY, 
which is wrong, the vmbrXvY bridges are now virtually unused. 

I have a VM with 3 interfaces, two of them tagged to 5 and 6. 

Before: 
32: tap1000i0 at NONE: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN mode DEFAULT group default qlen 500 
33: tap1000i1 at NONE: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0v5 state UNKNOWN mode DEFAULT group default qlen 500 
34: tap1000i2 at NONE: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0v6 state UNKNOWN mode DEFAULT group default qlen 500 

After: 
32: tap1000i0 at NONE: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN mode DEFAULT group default qlen 500 
33: tap1000i1 at NONE: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN mode DEFAULT group default qlen 500 
34: tap1000i2 at NONE: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN mode DEFAULT group default qlen 500 

On Mon, Jul 27, 2015 at 04:09:45PM +0200, Alexandre DERUMIER wrote: 
> does somebody have tested my vlan bridges patches ? (note that that need iproute2 from debian sid, for vlan ranges) 
> 
> It's working really fine here, I'm looking to add a patch for Q-in-Q bridge too. (I think Stefan Priebe use them) 
> 
> ----- Mail original ----- 
> De: "aderumier" <aderumier at odiso.com> 
> À: "Wolfgang Bumiller" <w.bumiller at proxmox.com> 
> Cc: "pve-devel" <pve-devel at pve.proxmox.com> 
> Envoyé: Vendredi 24 Juillet 2015 18:49:18 
> Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge 
> 
> >>Why is `bridge_add_interface` now restricted to the firewall-else 
> >>branch? 
> 
> I manage it like openvswitch, 
> 
> vlan tagging is always done on the main bridge, not firewall bridge. 
> 
> 
> > + if ($firewall) { 
> > + &$create_firewall_bridge_linux($iface, $bridge, $tag); 
> 
> create_firewall_bridge_linux($iface, $bridge, $tag) 
> have 
> 
> - &$bridge_add_interface($bridge, $vethfwpeer); 
> + &$bridge_add_interface($bridge, $vethfwpeer, $tag); #tag on the main bridge 
> - return $fwbr; 
> + &$bridge_add_interface($fwbr, $iface); # add vm tap interface on fwbridge without vlan tag 
> 
> ----- Mail original ----- 
> De: "Wolfgang Bumiller" <w.bumiller at proxmox.com> 
> À: "aderumier" <aderumier at odiso.com> 
> Cc: "pve-devel" <pve-devel at pve.proxmox.com> 
> Envoyé: Vendredi 24 Juillet 2015 15:20:06 
> Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge 
> 
> On Fri, Jul 24, 2015 at 01:52:59PM +0200, Alexandre Derumier wrote: 
> > - $newbridge = &$create_firewall_bridge_linux($iface, $newbridge) if $firewall; 
> > + if (!$vlan_aware) { 
> > + my $newbridge = activate_bridge_vlan($bridge, $tag); 
> > + copy_bridge_config($bridge, $newbridge) if $bridge ne $newbridge; 
> > + $tag = undef; 
> > + } 
> > + 
> > + if ($firewall) { 
> > + &$create_firewall_bridge_linux($iface, $bridge, $tag); 
> > + } else { 
> > + &$bridge_add_interface($bridge, $iface, $tag); 
> > + } 
> > 
> > - &$bridge_add_interface($newbridge, $iface); 
> 
> 
> Why is `bridge_add_interface` now restricted to the firewall-else 
> branch? 
> _______________________________________________ 
> pve-devel mailing list 
> pve-devel at pve.proxmox.com 
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
> 
> _______________________________________________ 
> pve-devel mailing list 
> pve-devel at pve.proxmox.com 
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

More information about the pve-devel mailing list