Re: [ovirt-users] mixing tagged and untagged vlans on a same interface
Thank you for the explanation. Le 16/02/2015 09:06, Lior Vernia a écrit : What Martin said is correct, let me just add that originally this limitation was put in place because in older kernels the bridge for the untagged network could see tagged traffic over the same physical interface, which was a security loophole (as a VM using the untagged bridge could sniff all the traffic on the physical interface). This isn't the case anymore, so in 3.6 we want to remove this limitation. On 13/02/15 17:31, Martin Pavlík wrote: Hi, it is possible to achieve the state you describe. You just can’t have ovirtmgmt as VM network in such case. You need to set ovirtmgmt as nonVM [1] (aka bridgeless network), then you can put it on one interface with VLANs. Be aware that you can put on one interface only one bridges network + multiple VLANs. [1] http://www.ovirt.org/Features/Design/Network/Bridgeless_Networks#Functionality HTH Martin Pavlik RHEV QE On 13 Feb 2015, at 16:17, Nathanaël Blanchet blanc...@abes.fr wrote: Hi all, On a standalone libvirt/KVM, I've been used to mix tagged and untagged vlans on the same interface, the untagged vlan dedicated to the physical interface em1 and the other tagged ones to VLAN em1.X. I've just installed a new datacenter with an untagged ovirtmgmt and then realized that I've been prevented from attaching additional vlan to the same inetrface. Is there a reason for that, knowing that nothing should technically be wrong? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] mixing tagged and untagged vlans on a same interface
What Martin said is correct, let me just add that originally this limitation was put in place because in older kernels the bridge for the untagged network could see tagged traffic over the same physical interface, which was a security loophole (as a VM using the untagged bridge could sniff all the traffic on the physical interface). This isn't the case anymore, so in 3.6 we want to remove this limitation. On 13/02/15 17:31, Martin Pavlík wrote: Hi, it is possible to achieve the state you describe. You just can’t have ovirtmgmt as VM network in such case. You need to set ovirtmgmt as nonVM [1] (aka bridgeless network), then you can put it on one interface with VLANs. Be aware that you can put on one interface only one bridges network + multiple VLANs. [1] http://www.ovirt.org/Features/Design/Network/Bridgeless_Networks#Functionality HTH Martin Pavlik RHEV QE On 13 Feb 2015, at 16:17, Nathanaël Blanchet blanc...@abes.fr wrote: Hi all, On a standalone libvirt/KVM, I've been used to mix tagged and untagged vlans on the same interface, the untagged vlan dedicated to the physical interface em1 and the other tagged ones to VLAN em1.X. I've just installed a new datacenter with an untagged ovirtmgmt and then realized that I've been prevented from attaching additional vlan to the same inetrface. Is there a reason for that, knowing that nothing should technically be wrong? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] mixing tagged and untagged vlans on a same interface
Hi all, On a standalone libvirt/KVM, I've been used to mix tagged and untagged vlans on the same interface, the untagged vlan dedicated to the physical interface em1 and the other tagged ones to VLAN em1.X. I've just installed a new datacenter with an untagged ovirtmgmt and then realized that I've been prevented from attaching additional vlan to the same inetrface. Is there a reason for that, knowing that nothing should technically be wrong? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] mixing tagged and untagged vlans on a same interface
Hi, it is possible to achieve the state you describe. You just can’t have ovirtmgmt as VM network in such case. You need to set ovirtmgmt as nonVM [1] (aka bridgeless network), then you can put it on one interface with VLANs. Be aware that you can put on one interface only one bridges network + multiple VLANs. [1] http://www.ovirt.org/Features/Design/Network/Bridgeless_Networks#Functionality HTH Martin Pavlik RHEV QE On 13 Feb 2015, at 16:17, Nathanaël Blanchet blanc...@abes.fr wrote: Hi all, On a standalone libvirt/KVM, I've been used to mix tagged and untagged vlans on the same interface, the untagged vlan dedicated to the physical interface em1 and the other tagged ones to VLAN em1.X. I've just installed a new datacenter with an untagged ovirtmgmt and then realized that I've been prevented from attaching additional vlan to the same inetrface. Is there a reason for that, knowing that nothing should technically be wrong? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users signature.asc Description: Message signed with OpenPGP using GPGMail ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
