Linux bridge and VLAN

ISE Development <isedev@xxxxxxxxx> · Mon, 18 Oct 2010 15:42:27 +0200

Hi,

I am trying to setup VLAN tagging between QEMU-KVM virtual machines and
betwen the virtual machines and the host. But I am getting nowhere...

It seems the VLAN tag are between stripped either by the bridge or by
the taps.

Scenario 1: VLAN tagging between host and VM

Setup:

  Host and guests:

    Fedora 12, kernel 2.6.32.21-168.fc12, all the latest packages

  Host:

    No iptables configured.

    Bridge:
       virbr0    Link encap:Ethernet  HWaddr 02:46:5F:60:9D:19  
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

    VLAN 666 (bridge):
       virbr0.666 Link encap:Ethernet  HWaddr 02:46:5F:60:9D:19  
          inet addr:192.168.3.1  Bcast:192.168.3.255  Mask:255.255.255.0
          inet6 addr: fe80::46:5fff:fe60:9d19/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

    VM Guest tap:
       vnet0     Link encap:Ethernet  HWaddr 02:46:5F:60:9D:19  
          inet6 addr: fe80::46:5fff:fe60:9d19/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

    Bridge configuration:
bridge name bridge id STP enabled interfaces
virbr0          8000.02465f609d19       yes             vnet0
                                                        vnet1

    Routing configuration:
192.168.3.0/24 dev virbr0.666 proto kernel scope link src 192.168.3.1 
192.168.2.0/24 dev virbr0     proto kernel scope link src 192.168.2.1 

   Guest:

      Primary
         eth0      Link encap:Ethernet  HWaddr 52:54:00:FF:F0:02  
          inet addr:192.168.2.3  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:feff:f002/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

      VLAN 666
         eth0.666  Link encap:Ethernet  HWaddr 52:54:00:FF:F0:02  
          inet addr:192.168.3.3  Bcast:192.168.3.255  Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:feff:f002/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

Problem:

   No communication between host and VM on VLAN 666.

   host# ping 192.168.3.3
   PING 192.168.3.3 (192.168.3.3) 56(84) bytes of data.
   From 192.168.3.1 icmp_seq=2 Destination Host Unreachable

   Tracing ARP packets:

   HOST: virbr0.666

15:03:01.361905 02:46:5f:60:9d:19 (oui Unknown) > Broadcast, ethertype
ARP (0x0806), length 42: Request who-has 192.168.3.3 tell 192.168.3.1,
length 28
0x0000:  ffff ffff ffff 0246 5f60 9d19 0806 0001
0x0010:  0800 0604 0001 0246 5f60 9d19 c0a8 0301
0x0020:  0000 0000 0000 c0a8 0303

This packet reaches the VM (not seen on host virbr0 and vnet0, not on
guest eth0).

   VM: eth0.666

15:03:01.362311 02:46:5f:60:9d:19 (oui Unknown) > Broadcast, ethertype
ARP (0x0806), length 56: Request who-has 192.168.3.3 tell 192.168.3.1,
length 42
0x0000:  ffff ffff ffff 0246 5f60 9d19 0806 0001
0x0010:  0800 0604 0001 0246 5f60 9d19 c0a8 0301
0x0020:  0000 0000 0000 c0a8 0303 0000 0000 0000
0x0030:  0000 0000 0000 0000

Odd that the packet has 14 null bytes appended to it (can anybody
explain that?). And the VM answers correctly...

    VM: eth0.666
15:03:01.362400 52:54:00:ff:f0:02 (oui Unknown) > 02:46:5f:60:9d:19 (oui
Unknown), ethertype ARP (0x0806), length 42: Reply 192.168.3.3 is-at
52:54:00:ff:f0:02 (oui Unknown), length 28
0x0000:  0246 5f60 9d19 5254 00ff f002 0806 0001
0x0010:  0800 0604 0002 5254 00ff f002 c0a8 0303
0x0020:  0246 5f60 9d19 c0a8 0301

The answer is seen as tagged by the primary interface on the VM...

   VM: eth0
15:03:01.362405 52:54:00:ff:f0:02 (oui Unknown) > 02:46:5f:60:9d:19 (oui
Unknown), ethertype 802.1Q (0x8100), length 46: vlan 666, p 0, ethertype
ARP, Reply 192.168.3.3 is-at 52:54:00:ff:f0:02 (oui Unknown), length 28
0x0000:  0246 5f60 9d19 5254 00ff f002 8100 029a
0x0010:  0806 0001 0800 0604 0002 5254 00ff f002
0x0020:  c0a8 0303 0246 5f60 9d19 c0a8 0301

The answer is seen by host's virbr0 and vnet0, but it is no longer VLAN
tagged...

   HOST: virbr0
15:03:01.362555 52:54:00:ff:f0:02 (oui Unknown) > 02:46:5f:60:9d:19 (oui
Unknown), ethertype ARP (0x0806), length 42: Reply 192.168.3.3 is-at
52:54:00:ff:f0:02 (oui Unknown), length 28
0x0000:  0246 5f60 9d19 5254 00ff f002 0806 0001
0x0010:  0800 0604 0002 5254 00ff f002 c0a8 0303
0x0020:  0246 5f60 9d19 c0a8 0301

   HOST: vnet0
15:03:01.362555 52:54:00:ff:f0:02 (oui Unknown) > 02:46:5f:60:9d:19 (oui
Unknown), ethertype ARP (0x0806), length 42: Reply 192.168.3.3 is-at
52:54:00:ff:f0:02 (oui Unknown), length 28
0x0000:  0246 5f60 9d19 5254 00ff f002 0806 0001
0x0010:  0800 0604 0002 5254 00ff f002 c0a8 0303
0x0020:  0246 5f60 9d19 c0a8 0301

And the answer never reaches virbr0.666 (probably because it is no
longer tagged). So the ARP fails and the ping fails.

