3:29 a.m.
As requested by Laine, I have converted the code to use netlink rather
than executing bridge vlan commands. I have also checked it compiles
under FreeBSD.
Description
-----------
The iproute2 bridge command supports the capability for VLAN filtering
that allows each interface connected to a standard linux bridge to be
configured to use one or more VLANs. For simple setups, this capability
is enough to allow virtual machines or containers to be put onto
separate VLANs without creating multiple bridges and VLANs on the host.
The first patch adds a new function virNetDevBridgeSetupVlans() that
will, given a virNetDevVlan structure, execute the required bridge vlan
commands to configure the given interface accordingly.
The second patch updates the virNetDevBridgeAddPort() function to allow
a virNetDevVlan parameter to be passed, and to call the
virNetDevBridgeSetupVlans() function.
The third patch updates the lxc and tap code to pass the virNetDevLan
parameter from the configuration and to update the XML domain and
network validation to permit the VLAN-related tags for standard
bridges.
The fourth patch updates documentation to match the new capability.
Changes since v2
----------------
- Convert to use netlink rather than executing bridge vlan commands.
- Add unsupported on this platform error message on FreeBSD.
Changes since v1
----------------
- Fix bug in virNetDevSetupVlans where bridge port has no native vlan.
- Update bridge network validation to permit vlan configuration.
- Update documentation to match the functionality.
- Tweak some of the commit descriptions for clarity.
Usage example
-------------
Configure the host with systemd-networkd as follows:
/etc/systemd/network/br0.netdev (br0.network not shown)
[NetDev]
Name=br0
Kind=bridge
MACAddress=xx:xx:xx:xx:xx:xx
[Bridge]
VLANFiltering=on
/etc/systemd/network/eno1.network
[Match]
Name=eno1
[Network]
Bridge=br0
[Link]
MTUBytes=9000
[BridgeVLAN]
VLAN=40
[BridgeVLAN]
VLAN=60
Then add <vlan> tags into the lxc or qemu config:
lxc interface definition:
<interface type='bridge'>
<mac address='xx:xx:xx:xx:xx:xx'/>
<source bridge='br0'/>
<vlan>
<tag id='40'/>
</vlan>
</interface>
qemu interface definition:
<interface type='network'>
<mac address='xx:xx:xx:xx:xx:xx'/>
<source network='br0'/>
<vlan>
<tag id='60'/>
</vlan>
<model type='virtio'/>
<address type='pci' domain='0x0000'
bus='0x01' slot='0x00' function='0x0'/>
</interface>
Then, after starting them, you will see the following
$ sudo bridge vlan
port vlan-id
eno1 1 PVID Egress Untagged
40
60
br0 1 PVID Egress Untagged
vnet0 60 PVID Egress Untagged
vnet1 40 PVID Egress Untagged
Regards,
Leigh Brown (4):
util: add netlink bridge vlan filtering
util: Add vlan support to virNetDevBridgeAddPort
Enable vlan support for standard linux bridges
docs: standard linux bridges now support vlans
docs/formatdomain.rst | 37 +++++++++---------
docs/formatnetwork.rst | 45 +++++++++++-----------
src/conf/domain_validate.c | 3 +-
src/lxc/lxc_process.c | 3 +-
src/network/bridge_driver.c | 13 ++++---
src/util/virnetdevbridge.c | 75 +++++++++++++++++++++++++++++++++++--
src/util/virnetdevbridge.h | 4 +-
src/util/virnetdevtap.c | 2 +-
src/util/virnetlink.c | 66 ++++++++++++++++++++++++++++++++
src/util/virnetlink.h | 7 ++++
10 files changed, 202 insertions(+), 53 deletions(-)
--
2.39.5
3:29 a.m.
New subject: [RFC v3 PATCH 1/4] util: add netlink bridge vlan filtering
Enable capability to add and remove vlan filters for a standard
linux bridge using netlink.
New function virNetlinkBridgeVlanFilterSet can be used to add or
remove a vlan filter to a given bridge interface.
