Re: [pve-devel] seperated virtual networks for KVM instances

2013-01-25 Thread Dietmar Maurer 
 If i look at this patch:
 
 
 http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git;a=patch;h=683a21
 b0
 
 It seems the debian vlan package using vconfig can't handle these flags as it
 simply does not support them. (latest version 2007).
 
 There are some more actual configuration variants:
 #vlan1_flags=reorder_hdr off gvrp on loose_binding on
 
 So which script in proxmox creates the vlan?

https://git.proxmox.com/?p=qemu-server.git;a=blob;f=pve-bridge;h=8e50112c5a55b33bcca1f88adb703a438ffd60c8;hb=HEAD

___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] seperated virtual networks for KVM instances

2013-01-25 Thread Stefan Priebe - Profihost AG 
Hi Dietmar,

Am 25.01.2013 09:24, schrieb Dietmar Maurer:
 If i look at this patch:


 http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git;a=patch;h=683a21
 b0

 It seems the debian vlan package using vconfig can't handle these flags as it
 simply does not support them. (latest version 2007).

 There are some more actual configuration variants:
 #vlan1_flags=reorder_hdr off gvrp on loose_binding on

 So which script in proxmox creates the vlan?
 
 https://git.proxmox.com/?p=qemu-server.git;a=blob;f=pve-bridge;h=8e50112c5a55b33bcca1f88adb703a438ffd60c8;hb=HEAD

Thanks - i've ported the script from vconfig to iproute2 using the ip
command. This works fine.

But why do we use the iterface of the bridge to create th vlan from? In
this case GVRP does not work. It works fine if i use the bridge itself.

Proxmox default way ported to /sbin/ip:
--
/sbin/ip link add link eth1 name eth1.99 type vlan id 99 reorder_hdr on
gvrp on
/sbin/ip link set eth1.99 up
/usr/sbin/brctl addbr vmbr1v99
/sbin/ip link set vmbr1v99 up
/usr/sbin/brctl addif vmbr1v99 eth1.99
--

gvrp does NOT work.


This one works fine instead.

--
/sbin/ip link add link vmbr1 name vmbr1.99 type vlan id 99 reorder_hdr
on gvrp on
/sbin/ip link set vmbr1.99 up
--

I don't understand why proxmox creates a new bridge and uses the raw
device for the vlan instead of the bridge.

Greets,
Stefan
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] seperated virtual networks for KVM instances

2013-01-25 Thread Alexandre DERUMIER 
I don't understand why proxmox creates a new bridge and uses the raw 
device for the vlan instead of the bridge. 

I think it was buggy last time we try it with the redhat kernel.
Their was a lot of rework in the kernel side around 2.6.39, and a lot of things 
were breaked at this time.


- Mail original - 

De: Stefan Priebe - Profihost AG s.pri...@profihost.ag 
À: Dietmar Maurer diet...@proxmox.com 
Cc: pve-devel@pve.proxmox.com 
Envoyé: Vendredi 25 Janvier 2013 15:40:54 
Objet: Re: [pve-devel] seperated virtual networks for KVM instances 

Hi Dietmar, 

Am 25.01.2013 09:24, schrieb Dietmar Maurer: 
 If i look at this patch: 
 
 
 http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git;a=patch;h=683a21 
 b0 
 
 It seems the debian vlan package using vconfig can't handle these flags as 
 it 
 simply does not support them. (latest version 2007). 
 
 There are some more actual configuration variants: 
 #vlan1_flags=reorder_hdr off gvrp on loose_binding on 
 
 So which script in proxmox creates the vlan? 
 
 https://git.proxmox.com/?p=qemu-server.git;a=blob;f=pve-bridge;h=8e50112c5a55b33bcca1f88adb703a438ffd60c8;hb=HEAD
  

Thanks - i've ported the script from vconfig to iproute2 using the ip 
command. This works fine. 

But why do we use the iterface of the bridge to create th vlan from? In 
this case GVRP does not work. It works fine if i use the bridge itself. 

Proxmox default way ported to /sbin/ip: 
-- 
/sbin/ip link add link eth1 name eth1.99 type vlan id 99 reorder_hdr on 
gvrp on 
/sbin/ip link set eth1.99 up 
/usr/sbin/brctl addbr vmbr1v99 
/sbin/ip link set vmbr1v99 up 
/usr/sbin/brctl addif vmbr1v99 eth1.99 
-- 

gvrp does NOT work. 


This one works fine instead. 

-- 
/sbin/ip link add link vmbr1 name vmbr1.99 type vlan id 99 reorder_hdr 
on gvrp on 
/sbin/ip link set vmbr1.99 up 
-- 

I don't understand why proxmox creates a new bridge and uses the raw 
device for the vlan instead of the bridge. 

