Really? I mean isn't using tagged 802.1q vlans something pretty normal? I cannot believe that linux is incapable of doing what every 10 bucks desktop switch and its bridge can...
-- Regards Stephan On Thu, 22 Aug 2013 10:58:08 -0700 Tony Su <[email protected]> wrote: > I haven't investigated what you describe so can't offer much help... > > But my reaction is that if it's not possible to configure some kind of > "master vlan tag" I'd consider "packaging" all the VLANs through a VPN > just long enough to pass through any major obstacles (technical or > onerous work). Of course such an approach would likely come with > significant overhead but it's a matter of trade-offs. > > Or, I suppose that you could attempt to script the creation of your > bridges and just deal with them all. > > Tony > > On Thu, Aug 22, 2013 at 10:49 AM, Stephan von Krawczynski > <[email protected]> wrote: > > Sorry, you misunderstood my writing. I am talking of several hundred vlans > > with - of course - different ids and quite some guests (around 50). > > There is no way to simplify this setup besides the trivial way of a bridge > > that carries all vlan-tagged interfaces. The trivial thing about it is all > > these different vlans come in through one trunk. So if vlan-tagged bridging > > worked I would have only one bridge interface with 50 guests connected ... > > > > -- > > Regards, > > Stephan > > > > > > > > On Thu, 22 Aug 2013 10:29:59 -0700 > > Tony Su <[email protected]> wrote: > > > >> If you're configuring the all your "hundreds" of guests to connect to > >> the same VLAN, then you should able to simply configure all guests to > >> connect to the same working bridge device without further > >> configuration. > >> > >> You're surely not trying to configure hundreds of individual vlans, > >> separate ones for each guest? > >> > >> Tony > >> > >> On Thu, Aug 22, 2013 at 10:04 AM, Stephan von Krawczynski > >> <[email protected]> wrote: > >> > Hello Tony, > >> > > >> > thank you for answering, my comments are inline. Just as an additional > >> > hint to > >> > what I've tested so far. Since I found vlan bridging not working I > >> > configured > >> > the vlan on the host and put that interface to a bridge and over to a > >> > virtio > >> > device (non-vlan-tagged) in the guest. As you might expect this works > >> > perfectly. Unfortunately it is not useable for me, because if you want > >> > several > >> > hundred vlans to several guests you will end up configuring hundreds of > >> > bridges and interfaces. > >> > > >> > > >> > On Thu, 22 Aug 2013 09:32:42 -0700 > >> > Tony Su <[email protected]> wrote: > >> > > >> >> Have you > >> >> - Tested without VLAN tags? > >> > > >> > Yes, works perfectly. > >> > > >> >> - Verified IP Forwarding is enabled, I usually see this implemented in > >> >> /etc/sysctl.conf and not written directly to the /proc files > >> > > >> > Yes, forwarding is active. > >> > > >> >> - Disabled all the transparent bridge filters, typicallly at > >> >> /proc/sys/net/bridge/* again, although you can write directly to these > >> >> files I'd recommend you simply add the commands to your sysctl.conf > >> > > >> > Yes, I played with these a bit but found out that there is no effect on > >> > my > >> > problem. > >> > > >> >> - Verified any personal FW is configured properly. > >> > > >> > There is none. > >> > > >> >> Tony > >> >> > >> >> On Thu, Aug 22, 2013 at 7:39 AM, Stephan von Krawczynski > >> >> <[email protected]> wrote: > >> >> > Hello all, > >> >> > > >> >> > I'd like to do something very simple - at least that's what I thought > >> >> > ;-) > >> >> > I want a guest to have access to a network just as if he was > >> >> > connected to the > >> >> > real card, but set up as bridge on the host and virtio network > >> >> > driver. The > >> >> > guest should be able to configure and use some or maybe even many > >> >> > 802.1q vlans > >> >> > on this network and the traffic should go out tagged. > >> >> > > >> >> > So I setup the hosts bridge and connected an intel network card and a > >> >> > qemu > >> >> > virtio card. Now the problem: No vlan-tagged traffic from the physical > >> >> > interface reaches the guest at all, and no vlan-tagged traffic from > >> >> > the guest > >> >> > reaches the physical net over the bridge. One major reason for this > >> >> > is the > >> >> > vlan offloading by the host interface card (intel). Another seems to > >> >> > be that > >> >> > arp requests are somehow not going through the bridge for the vlans. > >> >> > > >> >> > I hope that someone here has used 802.1q vlans inside guests before > >> >> > and can > >> >> > share some tips how to make this work. Because out-of-the-box it does > >> >> > not. All > >> >> > system are linux of course and with latest kernels (3.10.9 currently). > >> >> > qemu is 1.5.2. > >> >> > Thanks for any hints. > >> >> > > >> >> > -- > >> >> > Regards, > >> >> > Stephan