Signed-off-by: Leigh Brown <leigh(a)solinno.co.uk>
---
src/util/virnetlink.c | 66 +++++++++++++++++++++++++++++++++++++++++++
src/util/virnetlink.h | 7 +++++
2 files changed, 73 insertions(+)
diff --git a/src/util/virnetlink.c b/src/util/virnetlink.c
index 24cd69a385..206646d9d7 100644
--- a/src/util/virnetlink.c
+++ b/src/util/virnetlink.c
@@ -701,6 +701,72 @@ virNetlinkDelLink(const char *ifname, virNetlinkTalkFallback
fallback)
return 0;
}
+/**
+ * virNetlinkBridgeVlanFilterSet:
+ *
+ * @ifname: name of the link
+ * @cmd: netlink command, either RTM_SETLINK or RTM_DELLINK
+ * @flags: flags to use when adding the vlan filter
+ * @vid: vlan id to add or remove
+ * @error: netlink error code
+ *
+ * Add or remove a vlan filter from an interface associated with a
+ * bridge.
+ *
+ * Returns 0 on success, -1 on error. Additionally, if the @error is
+ * non-zero, then a netlink failure occurred, but no error message
+ * is generated leaving it up to the caller to handle the condition.
+ */
+int
+virNetlinkBridgeVlanFilterSet(const char *ifname,
+ int cmd,
+ const unsigned short flags,
+ const short vid,
+ int *error)
+{
+ struct ifinfomsg ifm = { .ifi_family = PF_BRIDGE };
+ struct bridge_vlan_info vinfo = { .flags = flags, .vid = vid };
+ struct nlattr *afspec = NULL;
+ g_autoptr(virNetlinkMsg) nl_msg = NULL;
+ g_autofree struct nlmsghdr *resp = NULL;
+ unsigned int resp_len = 0;
+
+ *error = 0;
+
+ if (vid < 1 || vid > 4095) {
+ virReportError(ERANGE, _("vlanid out of range: %1$d"), vid);
+ return -1;
+ }
+
+ if (!(cmd == RTM_SETLINK || cmd == RTM_DELLINK)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Invalid vlan filter command %1$d"), cmd);
+ return -1;
+ }
+
+ if (virNetDevGetIndex(ifname, &ifm.ifi_index) < 0)
+ return -1;
+
+ nl_msg = virNetlinkMsgNew(cmd, NLM_F_REQUEST);
+
+ NETLINK_MSG_APPEND(nl_msg, sizeof(ifm), &ifm);
+
+ NETLINK_MSG_NEST_START(nl_msg, afspec, IFLA_AF_SPEC);
+ NETLINK_MSG_PUT(nl_msg, IFLA_BRIDGE_VLAN_INFO, sizeof(vinfo), &vinfo);
+ NETLINK_MSG_NEST_END(nl_msg, afspec);
+
+ if (virNetlinkTalk(ifname, nl_msg, 0, 0, &resp, &resp_len, error, NULL) <
0)
+ return -1;
+
+ if (resp->nlmsg_type != NLMSG_ERROR && resp->nlmsg_type != NLMSG_DONE)
{
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("malformed netlink response message"));
+ return -1;
+ }
+
+ return 0;
+}
+
/**
* virNetlinkGetNeighbor:
*
diff --git a/src/util/virnetlink.h b/src/util/virnetlink.h
index 75192f645f..327fb426a1 100644
--- a/src/util/virnetlink.h
+++ b/src/util/virnetlink.h
@@ -25,6 +25,7 @@
#if defined(WITH_LIBNL)
# include <netlink/msg.h>
+# include <linux/if_bridge.h>
typedef struct nl_msg virNetlinkMsg;
G_DEFINE_AUTOPTR_CLEANUP_FUNC(virNetlinkMsg, nlmsg_free);
@@ -76,6 +77,12 @@ typedef int (*virNetlinkTalkFallback)(const char *ifname);
int virNetlinkDelLink(const char *ifname, virNetlinkTalkFallback fallback);
+int virNetlinkBridgeVlanFilterSet(const char *ifname,
+ int cmd,
+ const unsigned short flags,
+ const short vid,
+ int *error);
+
int virNetlinkGetErrorCode(struct nlmsghdr *resp, unsigned int recvbuflen);
int virNetlinkDumpLink(const char *ifname, int ifindex,
--
2.39.5
3:29 a.m.
