Ben Hutchings (ben) writes: > > > > Currently only the bridge including the maintenance interface with the > > plain eth0 interface receives all tagged and untagged packages, and > > VLAN-inferfaces just receive tagged packets > [...] > > Right, that's what I thought. > > You're really supposed to only attach either a bridge device or VLAN > devices to an underlying physical device. However, I'm aware that the > Linux bridge driver is not so useful as a VLAN bridge and that there was > never any restriction in the kernel that prevented you from doing this. > > Due to the way VLAN tag offload was implemented, the above configuration > worked for a long time if the underlying physical device implemented > VLAN tag offload - but not if it didn't. In Linux 2.6.37 the handling > of VLAN tags was significantly changed to remove the special case for > receiving packets from devices with VLAN tag offload, causing this > configuration to break. Since many people used similar configurations, > this was fixed in Linux 3.2 (I think). That is, unfortunately, not the case. Ganeti, and other virtualization solutions built on top of Xen and KVM, makes use of bridges to attach VMs to the underlying interface. The underlying interface could be anything: vlan, raw ethernet, bond'ed link, etc... This works fine on 2.6.32, as was pointed out, but fails afterwards. I've tried with 3.2 and 3.5, and the bug persists. My setup is as described earlier by Erich: br0: eth0 (for management) br1: eth0.3 br2: eth0.4 brX: eth0.X ... with the IP for management on br0. This, by the way, works with bonded interfaces as well on 2.6.32: br0: bond0: eth0 + eth1 br1: bond0.3 br2: bond0.4 ... On 3.2, this stopped working. At first I thought it was the bond interface, so I attempted to run directly on eth0.* - but that didn't help. Then I suspected an issue with mixing tagged and untagged + bridging. And since mixing tagged and untagged on the same link is usually not a good idea, I reconfigured everything to run in trunked/.1q, not using eth0 for any IP traffic directly: br0: eth0.100 (now using a tagged vlan for the management IP) br1: eth0.3 etc... ... but this doesn't work in 3.2+ It might not be Debian specific, but nevertheless it's a showstopper... If this configuration is not supported, what is the suggested alternative ? KVM and other hypervisors need a bridge to attach VMs to: how is one supposed to host different VMs on different subnets on a single machine ? (Something easily done on 2.6.32, or even on FreeBSD or VMWware) ? I could try OpenvSwitch... Thanks, Phil
Attachment:
pgpoHisANaTEN.pgp
Description: PGP signature