docs/formatdomain.rst | 37 ++++++++++---------- docs/formatnetwork.rst | 45 ++++++++++++------------ meson.build | 1 + src/conf/domain_validate.c | 3 +- src/lxc/lxc_process.c | 3 +- src/network/bridge_driver.c | 13 ++++--- src/util/virnetdevbridge.c | 68 ++++++++++++++++++++++++++++++++++--- src/util/virnetdevbridge.h | 4 ++- src/util/virnetdevtap.c | 2 +- 9 files changed, 123 insertions(+), 53 deletions(-)
I have not had any feedback, but have been using this myself and
it works very nicely for me. I have updated the patch series to
allow vlans to be specified in network/portgroup definitions and
that functionality is working well.
All feedback gratefully received.
Description
-----------
The iproute2 bridge command supports the capability for VLAN filtering
that allows each interface connected to a standard linux bridge to be
configured to use one or more VLANs. For simple setups, this capability
is enough to allow virtual machines or containers to be put onto
separate VLANs without creating multiple bridges and VLANs on the host.
The first patch adds a new function virNetDevBridgeSetupVlans() that
will, given a virNetDevVlan structure, execute the required bridge vlan
commands to configure the given interface accordingly.
The second patch updates the virNetDevBridgeAddPort() function to allow
a virNetDevVlan parameter to be passed, and to call the
virNetDevBridgeSetupVlans() function.
The third patch updates the lxc and tap code to pass the virNetDevLan
parameter from the configuration and to update the XML domain and
network validation to permit the VLAN-related tags for standard
bridges.
The fourth patch updates documentation to match the new capability.
Changes since v1
----------------
- Fix bug in virNetDevSetupVlans where bridge port has no native vlan.
- Update bridge network validation to permit vlan configuration.
- Update documentation to match the functionality.
- Tweak some of the commit descriptions for clarity.
Usage example
-------------
Configure the host with systemd-networkd as follows:
/etc/systemd/network/br0.netdev (br0.network not shown)
[NetDev]
Name=br0
Kind=bridge
MACAddress=xx:xx:xx:xx:xx:xx
[Bridge]
VLANFiltering=on
/etc/systemd/network/eno1.network
[Match]
Name=eno1
[Network]
Bridge=br0
[Link]
MTUBytes=9000
[BridgeVLAN]
VLAN=40
[BridgeVLAN]
VLAN=60
Then add <vlan> tags into the lxc or qemu config:
lxc interface definition:
<interface type='bridge'>
<mac address='xx:xx:xx:xx:xx:xx'/>
<source bridge='br0'/>
<vlan>
<tag id='40'/>
</vlan>
</interface>
qemu interface definition:
<interface type='network'>
<mac address='xx:xx:xx:xx:xx:xx'/>
<source network='br0'/>
<vlan>
<tag id='60'/>
</vlan>
<model type='virtio'/>
<address type='pci' domain='0x0000'
bus='0x01' slot='0x00' function='0x0'/>
</interface>
Then, after starting them, you will see the following
$ sudo bridge vlan
port vlan-id
eno1 1 PVID Egress Untagged
40
60
br0 1 PVID Egress Untagged
vnet0 60 PVID Egress Untagged
vnet1 40 PVID Egress Untagged
Regards,
Leigh Brown (4):
util: Add virNetDevBridgeSetupVlans function
util: Add vlan support to virNetDevBridgeAddPort
Enable vlan support for standard linux bridges
docs: standard linux bridges now support vlans
docs/formatdomain.rst | 37 ++++++++++----------
docs/formatnetwork.rst | 45 ++++++++++++------------
meson.build | 1 +
src/conf/domain_validate.c | 3 +-
src/lxc/lxc_process.c | 3 +-
src/network/bridge_driver.c | 13 ++++---
src/util/virnetdevbridge.c | 68 ++++++++++++++++++++++++++++++++++---
src/util/virnetdevbridge.h | 4 ++-
src/util/virnetdevtap.c | 2 +-
9 files changed, 123 insertions(+), 53 deletions(-)
--
2.39.5