New subject: [RFC v3 PATCH 2/4] util: Add vlan support to virNetDevBridgeAddPort
Add virNetDevBridgeSetupVlans function to configures a bridge
interface using the passed virNetDevVlan struct.
Add virVlan parameter to the Linux version of virNetDevBridgeAddPort
and call virNetDevBridgeSetupVlans to set up the required vlan
configuration.
Update callers of virNetDevBridgeAddPort to pass NULL for now.
Signed-off-by: Leigh Brown <leigh(a)solinno.co.uk>
---
src/lxc/lxc_process.c | 2 +-
src/util/virnetdevbridge.c | 75 ++++++++++++++++++++++++++++++++++++--
src/util/virnetdevbridge.h | 4 +-
src/util/virnetdevtap.c | 2 +-
4 files changed, 76 insertions(+), 7 deletions(-)
diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
index c2982244f0..7c760cec40 100644
--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
@@ -289,7 +289,7 @@ virLXCProcessSetupInterfaceTap(virDomainDef *vm,
vport, virDomainNetGetActualVlan(net)) <
0)
return NULL;
} else {
- if (virNetDevBridgeAddPort(brname, parentVeth) < 0)
+ if (virNetDevBridgeAddPort(brname, parentVeth, NULL) < 0)
return NULL;
if (virDomainNetGetActualPortOptionsIsolated(net) == VIR_TRISTATE_BOOL_YES
&&
diff --git a/src/util/virnetdevbridge.c b/src/util/virnetdevbridge.c
index 5fd88f3195..80f028e9b7 100644
--- a/src/util/virnetdevbridge.c
+++ b/src/util/virnetdevbridge.c
@@ -313,6 +313,65 @@ virNetDevBridgePortSetIsolated(const char *brname,
return virNetDevBridgePortSet(brname, ifname, "isolated", enable ? 1 : 0);
}
+static int
+virNetDevBridgeSetupVlans(const char *ifname, const virNetDevVlan *virtVlan)
+{
+ int error = 0;
+ unsigned short flags;
+
+ if (!virtVlan || !virtVlan->nTags)
+ return 0;
+
+ // The interface will have been automatically added to vlan 1, so remove it
+ if (virNetlinkBridgeVlanFilterSet(ifname, RTM_DELLINK, 0, 1, &error) < 0)
+ goto err_delete;
+
+ // If trunk mode, add the native VLAN then add the others, if any
+ if (virtVlan->trunk) {
+ size_t i;
+
+ if (virtVlan->nativeTag) {
+ flags = BRIDGE_VLAN_INFO_PVID;
+ if (virtVlan->nativeMode == VIR_NATIVE_VLAN_MODE_UNTAGGED ||
+ virtVlan->nativeMode == VIR_NATIVE_VLAN_MODE_DEFAULT)
+ flags |= BRIDGE_VLAN_INFO_UNTAGGED;
+
+ if (virNetlinkBridgeVlanFilterSet(ifname, RTM_SETLINK, flags,
+ virtVlan->nativeTag, &error) <
0)
+ goto err_add;
+ }
+
+ for (i = 0; i < virtVlan->nTags; i++) {
+ if (virtVlan->tag[i] != virtVlan->nativeTag)
+ if (virNetlinkBridgeVlanFilterSet(ifname, RTM_SETLINK, 0,
+ virtVlan->tag[i], &error) <
0)
+ goto err_add;
+ }
+ } else {
+ // In native mode, add the single VLAN as pvid untagged
+ flags = BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED;
+ if (virNetlinkBridgeVlanFilterSet(ifname, RTM_SETLINK, flags,
+ virtVlan->tag[0], &error) < 0)
+ goto err_add;
+ }
+
+ return 0;
+
+ err_add:
+ if (error != 0)
