Ben Hutchings (ben) writes: > > > > Currently only the bridge including the maintenance interface with the > > plain eth0 interface receives all tagged and untagged packages, and > > VLAN-inferfaces just receive tagged packets > [...] > > Right, that's what I thought. > > You're really supposed to only attach either a bridge device or VLAN > devices to an underlying physical device. However, I'm aware that the > Linux bridge driver is not so useful as a VLAN bridge and that there was > never any restriction in the kernel that prevented you from doing this. > > Due to the way VLAN tag offload was implemented, the above configuration > worked for a long time if the underlying physical device implemented > VLAN tag offload - but not if it didn't. In Linux 2.6.37 the handling > of VLAN tags was significantly changed to remove the special case for > receiving packets from devices with VLAN tag offload, causing this > configuration to break. Since many people used similar configurations, > this was fixed in Linux 3.2 (I think).
That is, unfortunately, not the case.
Ganeti, and other virtualization solutions built on top of Xen and KVM,
makes use of bridges to attach VMs to the underlying interface. The
underlying interface could be anything: vlan, raw ethernet, bond'ed
link,
etc...
This works fine on 2.6.32, as was pointed out, but fails afterwards.
I've tried with 3.2 and 3.5, and the bug persists. My setup is as
described
earlier by Erich:
br0: eth0 (for management)
br1: eth0.3
br2: eth0.4
brX: eth0.X
... with the IP for management on br0.
This, by the way, works with bonded interfaces as well on 2.6.32:
br0: bond0: eth0 + eth1
br1: bond0.3
br2: bond0.4
...
On 3.2, this stopped working. At first I thought it was the bond
interface, so I attempted to run directly on eth0.* - but that
didn't help. Then I suspected an issue with mixing tagged and
untagged + bridging. And since mixing tagged and untagged on the same
link is usually not a good idea, I reconfigured everything to run in
trunked/.1q, not using eth0 for any IP traffic directly:
br0: eth0.100 (now using a tagged vlan for the management IP)
br1: eth0.3
etc...
... but this doesn't work in 3.2+
It might not be Debian specific, but nevertheless it's a showstopper...
If this configuration is not supported, what is the suggested
alternative ?
KVM and other hypervisors need a bridge to attach VMs to: how is one
supposed to host different VMs on different subnets on a single machine
?
(Something easily done on 2.6.32, or even on FreeBSD or VMWware) ? I
could
try OpenvSwitch...
Thanks,
Phil
pgpFwKdL3X3jS.pgp
Description: PGP signature