On 12/20/24 5:33 AM, Leigh Brown wrote: > I have not had any feedback, but have been using this myself and > it works very nicely for me. I have updated the patch series to > allow vlans to be specified in network/portgroup definitions and > that functionality is working well. > > All feedback gratefully received. Sorry, I meant to go through your patches last week but haven't had the time yet. Before I get to that, I have 2 general comments: 1) I'm *really* happy to see that someone has taken this on. It's something I've wanted to do (or have done) for several years (ever since I heard that the Linux host bridge added vlan support, which was many years ago!), but I don't use VLANs myself, and haven't had any concrete demand for it, so I'd pretty much forgotten about it. 2) Rather than having virNetDevBridgeSetupVlans() exec the "bridge" utility, it would be much preferred if we could use netlink requests instead. A couple examples of using netlink to set something on an interface: * src/util/virnetdevbridge.c:virNetDevBridgeFDBAddDel() * src/util/virnetdevip.c:virNetDevIPRouteAdd() but there are several others. I'll try to look at the rest of it on Monday. > > Description > ----------- > The iproute2 bridge command supports the capability for VLAN filtering > that allows each interface connected to a standard linux bridge to be > configured to use one or more VLANs. For simple setups, this capability > is enough to allow virtual machines or containers to be put onto > separate VLANs without creating multiple bridges and VLANs on the host. > > The first patch adds a new function virNetDevBridgeSetupVlans() that > will, given a virNetDevVlan structure, execute the required bridge vlan > commands to configure the given interface accordingly. > > The second patch updates the virNetDevBridgeAddPort() function to allow > a virNetDevVlan parameter to be passed, and to call the > virNetDevBridgeSetupVlans() function. > > The third patch updates the lxc and tap code to pass the virNetDevLan > parameter from the configuration and to update the XML domain and > network validation to permit the VLAN-related tags for standard > bridges. > > The fourth patch updates documentation to match the new capability. > > Changes since v1 > ---------------- > - Fix bug in virNetDevSetupVlans where bridge port has no native vlan. > - Update bridge network validation to permit vlan configuration. > - Update documentation to match the functionality. > - Tweak some of the commit descriptions for clarity. > > Usage example > ------------- > Configure the host with systemd-networkd as follows: > > /etc/systemd/network/br0.netdev (br0.network not shown) > > [NetDev] > Name=br0 > Kind=bridge > MACAddress=xx:xx:xx:xx:xx:xx > [Bridge] > VLANFiltering=on > > /etc/systemd/network/eno1.network > > [Match] > Name=eno1 > [Network] > Bridge=br0 > [Link] > MTUBytes=9000 > [BridgeVLAN] > VLAN=40 > [BridgeVLAN] > VLAN=60 > > Then add <vlan> tags into the lxc or qemu config: > > lxc interface definition: > <interface type='bridge'> > <mac address='xx:xx:xx:xx:xx:xx'/> > <source bridge='br0'/> > <vlan> > <tag id='40'/> > </vlan> > </interface> > > qemu interface definition: > <interface type='network'> > <mac address='xx:xx:xx:xx:xx:xx'/> > <source network='br0'/> > <vlan> > <tag id='60'/> > </vlan> > <model type='virtio'/> > <address type='pci' domain='0x0000' > bus='0x01' slot='0x00' function='0x0'/> > </interface> > > Then, after starting them, you will see the following > > $ sudo bridge vlan > port vlan-id > eno1 1 PVID Egress Untagged > 40 > 60 > br0 1 PVID Egress Untagged > vnet0 60 PVID Egress Untagged > vnet1 40 PVID Egress Untagged > > Regards, > > > Leigh Brown (4): > util: Add virNetDevBridgeSetupVlans function > util: Add vlan support to virNetDevBridgeAddPort > Enable vlan support for standard linux bridges > docs: standard linux bridges now support vlans > > docs/formatdomain.rst | 37 ++++++++++---------- > docs/formatnetwork.rst | 45 ++++++++++++------------ > meson.build | 1 + > src/conf/domain_validate.c | 3 +- > src/lxc/lxc_process.c | 3 +- > src/network/bridge_driver.c | 13 ++++--- > src/util/virnetdevbridge.c | 68 ++++++++++++++++++++++++++++++++++--- > src/util/virnetdevbridge.h | 4 ++- > src/util/virnetdevtap.c | 2 +- > 9 files changed, 123 insertions(+), 53 deletions(-) >
© 2016 - 2026 Red Hat, Inc.