[pve-devel] Port BR_GROUPFWD_RESTRICTED patch for Layer 1-esque Linux Bridge forwarding

Thomas Lamprecht t.lamprecht at proxmox.com
Fri Aug 24 11:10:58 CEST 2018


Hi,

On 8/24/18 9:00 AM, Jesus Llorente wrote:
> Hello,
> 
> I am working on a scenario that uses virtual machines to run a switch
> appliance. The aim of my test is not performance, but to test different
> configurations and network models. However, I have stumbled upon something
> that depends on the kernel which is making Linux bridges consume link local
> multicast packets (LLDP, LACP, etc) in compliance with 802.3ad
> 
> In this patch
> https://lists.linuxfoundation.org/pipermail/bridge/2015-January/009291.html
> they removed a hard-coded restriction so that the behavior of the bridge
> can be then controlled from the OS with the variable
> /sys/class/net/$brname/bridge/group_fwd_mask
> 
> In this post, the author explains the different values this variable can
> take, according to what we are trying to allow/restrict.
> https://interestingtraffic.nl/2017/11/21/an-oddly-specific-post-about-group_fwd_mask
> 
> I would like to suggest porting this patch to the pve kernel to remove all
> the restrictions and enable full transparent bridging (point-to-point like
> links) across devices, in a Layer 1 fashion.
> 

In general I have nothing against this but share the same objections as the
response to the proposed patch[0], i.e., LLDP and LACP would be OK but ethernet
flow control or STP frames not and the patch is an all or nothing approach.

If a new version addressing this gets send I'll reconsider including it.

As a workaround you can always apply it yourself and build your own kernel,
if this is for testing purpose only that could be a suitable approach for you.

If you have questions about how to include this patch in a personal build
just ask.

cheers,
Thomas

[0]: https://lists.linuxfoundation.org/pipermail/bridge/2015-January/009292.html




More information about the pve-devel mailing list