To summarize all that: 1) I think we can just use an omission of the <source> to indicate that an interface shouldn't be connected to anything, both for type='bridge' and type='network'.

On Thu, Jun 20, 2013 at 02:42:31PM +0300, Dan Kenigsberg wrote: > Hi List, > > Like most of us, I've bought my actual computer with an Ethernet > interface card, that I can connect to a wall jack at will. It's quite > easy to disconnect the Ethernet cable from the wall, as well. > > I would like to expose this behavior to virtual computers, too. Via > libvirt, of course. That's useful, since an admin may need to disconnect > a running VM from a network temporarily, without resorting to > hot-unplugging its nic. In the bug you filed requested this feature, you said that you want this so that you can make oVirt configure bridging behind libvirts back with Quantum.

As explained in the bug, this is a really bad way todo this & should not be required - OpenStack Nova demonstrates you can do the right thing wrt Quantum using exisiting libvirt config.

So I'm not inclined to support this disconnected mode.

On Sun, Jun 23, 2013 at 03:34:06PM +0300, Dan Kenigsberg wrote: > On Fri, Jun 21, 2013 at 04:31:53AM -0500, Daniel P. Berrange wrote: > > On Thu, Jun 20, 2013 at 02:42:31PM +0300, Dan Kenigsberg wrote: > > > Hi List, > > > > > > Like most of us, I've bought my actual computer with an Ethernet > > > interface card, that I can connect to a wall jack at will. It's quite > > > easy to disconnect the Ethernet cable from the wall, as well. > > > > > > I would like to expose this behavior to virtual computers, too. Via > > > libvirt, of course. That's useful, since an admin may need to disconnect > > > a running VM from a network temporarily, without resorting to > > > hot-unplugging its nic. > > > > In the bug you filed requested this feature, you said that you want > > this so that you can make oVirt configure bridging behind libvirts > > back with Quantum. > > This is not exact. Bug 878481 - define a disconnected <interface> > was opened with the VM-connected-to-no-bridge in mind. > > Since libvirt is lacking this feature, oVirt has introduced an ugly > hack: a dummy bridge, to which a disconnected VM is moved to. The > interface fo this VM had to be set with <link state=off> to avoid > inter-VM communication. > > Only then came the Quantum use case. Sigh. In the BZ, your justification only mentioned that this is required for integration with Quantum, never that it was required separately.

> > As explained in the bug, this is a really bad way > > todo this & should not be required - OpenStack Nova demonstrates you > > can do the right thing wrt Quantum using exisiting libvirt config. > > I'm not sure that this is THE right thing. At the momement, both > quantum's linuxbridge plugin and nova's LinuxBridgeInterfaceDriver have > an ensure_vlan_bridge() method. > > > I'm no OpenStack expert, but I think that the nicest separation between > nova's and quantum's domains is the tap device (obviously only for > networks which use tap devices). Quantum should create the Linux bridge > and its underlying connectivity (or even worse for ovs with security > groups...), and Nova should connect a newly-created VM to it. Otherwise, > Nova would have to reimplement just about any extension that is > introduced to Quantum. While there are many, many ways to configure a physical network, there are a small, finite number of ways that you can connect a virtual machine to a physical network. Thus while there can be many different quantum plugins, Nova only needs to know about a handful of VM configuration rules. > In particular, I worry about the mapping of a network to a physical > device. Quantum's linuxbridge does it according to a preconfigured > cfg.CONF.LINUX_BRIDGE.physical_interface_mappings. Does Nova's vif > driver support something like this? From where does it collect this > information? > > Anyway, would you suggest oVirt to implement its own > ensure_vlan_bridge()? Or use the vif driver code? Or that of linuxbridge > quantum plugin? I'm not sure you're looking at current codebase. As of Grizzly the quantum specific VIF plugin (and all other existing VIF plugins) are deprecated in favour of LibvirtGenericVIFDriver. This defines (currently) 4 different types of VIF configuration, linux bridge, openvswitch, 802.qbg and 802.qbh. Each of these VIF types has a set of metadata associated with it describing the configuration requirements, which is used to configure the VM interface appropriately. This clean separation isolates Nova from any knowledge of Quantum, and vica-verca.

