On Tue, 2014-02-18 at 13:02 -0800, Luis R. Rodriguez wrote: > On Sun, Feb 16, 2014 at 10:57 AM, Stephen Hemminger > <stephen@xxxxxxxxxxxxxxxxxx> wrote: > > On Fri, 14 Feb 2014 18:59:37 -0800 > > "Luis R. Rodriguez" <mcgrof@xxxxxxxxxxxxxxxx> wrote: > > > >> From: "Luis R. Rodriguez" <mcgrof@xxxxxxxx> > >> > >> It doesn't make sense for some interfaces to become a root bridge > >> at any point in time. One example is virtual backend interfaces > >> which rely on other entities on the bridge for actual physical > >> connectivity. They only provide virtual access. > >> > >> Device drivers that know they should never become part of the > >> root bridge have been using a trick of setting their MAC address > >> to a high broadcast MAC address such as FE:FF:FF:FF:FF:FF. Instead > >> of using these hacks lets the interfaces annotate its intent and > >> generalizes a solution for multiple drivers, while letting the > >> drivers use a random MAC address or one prefixed with a proper OUI. > >> This sort of hack is used by both qemu and xen for their backend > >> interfaces. > >> > >> Cc: Stephen Hemminger <stephen@xxxxxxxxxxxxxxxxxx> > >> Cc: bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx > >> Cc: netdev@xxxxxxxxxxxxxxx > >> Cc: linux-kernel@xxxxxxxxxxxxxxx > >> Signed-off-by: Luis R. Rodriguez <mcgrof@xxxxxxxx> > > > > This is already supported in a more standard way via the root > > block flag. > > Great! For documentation purposes the root_block flag is a sysfs > attribute, added via 3.8 through commit 1007dd1a. The respective > interface flag is IFLA_BRPORT_PROTECT and can be set via the iproute2 > bridge utility or through sysfs: > > mcgrof@garbanzo ~/linux (git::master)$ find /sys/ -name root_block > /sys/devices/pci0000:00/0000:00:04.0/0000:02:00.0/net/eth0/brport/root_block > /sys/devices/vif-3-0/net/vif3.0/brport/root_block > /sys/devices/virtual/net/vif3.0-emu/brport/root_block > > mcgrof@garbanzo ~/devel/iproute2 (git::master)$ cat > /sys/devices/vif-3-0/net/vif3.0/brport/root_block > 0 > mcgrof@garbanzo ~/devel/iproute2 (git::master)$ sudo bridge link set > dev vif3.0 root_block on > mcgrof@garbanzo ~/devel/iproute2 (git::master)$ cat > /sys/devices/vif-3-0/net/vif3.0/brport/root_block > 1 > > So if we'd want to avoid using the MAC address hack alternative to > skip a root port userspace would need to be updated to simply set this > attribute after adding the device to the bridge. Based on Zoltan's > feedback there seems to be use cases to not enable this always for all > xen-netback interfaces though as such we can just punt this to > userspace for the topologies that require this. > > The original motivation for this series was to avoid the IPv6 > duplicate address incurred by the MAC address hack for avoiding the > root bridge. Given that Zoltan also noted a use case whereby IPv4 and > IPv6 addresses can be assigned to the backend interfaces we should be > able to avoid the duplicate address situation for IPv6 by using a > proper random MAC address *once* userspace has been updated also to > use IFLA_BRPORT_PROTECT. New userspace can't and won't need to set > this flag for older kernels (older than 3.8) as root_block is not > implemented on those kernels and the MAC address hack would still be > used there. This strategy however does put a requirement on new > kernels to use new userspace as otherwise the MAC address workaround > would not be in place and root_block would not take effect. Can't we arrange things in the Xen hotplug scripts such that if the root_block stuff isn't available/doesn't work we fallback to the existing fe:ff:ff:ff:ff usage? That would avoid concerns about forward/backwards compat I think. It wouldn't solve the issue you are targeting on old systems, but it also doesn't regress them any further. Ian. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html