Greets, 
Stefan 
___ 
pve-devel mailing list 
pve-devel@pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] seperated virtual networks for KVM instances

2013-01-25 Thread Stefan Priebe - Profihost AG 
Hi,

Am 25.01.2013 16:23, schrieb Alexandre DERUMIER:
 I don't understand why proxmox creates a new bridge and uses the raw 
 device for the vlan instead of the bridge. 
 
 I think it was buggy last time we try it with the redhat kernel.
 Their was a lot of rework in the kernel side around 2.6.39, and a lot of 
 things were breaked at this time.

thanks but now we break features like GVRP ;-)

If i send you a patch for the Network.pm might you be able to try if
everything works fine?

I've no original PVE Kernel running.

Greets,
Stefan
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] seperated virtual networks for KVM instances

2013-01-25 Thread Alexandre DERUMIER 
yes, sure , I can test it.


- Mail original - 

De: Stefan Priebe - Profihost AG s.pri...@profihost.ag 
À: Alexandre DERUMIER aderum...@odiso.com 
Cc: pve-devel@pve.proxmox.com, Dietmar Maurer diet...@proxmox.com 
Envoyé: Vendredi 25 Janvier 2013 16:51:29 
Objet: Re: [pve-devel] seperated virtual networks for KVM instances 

Hi, 

Am 25.01.2013 16:23, schrieb Alexandre DERUMIER: 
 I don't understand why proxmox creates a new bridge and uses the raw 
 device for the vlan instead of the bridge. 
 
 I think it was buggy last time we try it with the redhat kernel. 
 Their was a lot of rework in the kernel side around 2.6.39, and a lot of 
 things were breaked at this time. 

thanks but now we break features like GVRP ;-) 

If i send you a patch for the Network.pm might you be able to try if 
everything works fine? 

I've no original PVE Kernel running. 

Greets, 
Stefan 
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] seperated virtual networks for KVM instances

2013-01-24 Thread Michael Rasmussen 

On 01-24-2013 16:18, Stefan Priebe - Profihost AG wrote:

Hello list,

are there any plans or ideas how to establish easily virtual networks
for VMs?

Like building a DMZ with VMs?


I have an idea which I am currently refining.

1) Create a bridge with no assigned IP and call it DMZ1
2) Create a VM or CT with two nics. One assigned to a bridge with 
access to the internet and one assigned to DMZ1
3) Install shorewall on this VM or CT acting as gateway for the DMZ1 
bridge
4) Create a number of VM's or CT's with one nic assigned to DMZ1 using 
the VM or CT with shorewall installed as gateway

5) Apply port forwarding rules to shorewall as needed

Voila a virtual DMZ:-)

--
Hilsen/regards
Michael Rasmussen
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] seperated virtual networks for KVM instances

2013-01-24 Thread Dietmar Maurer 
 are there any plans or ideas how to establish easily virtual networks for VMs?
 
 Like building a DMZ with VMs?

Just create a private bridge (no IP/ports assigned).

___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] seperated virtual networks for KVM instances

2013-01-24 Thread Stefan Priebe - Profihost AG 
Hello,

Am 24.01.2013 18:01, schrieb Dietmar Maurer:
 are there any plans or ideas how to establish easily virtual networks for 
 VMs?

 Like building a DMZ with VMs?
 
 Just create a private bridge (no IP/ports assigned).

That would be fine with GVRP support - so there won't be any need to
configure the switch. It will configure itself ;-)

Sadly i didn't get GVRP support to work. The linux kernel supports it
but i find no way to enable it...

Greets,
Stefan
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] seperated virtual networks for KVM instances

2013-01-24 Thread Stefan Priebe - Profihost AG 
If i look at this patch:


http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git;a=patch;h=683a21b0

It seems the debian vlan package using vconfig can't handle these flags
as it simply does not support them. (latest version 2007).

There are some more actual configuration variants:
#vlan1_flags=reorder_hdr off gvrp on loose_binding on

So which script in proxmox creates the vlan?

Greets,
Stefan

Am 25.01.2013 08:47, schrieb Stefan Priebe - Profihost AG:
 Hello,
 
 Am 24.01.2013 18:01, schrieb Dietmar Maurer:
 are there any plans or ideas how to establish easily virtual networks for 
 VMs?

 Like building a DMZ with VMs?

 Just create a private bridge (no IP/ports assigned).
 
 That would be fine with GVRP support - so there won't be any need to
 configure the switch. It will configure itself ;-)
 
 Sadly i didn't get GVRP support to work. The linux kernel supports it
 but i find no way to enable it...
 
 Greets,
 Stefan
 
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel