Re: [RFC v3 PATCH 0/4] iproute2 bridge vlan support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/2/25 4:29 AM, Leigh Brown wrote:
As requested by Laine, I have converted the code to use netlink rather
than executing bridge vlan commands. I have also checked it compiles
under FreeBSD.

Just a few minor formatting nits that I've pointed out, but otherwise this looks good! If you want to respin between now and this evening I can go over it again and push it tonight, or if you don't have the time just let me know today and I can take care of them before pushing.

We will also need a separate patch to add it to NEWS.rst, as well as a change to qemuDomainChangeNet() (because it assumes anything with a vlan is an OVS bridge, and when the vlan config changes it will try to call an OVS-specific function (which will obviously fail). But in the case of a standard bridge we can just re-attach the tap device to the bridge and the vlan settings will automatically be updated. That patch can be safely pushed during freeze though, and I'll write it, since that function is a bit messy, and it's already clear in my mind what needs to be done.

Thanks for the contribution! (and sorry for not looking at it during the last two weeks - I was completely disconnected from all work-related email).



Description
-----------
The iproute2 bridge command supports the capability for VLAN filtering
that allows each interface connected to a standard linux bridge to be
configured to use one or more VLANs. For simple setups, this capability
is enough to allow virtual machines or containers to be put onto
separate VLANs without creating multiple bridges and VLANs on the host.

The first patch adds a new function virNetDevBridgeSetupVlans() that
will, given a virNetDevVlan structure, execute the required bridge vlan
commands to configure the given interface accordingly.

The second patch updates the virNetDevBridgeAddPort() function to allow
a virNetDevVlan parameter to be passed, and to call the
virNetDevBridgeSetupVlans() function.

The third patch updates the lxc and tap code to pass the virNetDevLan
parameter from the configuration and to update the XML domain and
network validation to permit the VLAN-related tags for standard
bridges.

The fourth patch updates documentation to match the new capability.

Changes since v2
----------------
- Convert to use netlink rather than executing bridge vlan commands.
- Add unsupported on this platform error message on FreeBSD.

Changes since v1
----------------
- Fix bug in virNetDevSetupVlans where bridge port has no native vlan.
- Update bridge network validation to permit vlan configuration.
- Update documentation to match the functionality.
- Tweak some of the commit descriptions for clarity.

Usage example
-------------
Configure the host with systemd-networkd as follows:

/etc/systemd/network/br0.netdev (br0.network not shown)

[NetDev]
Name=br0
Kind=bridge
MACAddress=xx:xx:xx:xx:xx:xx
[Bridge]
VLANFiltering=on

/etc/systemd/network/eno1.network

[Match]
Name=eno1
[Network]
Bridge=br0
[Link]
MTUBytes=9000
[BridgeVLAN]
VLAN=40
[BridgeVLAN]
VLAN=60

Then add <vlan> tags into the lxc or qemu config:

lxc interface definition:
     <interface type='bridge'>
       <mac address='xx:xx:xx:xx:xx:xx'/>
       <source bridge='br0'/>
       <vlan>
         <tag id='40'/>
       </vlan>
     </interface>

qemu interface definition:
     <interface type='network'>
       <mac address='xx:xx:xx:xx:xx:xx'/>
       <source network='br0'/>
       <vlan>
         <tag id='60'/>
       </vlan>
       <model type='virtio'/>
       <address type='pci' domain='0x0000'
        bus='0x01' slot='0x00' function='0x0'/>
     </interface>

Then, after starting them, you will see the following

$ sudo bridge vlan
port              vlan-id
eno1              1 PVID Egress Untagged
                   40
                   60
br0               1 PVID Egress Untagged
vnet0             60 PVID Egress Untagged
vnet1             40 PVID Egress Untagged

Regards,


Leigh Brown (4):
   util: add netlink bridge vlan filtering
   util: Add vlan support to virNetDevBridgeAddPort
   Enable vlan support for standard linux bridges
   docs: standard linux bridges now support vlans

  docs/formatdomain.rst       | 37 +++++++++---------
  docs/formatnetwork.rst      | 45 +++++++++++-----------
  src/conf/domain_validate.c  |  3 +-
  src/lxc/lxc_process.c       |  3 +-
  src/network/bridge_driver.c | 13 ++++---
  src/util/virnetdevbridge.c  | 75 +++++++++++++++++++++++++++++++++++--
  src/util/virnetdevbridge.h  |  4 +-
  src/util/virnetdevtap.c     |  2 +-
  src/util/virnetlink.c       | 66 ++++++++++++++++++++++++++++++++
  src/util/virnetlink.h       |  7 ++++
  10 files changed, 202 insertions(+), 53 deletions(-)




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux