feat: add support for configuring vlan filtering on the bridge #8950
Conversation
Fixes siderolabs#8941 Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
smira
force-pushed
the
feat/vlan-filtering
branch
from
bea9ff5 to
cc345c8
Compare
|
/m |
|
@smira I am testing this and seems to be working fine however I am lost on how I actually trunk a VLAN up my link I have this config: And when I deploy a NAD the bridge is configure correctly on the K8s side of things: but VLAN 3712 in this example is not added to bond0 so nothing works. I can't figure out how I add a vlan to the machine config. For now I can simply do: What am I missing ? |
I guess you might need to have VLAN configured as well? |
|
I did try to do that as well. But where should I put the config ? I tried adding a vlan statement under the bridge and under the bond, but that doesn't work either as it create bond0.vlanID or BR0.vlanID but is not adding the vlan on the bond0 itself as a tagged vlan. |
|
I don't know what is the path exactly, but I guess you need to create a VLAN under the bond and add it to the bridge? See docs machine:
network:
interaces:
- interface: bond0
bond:
...
vlans:
- vlanId: 25
- interface: br0
bridge:
interfaces:
- bond0.25 |
|
The config you show me is what I would do if I do not have VLAN Filtering and this would work but requires me to create as many bond and bridge interfaces as vlans I need for my KubeVirt VMs. This article does a great work explaining this and makes a comparison with and without VLAN Filtering: If I read #8941 correctly what we want is indeed, as explained in the article above, a way to configure a single bridge and bond interface and no VLAN interfaces. The config I think we are looking for is something like this: (This is a copy paste from my OpenShift Cluster running NMState + KubeVirt) If I look at my talos config I have: What I am missing here is a way to tell what VLANs to trunk on Bond0 i.e. this section from my OpenShift Cluster: If there is a way to do so I am really unable to find it in the doc. All I can do is creating VLAN sub-interfaces on the bond or the bridge but this is not what we need. Happy to open a new git issue if needed be but vlan filtering implemented as is, is not really solving the issue. |
|
Yes, I guess what you're looking for is different from what was implemented in this PR. The easiest for us would be to see the equivalent setup using e.g. |
|
Seems to me as well but I am not sure what is the use of this feature without trunks... Would be interesting to know how @e3b0c442 meant to use this. I will open a new issue then with the full set of commands I need using the ip commands, assuming is possible I will have to check as I always used the |
|
I didn't get back around to close the loop here and apologize for the incompleteness in my original issue; @camrossi is correct, we also need the ability to set the VLANs the bridge's controlled ports carry. I think this article https://developers.redhat.com/blog/2017/09/14/vlan-filter-support-on-bridge#with_vlan_filtering explains it clearly. So in essence, we need to be able to: # 1. create the bridge and attach the controlled interfaces (implemented)
ip link add br0 type bridge
ip link set br0 up
ip link set eth0 master br0
# 2. Allow VLAN filtering on the bridge (implemented)
ip link set br0 type bridge vlan_filtering 1
# 3. Add the VLANs to the controlled interfaces (missing)
bridge vlan add dev eth0 vid 2 master
bridge vlan add dev eth0 vid 3 masterI don't believe that this can be done with just the Note that creating the |
|
thank you, if you as experts could create an issue on what's missing, we would be able to look into missing pieces and implement them, thank you! |
Fixes #8941