+ virReportSystemError(-error,
+ _("error adding vlan filter to interface %1$s"),
+ ifname);
+ return -1;
+
+ err_delete:
+ if (error != 0)
+ virReportSystemError(-error,
+ _("error removing vlan filter from interface
%1$s"),
+ ifname);
+ return -1;
+}
+
#else
int
@@ -593,7 +652,8 @@ int virNetDevBridgeDelete(const char *brname G_GNUC_UNUSED)
*/
#if defined(WITH_STRUCT_IFREQ) && defined(SIOCBRADDIF)
int virNetDevBridgeAddPort(const char *brname,
- const char *ifname)
+ const char *ifname,
+ const virNetDevVlan *virtVlan)
{
struct ifreq ifr;
VIR_AUTOCLOSE fd = -1;
@@ -613,14 +673,20 @@ int virNetDevBridgeAddPort(const char *brname,
return -1;
}
- return 0;
+ return virNetDevBridgeSetupVlans(ifname, virtVlan);
}
#elif defined(WITH_BSD_BRIDGE_MGMT)
int virNetDevBridgeAddPort(const char *brname,
- const char *ifname)
+ const char *ifname,
+ const virNetDevVlan *virtVlan)
{
struct ifbreq req = { 0 };
+ if (virtVlan) {
+ virReportSystemError(ENOSYS, "%s", _("Not supported on this
platform"));
+ return -1;
+ }
+
if (virStrcpyStatic(req.ifbr_ifsname, ifname) < 0) {
virReportSystemError(ERANGE,
_("Network interface name '%1$s' is too
long"),
@@ -638,7 +704,8 @@ int virNetDevBridgeAddPort(const char *brname,
}
#else
int virNetDevBridgeAddPort(const char *brname,
- const char *ifname)
+ const char *ifname,
+ const virNetDevVlan *virtVlan)
{
virReportSystemError(ENOSYS,
_("Unable to add bridge %1$s port %2$s"), brname,
ifname);
diff --git a/src/util/virnetdevbridge.h b/src/util/virnetdevbridge.h
index db4099bf0b..5f51656abe 100644
--- a/src/util/virnetdevbridge.h
+++ b/src/util/virnetdevbridge.h
@@ -20,6 +20,7 @@
#include "internal.h"
#include "virmacaddr.h"
+#include "virnetdevvlan.h"
int virNetDevBridgeCreate(const char *brname,
const virMacAddr *mac)
@@ -28,7 +29,8 @@ int virNetDevBridgeDelete(const char *brname)
ATTRIBUTE_NONNULL(1) G_GNUC_WARN_UNUSED_RESULT;
int virNetDevBridgeAddPort(const char *brname,
- const char *ifname)
+ const char *ifname,
+ const virNetDevVlan *virtVlan)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) G_GNUC_WARN_UNUSED_RESULT;
int virNetDevBridgeRemovePort(const char *brname,
diff --git a/src/util/virnetdevtap.c b/src/util/virnetdevtap.c
index 2701ba6dfc..a9573eb8e1 100644
--- a/src/util/virnetdevtap.c
+++ b/src/util/virnetdevtap.c
@@ -483,7 +483,7 @@ virNetDevTapAttachBridge(const char *tapname,
return -1;
}
} else {
- if (virNetDevBridgeAddPort(brname, tapname) < 0)
+ if (virNetDevBridgeAddPort(brname, tapname, NULL) < 0)
return -1;
if (isolatedPort == VIR_TRISTATE_BOOL_YES &&
--
2.39.5
3:29 a.m.
New subject: [RFC v3 PATCH 3/4] Enable vlan support for standard linux bridges
Adjust domain and network validation to permit standard linux bridges
to allow vlan configuration.
Update calls to virNetDevBridgeAddPort to pass the vlan configuration.