> > So I'm not inclined to support this disconnected mode. > > Disconnected mode exists in actuality. It has valid use cases in the > virtual world as well. I would like to discuss the domxml schema for > representing it, and then, hopefully find the menpower to implement it > outside the core libvirt team. So please, reconsider. The XML schema is easy enough - it is just a new <interface type=none>. Ideally we would want some kind of support in QEMU for this, concept so that we don't have to have a hidden dangling tap device

On 07/02/2013 04:07 PM, Dan Kenigsberg wrote: > On Mon, Jun 24, 2013 at 11:22:16AM +0100, Daniel P. Berrange wrote: >> On Sun, Jun 23, 2013 at 03:34:06PM +0300, Dan Kenigsberg wrote: >>> On Fri, Jun 21, 2013 at 04:31:53AM -0500, Daniel P. Berrange wrote: >>>> So I'm not inclined to support this disconnected mode. >>> Disconnected mode exists in actuality. It has valid use cases in the >>> virtual world as well. I would like to discuss the domxml schema for >>> representing it, and then, hopefully find the menpower to implement it >>> outside the core libvirt team. So please, reconsider. >> The XML schema is easy enough - it is just a new <interface type=none>. >> Ideally we would want some kind of support in QEMU for this, concept >> so that we don't have to have a hidden dangling tap device > That would be cool indeed. It would make it possible to > virDomainUpdateDevice() from a tap-based connectivity to non-tap one. > > Until we have something like that in qemu, would it be reasonable to > implement <interface type=none> via a dangling tap? Wouldn't it be fine > to limit changing type=none to type=network only to bridge-based > networks? Well, that *is* how virDomainUpdateDevice behaves when switching from one network connection to another - if the source and destination are both implemented with tap, it works, otherwise it returns OPERATION_UNSUPPORTED.

On Wed, Jul 03, 2013 at 09:39:57AM +0300, Dan Kenigsberg wrote: > On Tue, Jul 02, 2013 at 05:32:20PM -0400, Laine Stump wrote: >> On 07/02/2013 04:07 PM, Dan Kenigsberg wrote: >>> On Mon, Jun 24, 2013 at 11:22:16AM +0100, Daniel P. Berrange wrote: >>>> On Sun, Jun 23, 2013 at 03:34:06PM +0300, Dan Kenigsberg wrote: >>>>> On Fri, Jun 21, 2013 at 04:31:53AM -0500, Daniel P. Berrange wrote: >>>>>> So I'm not inclined to support this disconnected mode. >>>>> Disconnected mode exists in actuality. It has valid use cases in the >>>>> virtual world as well. I would like to discuss the domxml schema for >>>>> representing it, and then, hopefully find the menpower to implement it >>>>> outside the core libvirt team. So please, reconsider. >>>> The XML schema is easy enough - it is just a new <interface type=none>. >>>> Ideally we would want some kind of support in QEMU for this, concept >>>> so that we don't have to have a hidden dangling tap device >>> That would be cool indeed. It would make it possible to >>> virDomainUpdateDevice() from a tap-based connectivity to non-tap one. >>> >>> Until we have something like that in qemu, would it be reasonable to >>> implement <interface type=none> via a dangling tap? Wouldn't it be fine >>> to limit changing type=none to type=network only to bridge-based >>> networks? >> Well, that *is* how virDomainUpdateDevice behaves when switching from >> one network connection to another - if the source and destination are >> both implemented with tap, it works, otherwise it returns >> OPERATION_UNSUPPORTED. > My question is slightly different: it's about switching from one > interface type (=none) to another (=network), not between two networks. > > I am asking whether it would be fine to implement type=none with tap, > given this unsupportedness. No, it doesn't really work properly. Not all type=network configs are based on tap devices. We need to be able to ask QEMU to remove the netdev backend, without affecting the guest device, and then add in a new netdev backend. We should have asked for this when we first did dynamic network re-configuration, but we took the easy way out back then. We need to fix this properly so that all possible config changes work.

