1. Patchew
  2. Libvirt
  3. View series

[RFC PATCH 0/3] iproute2 bridge vlan support

Leigh Brown posted 3 patches 2 weeks, 3 days ago
There is a newer version of this series
meson.build                |  1 +
src/conf/domain_validate.c |  3 +-
src/lxc/lxc_process.c      |  3 +-
src/util/virnetdevbridge.c | 65 +++++++++++++++++++++++++++++++++++---
src/util/virnetdevbridge.h |  4 ++-
src/util/virnetdevtap.c    |  2 +-
6 files changed, 70 insertions(+), 8 deletions(-)
[RFC PATCH 0/3] iproute2 bridge vlan support
Posted by Leigh Brown 2 weeks, 3 days ago 
The iproute2 bridge command supports the capability for VLAN
filtering that allows each interface connected to a bridge to
be configured to use one or more VLANs. For simple setups, this
capability is enough to allow virtual machines or containers
to be put onto separate VLANs without creating multiple bridges
and VLANs on the host.

The first patch adds a new function virNetDevBridgeSetupVlans()
that will, given a virNetDevVlan structure, execute the required
bridge vlan commands to configure the given interface accordingly.

The second patch updates the virNetDevBridgeAddPort() function to
allow a virNetDevVlan parameter to be passed, and to call the
virNetDevBridgeSetupVlans() function.

The third patch updates the lxc and tap code to pass the
virNetDevLan parameter from the configuration and to update the
XML validation to permit the VLAN-related tags for standard
bridges.

Usage example
=============
Configure the host with systemd-networkd as follows:

/etc/systemd/network/br0.netdev (br0.network not shown)

[NetDev]
Name=br0
Kind=bridge
MACAddress=xx:xx:xx:xx:xx:xx
[Bridge]
VLANFiltering=on

/etc/systemd/network/eno1.network

[Match]
Name=eno1
[Network]
Bridge=br0
[Link]
MTUBytes=9000
[BridgeVLAN]
VLAN=40
[BridgeVLAN]
VLAN=60

Then add <vlan> tags into the lxc or qemu config:

lxc interface definition:
    <interface type='bridge'>
      <mac address='xx:xx:xx:xx:xx:xx'/>
      <source bridge='br0'/>
      <vlan>
        <tag id='40'/>
      </vlan>
    </interface>

qemu interface definition:
    <interface type='network'>
      <mac address='xx:xx:xx:xx:xx:xx'/>
      <source network='br0'/>
      <vlan>
        <tag id='60'/>
      </vlan>
      <model type='virtio'/>
      <address type='pci' domain='0x0000'
       bus='0x01' slot='0x00' function='0x0'/>
    </interface>

Then, after starting them, you will see the following

$ sudo bridge vlan
port              vlan-id  
eno1              1 PVID Egress Untagged
                  40
                  60
br0               1 PVID Egress Untagged
vnet0             60 PVID Egress Untagged
vnet1             40 PVID Egress Untagged

This is an RFC because I am not very familiar with the code,
but all feedback is welcome!

Regards,

Leigh.

Leigh Brown (3):
  util: bridge: add virNetDevBridgeSetupVlans()
  util: bridge: virNetDevBridgeAddPort vlan support
  util: bridge: enable bridge vlan support

 meson.build                |  1 +
 src/conf/domain_validate.c |  3 +-
 src/lxc/lxc_process.c      |  3 +-
 src/util/virnetdevbridge.c | 65 +++++++++++++++++++++++++++++++++++---
 src/util/virnetdevbridge.h |  4 ++-
 src/util/virnetdevtap.c    |  2 +-
 6 files changed, 70 insertions(+), 8 deletions(-)

-- 
2.39.5

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.