Am 17.12.2013 07:56, schrieb Alexandre DERUMIER: >>> it just works for me with vanilla 3.10 and the additional patch. BUT >>> without VLAN filtering i don't use it. > > Don't you use special setup with bridge on top of another bridge ? (It was > about gvrp support If I remember)
This was needed until 3.8. I dropped that code / patch and i'm using the default Proxmox implementation again. > About vlan filtering > -------------------- >>> could you send me: >>> zgrep 'VLAN' /proc/config.gz > ???? what is this ? This is the current kernel config - but maybe redhat does not compile that one. > sysctl -a | grep bridge > > net.bridge.bridge-nf-call-arptables = 1 > net.bridge.bridge-nf-call-ip6tables = 1 > net.bridge.bridge-nf-call-iptables = 1 > net.bridge.bridge-nf-filter-pppoe-tagged = 0 > net.bridge.bridge-nf-filter-vlan-tagged = 0 > net.bridge.bridge-nf-pass-vlan-input-dev = 0 you need to set > > net.bridge.bridge-nf-call-arptables = 1 > net.bridge.bridge-nf-call-ip6tables = 1 > net.bridge.bridge-nf-call-iptables = 1 to 0. Otherwise vlands and co get's filtered at the bridge. > I really don't understand why vlan filtering doesn't work( but it's not the > first time that bridge module is buggy). > I'll try to ask to the netdev mailing list. Please try to set > net.bridge.bridge-nf-call-arptables = 1 > net.bridge.bridge-nf-call-ip6tables = 1 > net.bridge.bridge-nf-call-iptables = 1 to 0 first. > about openvswitch > ----------------- > I have done some tests with openvswitch, and it's work really fine. > iperf show me 20Gb/s, I never reach more than 8gb/s with linux bridge. > vlan work out of the box. > > @Dietmar > > about openvswitch, I would like to add support to be able to plug kvm tap > interface into it. > (simple detection if vmbrX is a linux bridge or openvswitch through sysfs, > and then use brctl or ovz-ctl command to plug tap interface). > > So advanced users could use them if they want. (create openvswitch command > line, no support from gui) oh i really would like to see this too. Stefan > > > A the end, I would like to have a proper implementation of linux bridge > vlan_filtering and openvswitch. > (with same network architecture,1 bridge with vlan management, so both can be > interchanged) > > > ----- Mail original ----- > > De: "Stefan Priebe" <[email protected]> > À: "Alexandre DERUMIER" <[email protected]> > Cc: "pve-devel" <[email protected]> > Envoyé: Lundi 16 Décembre 2013 20:08:18 > Objet: Re: [pve-devel] kernel 3.10 : bridge vlan test > > Hi, > > it just works for me with vanilla 3.10 and the additional patch. BUT > without VLAN filtering i don't use it. > > could you send me: > zgrep 'VLAN' /prof/config.gz > > and > > sysctl -a | grep bridge > > Stefan > Am 16.12.2013 16:37, schrieb Alexandre DERUMIER: >> Stefan, >> >> you could send how you manage bridge vlan on top of other bridge ? >> >> (I would like to test with 3.10 kernel, as I had problem last year with >> 2.6.32 kernel) >> >> >> >> I'm also looking at openvswitch, as it seem it's possible to mix bridge and >> openvswitch. >> Seem that openstack can manage this kind of setup: >> >> host eth0---->openvzswitch---veth0-----veth1---linuxbridge<----tap interface >> >> using 1 bridge by tap interface. >> So it's possible to use iptables with the linux bridge. >> And manage vlans on openvswitch (and also other features, like netflow) >> >> >> >> ----- Mail original ----- >> >> De: "Alexandre DERUMIER" <[email protected]> >> À: "Dietmar Maurer" <[email protected]> >> Cc: "pve-devel" <[email protected]> >> Envoyé: Dimanche 15 Décembre 2013 20:15:04 >> Objet: Re: [pve-devel] kernel 3.10 : bridge vlan test >> >>>> I just added the patch from Stefan and compiled and uploaded a new kernel >>>> package. >>>> Please can you test if that helps? >> >> Don't help :( >> >> once vlan_filterning is enabled, I can't ping between vms >> >> ----- Mail original ----- >> >> De: "Dietmar Maurer" <[email protected]> >> À: "Alexandre DERUMIER" <[email protected]>, "Stefan Priebe >> ([email protected])" <[email protected]> >> Cc: "pve-devel" <[email protected]> >> Envoyé: Samedi 14 Décembre 2013 10:09:33 >> Objet: RE: [pve-devel] kernel 3.10 : bridge vlan test >> >>> Oh, sorry, forget to say : both was in same vlan when it doesn't ping. >>> >>> Also, if I don't configure any vlan, and enable filtering, it doesn't work. >>> >>> Maybe it doesn't work with tap interfaces ? Need to ask to the kernel >>> mailing. >> >> I just added the patch from Stefan and compiled and uploaded a new kernel >> package. >> Please can you test if that helps? >> _______________________________________________ >> pve-devel mailing list >> [email protected] >> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel >> _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