What is going here? 

I am doing something wrong? Are VLAN not supported in this
configuration? Is something broken?

Scenario 2: VM to VM with VLAN tag

Setup:

   Host:
      Bridge:
         virbr0    Link encap:Ethernet  HWaddr 02:46:5F:60:9D:19  
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3209 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3563 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:366233 (357.6 KiB)  TX bytes:604364 (590.1 KiB)

      VM 1 tap:
         vnet0     Link encap:Ethernet  HWaddr 02:46:5F:60:9D:19  
          inet6 addr: fe80::46:5fff:fe60:9d19/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1495 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8930 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:188898 (184.4 KiB)  TX bytes:638277 (623.3 KiB)

      VM 2 tap:
         vnet1     Link encap:Ethernet  HWaddr 9A:5A:1C:01:E5:04  
          inet6 addr: fe80::985a:1cff:fe01:e504/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1723 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9125 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:222975 (217.7 KiB)  TX bytes:720467 (703.5 KiB)

   VM 1:

      Primary
         eth0      Link encap:Ethernet  HWaddr 52:54:00:FF:F0:02  
          inet addr:192.168.2.3  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:feff:f002/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

      VLAN 666
         eth0.666  Link encap:Ethernet  HWaddr 52:54:00:FF:F0:02  
          inet addr:192.168.3.3  Bcast:192.168.3.255  Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:feff:f002/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

   VM 2:

      Primary
         eth0      Link encap:Ethernet  HWaddr 52:54:00:FF:F0:04  
          inet addr:192.168.2.4  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:feff:f004/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

      VLAN 666
         eth0.666  Link encap:Ethernet  HWaddr 52:54:00:FF:F0:04  
          inet addr:192.168.3.4  Bcast:192.168.3.255  Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:feff:f004/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

Problem:

   No communication between host and VM on VLAN 666.

   vm1# ping 192.168.3.4
   PING 192.168.3.4 (192.168.3.4) 56(84) bytes of data.
   From 192.168.3.3 icmp_seq=1 Destination Host Unreachable

   Tracing packets:

   VM1: eth0.666
15:28:14.001309 52:54:00:ff:f0:02 (oui Unknown) > Broadcast, ethertype
ARP (0x0806), length 42: Request who-has 192.168.3.4 tell 192.168.3.3,
length 28
0x0000:  ffff ffff ffff 5254 00ff f002 0806 0001
0x0010:  0800 0604 0001 5254 00ff f002 c0a8 0303
0x0020:  0000 0000 0000 c0a8 0304

   VM1: eth0
15:28:14.001318 52:54:00:ff:f0:02 (oui Unknown) > Broadcast, ethertype
802.1Q (0x8100), length 46: vlan 666, p 0, ethertype ARP, Request
who-has 192.168.3.4 tell 192.168.3.3, length 28
0x0000:  ffff ffff ffff 5254 00ff f002 8100 029a
0x0010:  0806 0001 0800 0604 0001 5254 00ff f002
0x0020:  c0a8 0303 0000 0000 0000 c0a8 0304

   Ok, it's tagged...

   HOST: virbr0
5:28:14.001434 52:54:00:ff:f0:02 (oui Unknown) > Broadcast, ethertype
ARP (0x0806), length 42: Request who-has 192.168.3.4 tell 192.168.3.3,
length 28
0x0000:  ffff ffff ffff 5254 00ff f002 0806 0001
0x0010:  0800 0604 0001 5254 00ff f002 c0a8 0303
0x0020:  0000 0000 0000 c0a8 0304

   Again, no longer tagged...

   HOST: vnet0
15:28:14.001434 52:54:00:ff:f0:02 (oui Unknown) > Broadcast, ethertype
ARP (0x0806), length 42: Request who-has 192.168.3.4 tell 192.168.3.3,
length 28
0x0000:  ffff ffff ffff 5254 00ff f002 0806 0001
0x0010:  0800 0604 0001 5254 00ff f002 c0a8 0303
0x0020:  0000 0000 0000 c0a8 0304

   Not tagged...

   HOST: vnet1
15:28:14.001464 52:54:00:ff:f0:02 (oui Unknown) > Broadcast, ethertype
ARP (0x0806), length 42: Request who-has 192.168.3.4 tell 192.168.3.3,
length 28
0x0000:  ffff ffff ffff 5254 00ff f002 0806 0001
0x0010:  0800 0604 0001 5254 00ff f002 c0a8 0303
0x0020:  0000 0000 0000 c0a8 0304

   Not tagged...

   VM2: eth0
15:28:15.002120 52:54:00:ff:f0:02 (oui Unknown) > Broadcast, ethertype
ARP (0x0806), length 60: Request who-has 192.168.3.4 tell 192.168.3.3,
length 46
0x0000:  ffff ffff ffff 5254 00ff f002 0806 0001
0x0010:  0800 0604 0001 5254 00ff f002 c0a8 0303
0x0020:  0000 0000 0000 c0a8 0304 0000 0000 0000
0x0030:  0000 0000 0000 0000 0000 0000

   Not tagged...
   And why does it have 18 null bytes appended to it now ???

   VM2: eth0.666
No packet seen.

This seems to be the same problem as the first setup. VLAN tags are
being stripped somewhere between QEMU, tap and bridge.

All help very much appreciated.

ISE

--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html