[pve-devel] [PATCH] support QinQ / vlan stacking

Stefan Priebe - Profihost AG s.priebe at profihost.ag
Tue Mar 17 16:14:09 CET 2015


Am 17.03.2015 um 15:41 schrieb Alexandre DERUMIER <aderumier at odiso.com>:

>>> That means we can get rid of the whole new and copy bridge code for vlans?
> 
> yes, I think we can only have 1 bridge, and manage all vlans by port, like for openvswitch.
> 
> I never tested it with firewall, with fwbridge on top of bridge.
> 
> Need to be tested :)

Does that make sense to support both or is the future openvswitch anyway?


> 
> 
> 
> 
> ----- Mail original -----
> De: "Stefan Priebe" <s.priebe at profihost.ag>
> À: "aderumier" <aderumier at odiso.com>
> Cc: "dietmar" <dietmar at proxmox.com>, "pve-devel" <pve-devel at pve.proxmox.com>
> Envoyé: Mardi 17 Mars 2015 10:48:55
> Objet: Re: [pve-devel] [PATCH] support QinQ / vlan stacking
> 
> Hi, 
>> Am 16.03.2015 um 06:15 schrieb Alexandre DERUMIER: 
>> Hi Stefan, 
>> 
>>>> So the problem in my case is that there a some VMs i would like to have 
>>>> a filter and others where i don't want to have that filter so VLANs 
>>>> inside the VM are working.
>> 
>> 
>> I think it's possible to allow vlans (tagged from guest), 
>> to go inside a bridge with vlan_filtering enabled. 
>> 
>> with: 
>> 
>> #bridge vlan add dev tapx vid $tag1 
>> #bridge vlan add dev tapx vid $tag2 
>> 
>> (This is something like a trunk is a cisco switch, with allowed vlans) 
>> 
>> 
>> 
>> if we want to force a tag, for an untagged guest 
>> #bridge vlan add dev tapx vid $tag pvid untagged"
> 
> That means we can get rid of the whole new and copy bridge code for vlans? 
> 
> Stefan 
> 
> 
>> 
>> ----- Mail original ----- 
>> De: "Stefan Priebe" <s.priebe at profihost.ag> 
>> À: "dietmar" <dietmar at proxmox.com> 
>> Cc: "pve-devel" <pve-devel at pve.proxmox.com> 
>> Envoyé: Jeudi 12 Mars 2015 08:42:48 
>> Objet: Re: [pve-devel] [PATCH] support QinQ / vlan stacking 
>> 
>> Am 12.03.2015 um 06:42 schrieb Dietmar Maurer: 
>>>>>> The old behaviour can be restored by enabling vlan_filtering on the bridge.
>>>>> 
>>>>> Please can you give me further hints howto enable/disable "vlan_filtering"?
>>>> 
>>>> It's 
>>>> # echo 1 > /sys/class/net/<bridge>/bridge/vlan_filtering
>>> 
>>> So you think we should set that in PVE::Network::activate_bridge_vlan_slave ?
>> 
>> This would at least activate the old behaviour. But there are also use 
>> cases where you don't want that filtering. 
>> 
>> So the problem in my case is that there a some VMs i would like to have 
>> a filter and others where i don't want to have that filter so VLANs 
>> inside the VM are working. 
>> 
>> This can again only be archieved by the ebtables filter as it allows us 
>> to control traffic types by VM NIC. 
>> 
>> Greets, 
>> Stefan 
>> _______________________________________________ 
>> pve-devel mailing list 
>> pve-devel at pve.proxmox.com 
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 



More information about the pve-devel mailing list