On Mon, Jun 24, 2013 at 11:22:16AM +0100, Daniel P. Berrange wrote: > On Sun, Jun 23, 2013 at 03:34:06PM +0300, Dan Kenigsberg wrote: > > On Fri, Jun 21, 2013 at 04:31:53AM -0500, Daniel P. Berrange wrote: > > > On Thu, Jun 20, 2013 at 02:42:31PM +0300, Dan Kenigsberg wrote: > > > > Hi List, > > > > > > > > Like most of us, I've bought my actual computer with an Ethernet > > > > interface card, that I can connect to a wall jack at will. It's quite > > > > easy to disconnect the Ethernet cable from the wall, as well. > > > > > > > > I would like to expose this behavior to virtual computers, too. Via > > > > libvirt, of course. That's useful, since an admin may need to disconnect > > > > a running VM from a network temporarily, without resorting to > > > > hot-unplugging its nic. > > > > > > In the bug you filed requested this feature, you said that you want > > > this so that you can make oVirt configure bridging behind libvirts > > > back with Quantum. > > > > This is not exact. Bug 878481 - define a disconnected <interface> > > was opened with the VM-connected-to-no-bridge in mind. > > > > Since libvirt is lacking this feature, oVirt has introduced an ugly > > hack: a dummy bridge, to which a disconnected VM is moved to. The > > interface fo this VM had to be set with <link state=off> to avoid > > inter-VM communication. > > > > Only then came the Quantum use case. > > Sigh. In the BZ, your justification only mentioned that this is > required for integration with Quantum, never that it was required > separately. Verifying this statement is left as an excercise to the reader of https://bugzilla.redhat.com/show_bug.cgi?id=878481#c0 . > > > > As explained in the bug, this is a really bad way > > > todo this & should not be required - OpenStack Nova demonstrates you > > > can do the right thing wrt Quantum using exisiting libvirt config. > > > > I'm not sure that this is THE right thing. At the momement, both > > quantum's linuxbridge plugin and nova's LinuxBridgeInterfaceDriver have > > an ensure_vlan_bridge() method. > > > > > > I'm no OpenStack expert, but I think that the nicest separation between > > nova's and quantum's domains is the tap device (obviously only for > > networks which use tap devices). Quantum should create the Linux bridge > > and its underlying connectivity (or even worse for ovs with security > > groups...), and Nova should connect a newly-created VM to it. Otherwise, > > Nova would have to reimplement just about any extension that is > > introduced to Quantum. > > While there are many, many ways to configure a physical network, > there are a small, finite number of ways that you can connect a > virtual machine to a physical network. Thus while there can be > many different quantum plugins, Nova only needs to know about a > handful of VM configuration rules. > > > In particular, I worry about the mapping of a network to a physical > > device. Quantum's linuxbridge does it according to a preconfigured > > cfg.CONF.LINUX_BRIDGE.physical_interface_mappings. Does Nova's vif > > driver support something like this? From where does it collect this > > information? > > > > Anyway, would you suggest oVirt to implement its own > > ensure_vlan_bridge()? Or use the vif driver code? Or that of linuxbridge > > quantum plugin? > > I'm not sure you're looking at current codebase. As of Grizzly the > quantum specific VIF plugin (and all other existing VIF plugins) > are deprecated in favour of LibvirtGenericVIFDriver. This defines > (currently) 4 different types of VIF configuration, linux bridge, > openvswitch, 802.qbg and 802.qbh. Each of these VIF types has a > set of metadata associated with it describing the configuration > requirements, which is used to configure the VM interface appropriately. > This clean separation isolates Nova from any knowledge of Quantum, > and vica-verca. I'm looking at the tip of master branch, both in https://github.com/openstack/nova/blob/master/nova/virt/libvirt/vif.py#L342 and https://github.com/openstack/quantum/blob/master/quantum/plugins/linuxbri... My spefcific painpoint is that the vif driver calls linux_net.LinuxBridgeInterfaceDriver.ensure_vlan_bridge() with no regards of the configuration of the quantum agent. True, a specific configuration parameter of a specific agent of a quantum plugin is not of the business of Nova. But this suggests that connecting a bridge to an external NIC is not its business, either. > > > > So I'm not inclined to support this disconnected mode. > > > > Disconnected mode exists in actuality. It has valid use cases in the > > virtual world as well. I would like to discuss the domxml schema for > > representing it, and then, hopefully find the menpower to implement it > > outside the core libvirt team. So please, reconsider. > > The XML schema is easy enough - it is just a new <interface type=none>. > Ideally we would want some kind of support in QEMU for this, concept > so that we don't have to have a hidden dangling tap device That would be cool indeed. It would make it possible to virDomainUpdateDevice() from a tap-based connectivity to non-tap one. Until we have something like that in qemu, would it be reasonable to implement <interface type=none> via a dangling tap? Wouldn't it be fine to limit changing type=none to type=network only to bridge-based networks? Regards, Dan.