BTW, can you test this method too ?
>>eth0.10---->vmbrcustomer<--(vlanX)------tapX >> >> >> >>auto vmbrcustomer1 >>iface vmbrcustomer1 inet manual >> bridge_vlan_aware yes >> bridge_ports eth0.10 >> bridge_stp off >> bridge_fd 0 >> pre-up ip link add link eth0 eth0.10 type vlan proto 802.1ad id 10 ? ----- Mail original ----- De: "aderumier" <aderum...@odiso.com> À: "Andrew Thrift" <and...@networklabs.co.nz> Cc: "pve-devel" <pve-devel@pve.proxmox.com> Envoyé: Mardi 4 Août 2015 14:02:46 Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge Another way, but I'm not sure it's working, is to tag 802.1ad on the physical interface eth0.10---->vmbrcustomer<--(vlanX)------tapX auto vmbrcustomer1 iface vmbrcustomer1 inet manual bridge_vlan_aware yes bridge_ports eth0.10 bridge_stp off bridge_fd 0 pre-up ip link add link eth0 eth0.10 type vlan proto 802.1ad id 10 ----- Mail original ----- De: "aderumier" <aderum...@odiso.com> À: "Andrew Thrift" <and...@networklabs.co.nz> Cc: "pve-devel" <pve-devel@pve.proxmox.com> Envoyé: Mardi 4 Août 2015 12:22:47 Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge >>Hi Alexandre, Hi, >>We also use QinQ and have submitted patches for the previous network >>implementation that made use of a "bridge in bridge" design to achieve the >>QinQ functionality. They are also a new way to implement q-in-q with vlan aware bridge http://www.spinics.net/lists/linux-ethernet-bridging/msg05514.html +----+ +-------+p/u +------+ +----+ +--+ |eth0|--|802.1ad|----veth----|802.1Q|--|vnet|--|VM| +----+ |bridge | |bridge| +----+ +--+ +-------+ +------+ p/u: pvid/untagged Currently we have implemented 802.1Q bridge. for qinq, we need to create a root bridge, with 802.1ad enabled, linked through a veth pair to 802.1Q bridge. The qinq bridge is managed exactly in the same way than 802.1ad, but it's enabled with echo 0x88a8 > /sys/class/net/XXX/bridge/vlan_protocol for example ------------ eth0----vmbr0--(vlan10)<---brigelink-------bridgelinkpeer---->vmbrcustomer<--(vlanX)------tapX brctl addbr vmbr0 echo 0x88a8 > /sys/class/net/vmbr0/bridge/vlan_protocol ip link add dev bridgelink type veth peer name bridgelinkpeer brctl addif vmbr0 bridgelink brctl addif vmbrcustomer1 bridgelinkpeer bridge vlan add dev bridgelink vid 10 pvid untagged something like that I can try to make a patch, but I don't have hardware which support q-in-q for testing. ----- Mail original ----- De: "Andrew Thrift" <and...@networklabs.co.nz> À: "aderumier" <aderum...@odiso.com> Cc: "pve-devel" <pve-devel@pve.proxmox.com> Envoyé: Mardi 4 Août 2015 10:49:26 Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge Hi Alexandre, We also use QinQ and have submitted patches for the previous network implementation that made use of a "bridge in bridge" design to achieve the QinQ functionality. The new vlan aware bridge implementation will be a lot cleaner. When your patches are ready we will test them and provide feedback. Thanks, Andrew On Tue, Jul 28, 2015 at 2:09 AM, Alexandre DERUMIER < aderum...@odiso.com > wrote: does somebody have tested my vlan bridges patches ? (note that that need iproute2 from debian sid, for vlan ranges) It's working really fine here, I'm looking to add a patch for Q-in-Q bridge too. (I think Stefan Priebe use them) ----- Mail original ----- De: "aderumier" < aderum...@odiso.com > À: "Wolfgang Bumiller" < w.bumil...@proxmox.com > Cc: "pve-devel" < pve-devel@pve.proxmox.com > Envoyé: Vendredi 24 Juillet 2015 18:49:18 Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge >>Why is `bridge_add_interface` now restricted to the firewall-else >>branch? I manage it like openvswitch, vlan tagging is always done on the main bridge, not firewall bridge. > + if ($firewall) { > + &$create_firewall_bridge_linux($iface, $bridge, $tag); create_firewall_bridge_linux($iface, $bridge, $tag) have - &$bridge_add_interface($bridge, $vethfwpeer); + &$bridge_add_interface($bridge, $vethfwpeer, $tag); #tag on the main bridge - return $fwbr; + &$bridge_add_interface($fwbr, $iface); # add vm tap interface on fwbridge without vlan tag ----- Mail original ----- De: "Wolfgang Bumiller" < w.bumil...@proxmox.com > À: "aderumier" < aderum...@odiso.com > Cc: "pve-devel" < pve-devel@pve.proxmox.com > Envoyé: Vendredi 24 Juillet 2015 15:20:06 Objet: Re: [pve-devel] [PATCH] tap_plug : add support for vlan aware linux bridge On Fri, Jul 24, 2015 at 01:52:59PM +0200, Alexandre Derumier wrote: > - $newbridge = &$create_firewall_bridge_linux($iface, $newbridge) if > $firewall; > + if (!$vlan_aware) { > + my $newbridge = activate_bridge_vlan($bridge, $tag); > + copy_bridge_config($bridge, $newbridge) if $bridge ne $newbridge; > + $tag = undef; > + } > + > + if ($firewall) { > + &$create_firewall_bridge_linux($iface, $bridge, $tag); > + } else { > + &$bridge_add_interface($bridge, $iface, $tag); > + } > > - &$bridge_add_interface($newbridge, $iface); Why is `bridge_add_interface` now restricted to the firewall-else branch? _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
