[pve-devel] [PATCH] support QinQ / vlan stacking

Alexandre DERUMIER aderumier at odiso.com
Tue Mar 17 15:41:19 CET 2015 

>>That means we can get rid of the whole new and copy bridge code for vlans?

yes, I think we can only have 1 bridge, and manage all vlans by port, like for openvswitch.

I never tested it with firewall, with fwbridge on top of bridge.

Need to be tested :)




----- Mail original -----
De: "Stefan Priebe" <s.priebe at profihost.ag>
À: "aderumier" <aderumier at odiso.com>
Cc: "dietmar" <dietmar at proxmox.com>, "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Mardi 17 Mars 2015 10:48:55
Objet: Re: [pve-devel] [PATCH] support QinQ / vlan stacking

Hi, 
Am 16.03.2015 um 06:15 schrieb Alexandre DERUMIER: 
> Hi Stefan, 
> 
>>> So the problem in my case is that there a some VMs i would like to have 
>>> a filter and others where i don't want to have that filter so VLANs 
>>> inside the VM are working. 
> 
> 
> I think it's possible to allow vlans (tagged from guest), 
> to go inside a bridge with vlan_filtering enabled. 
> 
> with: 
> 
> #bridge vlan add dev tapx vid $tag1 
> #bridge vlan add dev tapx vid $tag2 
> 
> (This is something like a trunk is a cisco switch, with allowed vlans) 
> 
> 
> 
> if we want to force a tag, for an untagged guest 
> #bridge vlan add dev tapx vid $tag pvid untagged" 

That means we can get rid of the whole new and copy bridge code for vlans? 

Stefan 


> 
> ----- Mail original ----- 
> De: "Stefan Priebe" <s.priebe at profihost.ag> 
> À: "dietmar" <dietmar at proxmox.com> 
> Cc: "pve-devel" <pve-devel at pve.proxmox.com> 
> Envoyé: Jeudi 12 Mars 2015 08:42:48 
> Objet: Re: [pve-devel] [PATCH] support QinQ / vlan stacking 
> 
> Am 12.03.2015 um 06:42 schrieb Dietmar Maurer: 
>>>>> The old behaviour can be restored by enabling vlan_filtering on the bridge. 
>>>> 
>>>> Please can you give me further hints howto enable/disable "vlan_filtering"? 
>>> 
>>> It's 
>>> # echo 1 > /sys/class/net/<bridge>/bridge/vlan_filtering 
>> 
>> So you think we should set that in PVE::Network::activate_bridge_vlan_slave ? 
> 
> This would at least activate the old behaviour. But there are also use 
> cases where you don't want that filtering. 
> 
> So the problem in my case is that there a some VMs i would like to have 
> a filter and others where i don't want to have that filter so VLANs 
> inside the VM are working. 
> 
> This can again only be archieved by the ebtables filter as it allows us 
> to control traffic types by VM NIC. 
> 
> Greets, 
> Stefan 
> _______________________________________________ 
> pve-devel mailing list 
> pve-devel at pve.proxmox.com 
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
>

More information about the pve-devel mailing list