[pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge

Andrew Thrift andrew at networklabs.co.nz
Wed Aug 5 12:38:07 CEST 2015 

Thanks Alexandre.

I will build something for testing this Friday.
On 5/08/2015 5:24 pm, "Alexandre DERUMIER" <aderumier at odiso.com> wrote:

> BTW, can you test this method too ?
>
>
> >>eth0.10---->vmbrcustomer<--(vlanX)------tapX
> >>
> >>
> >>
> >>auto vmbrcustomer1
> >>iface vmbrcustomer1 inet manual
> >>        bridge_vlan_aware yes
> >>        bridge_ports eth0.10
> >>        bridge_stp off
> >>        bridge_fd 0
> >>        pre-up ip link add link eth0 eth0.10 type vlan proto 802.1ad id
> 10
>
>
> ?
>
> ----- Mail original -----
> De: "aderumier" <aderumier at odiso.com>
> À: "Andrew Thrift" <andrew at networklabs.co.nz>
> Cc: "pve-devel" <pve-devel at pve.proxmox.com>
> Envoyé: Mardi 4 Août 2015 14:02:46
> Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux
> bridge
>
> Another way,
>
> but I'm not sure it's working, is to tag 802.1ad on the physical interface
>
>
>
>
> eth0.10---->vmbrcustomer<--(vlanX)------tapX
>
>
>
> auto vmbrcustomer1
> iface vmbrcustomer1 inet manual
> bridge_vlan_aware yes
> bridge_ports eth0.10
> bridge_stp off
> bridge_fd 0
> pre-up ip link add link eth0 eth0.10 type vlan proto 802.1ad id 10
>
>
>
>
> ----- Mail original -----
> De: "aderumier" <aderumier at odiso.com>
> À: "Andrew Thrift" <andrew at networklabs.co.nz>
> Cc: "pve-devel" <pve-devel at pve.proxmox.com>
> Envoyé: Mardi 4 Août 2015 12:22:47
> Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux
> bridge
>
> >>Hi Alexandre,
> Hi,
>
> >>We also use QinQ and have submitted patches for the previous network
> implementation that made use of a "bridge in bridge" design to achieve the
> QinQ functionality.
>
> They are also a new way to implement q-in-q with vlan aware bridge
>
> http://www.spinics.net/lists/linux-ethernet-bridging/msg05514.html
>
> +----+ +-------+p/u +------+ +----+ +--+
> |eth0|--|802.1ad|----veth----|802.1Q|--|vnet|--|VM|
> +----+ |bridge | |bridge| +----+ +--+
> +-------+ +------+
>
> p/u: pvid/untagged
>
>
>
> Currently we have implemented 802.1Q bridge.
>
> for qinq, we need to create a root bridge, with 802.1ad enabled, linked
> through a veth pair to 802.1Q bridge.
>
>
> The qinq bridge is managed exactly in the same way than 802.1ad, but it's
> enabled with
> echo 0x88a8 > /sys/class/net/XXX/bridge/vlan_protocol
>
> for example
> ------------
>
> eth0----vmbr0--(vlan10)<---brigelink-------bridgelinkpeer---->vmbrcustomer<--(vlanX)------tapX
>
>
> brctl addbr vmbr0
> echo 0x88a8 > /sys/class/net/vmbr0/bridge/vlan_protocol
> ip link add dev bridgelink type veth peer name bridgelinkpeer
> brctl addif vmbr0 bridgelink
> brctl addif vmbrcustomer1 bridgelinkpeer
> bridge vlan add dev bridgelink vid 10 pvid untagged
>
>
> something like that
>
>
> I can try to make a patch, but I don't have hardware which support q-in-q
> for testing.
>
>
>
>
> ----- Mail original -----
> De: "Andrew Thrift" <andrew at networklabs.co.nz>
> À: "aderumier" <aderumier at odiso.com>
> Cc: "pve-devel" <pve-devel at pve.proxmox.com>
> Envoyé: Mardi 4 Août 2015 10:49:26
> Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux
> bridge
>
> Hi Alexandre,
> We also use QinQ and have submitted patches for the previous network
> implementation that made use of a "bridge in bridge" design to achieve the
> QinQ functionality.
>
> The new vlan aware bridge implementation will be a lot cleaner.
>
> When your patches are ready we will test them and provide feedback.
>
>
> Thanks,
>
>
>
> Andrew
>
> On Tue, Jul 28, 2015 at 2:09 AM, Alexandre DERUMIER < aderumier at odiso.com
> > wrote:
>
>
> does somebody have tested my vlan bridges patches ? (note that that need
> iproute2 from debian sid, for vlan ranges)
>
> It's working really fine here, I'm looking to add a patch for Q-in-Q
> bridge too. (I think Stefan Priebe use them)
>
>
>
>
>
> ----- Mail original -----
> De: "aderumier" < aderumier at odiso.com >
> À: "Wolfgang Bumiller" < w.bumiller at proxmox.com >
> Cc: "pve-devel" < pve-devel at pve.proxmox.com >
> Envoyé: Vendredi 24 Juillet 2015 18:49:18
> Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux
> bridge
>
> >>Why is `bridge_add_interface` now restricted to the firewall-else
> >>branch?
>
> I manage it like openvswitch,
>
> vlan tagging is always done on the main bridge, not firewall bridge.
>
>
> > + if ($firewall) {
> > + &$create_firewall_bridge_linux($iface, $bridge, $tag);
>
> create_firewall_bridge_linux($iface, $bridge, $tag)
> have
>
> - &$bridge_add_interface($bridge, $vethfwpeer);
> + &$bridge_add_interface($bridge, $vethfwpeer, $tag); #tag on the main
> bridge
> - return $fwbr;
> + &$bridge_add_interface($fwbr, $iface); # add vm tap interface on
> fwbridge without vlan tag
>
>
>
>
>
>
>
>
>
> ----- Mail original -----
> De: "Wolfgang Bumiller" < w.bumiller at proxmox.com >
> À: "aderumier" < aderumier at odiso.com >
> Cc: "pve-devel" < pve-devel at pve.proxmox.com >
> Envoyé: Vendredi 24 Juillet 2015 15:20:06
> Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux
> bridge
>
> On Fri, Jul 24, 2015 at 01:52:59PM +0200, Alexandre Derumier wrote:
> > - $newbridge = &$create_firewall_bridge_linux($iface, $newbridge) if
> $firewall;
> > + if (!$vlan_aware) {
> > + my $newbridge = activate_bridge_vlan($bridge, $tag);
> > + copy_bridge_config($bridge, $newbridge) if $bridge ne $newbridge;
> > + $tag = undef;
> > + }
> > +
> > + if ($firewall) {
> > + &$create_firewall_bridge_linux($iface, $bridge, $tag);
> > + } else {
> > + &$bridge_add_interface($bridge, $iface, $tag);
> > + }
> >
> > - &$bridge_add_interface($newbridge, $iface);
>
>
> Why is `bridge_add_interface` now restricted to the firewall-else
> branch?
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20150805/3454656a/attachment.htm>

More information about the pve-devel mailing list