Signed-off-by: Leigh Brown <leigh(a)solinno.co.uk>
---
src/conf/domain_validate.c | 3 ++-
src/lxc/lxc_process.c | 3 ++-
src/network/bridge_driver.c | 13 ++++++++-----
src/util/virnetdevtap.c | 2 +-
4 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 1034bb57f5..c7a79a0277 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -2077,7 +2077,8 @@ virDomainActualNetDefValidate(const virDomainNetDef *net)
(actualType == VIR_DOMAIN_NET_TYPE_DIRECT &&
virDomainNetGetActualDirectMode(net) == VIR_NETDEV_MACVLAN_MODE_PASSTHRU)
||
(actualType == VIR_DOMAIN_NET_TYPE_BRIDGE &&
- vport && vport->virtPortType ==
VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH))) {
+ vport && vport->virtPortType ==
VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) ||
+ (actualType == VIR_DOMAIN_NET_TYPE_BRIDGE && !vport))) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("interface %1$s - vlan tag not supported for this
connection type"),
macstr);
diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
index 7c760cec40..c427b38605 100644
--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
@@ -289,7 +289,8 @@ virLXCProcessSetupInterfaceTap(virDomainDef *vm,
vport, virDomainNetGetActualVlan(net)) <
0)
return NULL;
} else {
- if (virNetDevBridgeAddPort(brname, parentVeth, NULL) < 0)
+ if (virNetDevBridgeAddPort(brname, parentVeth,
+ virDomainNetGetActualVlan(net)) < 0)
return NULL;
if (virDomainNetGetActualPortOptionsIsolated(net) == VIR_TRISTATE_BOOL_YES
&&
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index ce793c12ef..8f47ef2574 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -2999,7 +2999,8 @@ networkValidate(virNetworkDriverState *driver,
/* The only type of networks that currently support transparent
* vlan configuration are those using hostdev sr-iov devices from
- * a pool, and those using an Open vSwitch bridge.
+ * a pool, those using an Open vSwitch bridge, and standard linux
+ * bridges.
*/
vlanAllowed = (def->forward.type == VIR_NETWORK_FORWARD_HOSTDEV ||
@@ -3007,15 +3008,17 @@ networkValidate(virNetworkDriverState *driver,
(def->forward.type == VIR_NETWORK_FORWARD_BRIDGE &&
def->virtPortProfile &&
def->virtPortProfile->virtPortType
- == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH));
+ == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) ||
+ (def->forward.type == VIR_NETWORK_FORWARD_BRIDGE &&
+ !def->virtPortProfile));
vlanUsed = def->vlan.nTags > 0;
for (i = 0; i < def->nPortGroups; i++) {
if (vlanUsed || def->portGroups[i].vlan.nTags > 0) {
/* anyone using this portgroup will get a vlan tag. Verify
- * that they will also be using an openvswitch connection,
- * as that is the only type of network that currently
- * supports a vlan tag.
+ * that they will also be using an openvswitch connection
+ * or a standard linux bridge as they are the only types of
+ * network that currently support a vlan tag.
*/
if (def->portGroups[i].virtPortProfile) {
if (def->forward.type != VIR_NETWORK_FORWARD_BRIDGE ||
diff --git a/src/util/virnetdevtap.c b/src/util/virnetdevtap.c
index a9573eb8e1..1dc77f0f5c 100644
--- a/src/util/virnetdevtap.c
+++ b/src/util/virnetdevtap.c
@@ -483,7 +483,7 @@ virNetDevTapAttachBridge(const char *tapname,
return -1;
}
} else {
- if (virNetDevBridgeAddPort(brname, tapname, NULL) < 0)
+ if (virNetDevBridgeAddPort(brname, tapname, virtVlan) < 0)
return -1;
if (isolatedPort == VIR_TRISTATE_BOOL_YES &&
--
2.39.5
3:29 a.m.
New subject: [RFC v3 PATCH 4/4] docs: standard linux bridges now support vlans
Update domain XML and network XML documentation to describe how
standard linux bridges support the VLAN configuration.
Signed-off-by: Leigh Brown <leigh(a)solinno.co.uk>
---
docs/formatdomain.rst | 37 +++++++++++++++++-----------------
docs/formatnetwork.rst | 45 +++++++++++++++++++++---------------------
2 files changed, 42 insertions(+), 40 deletions(-)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 8d787ef59a..90b025508a 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -6039,28 +6039,29 @@ VLAN tags to apply to the guest's network traffic
:since:`Since 0.10.0`.
Network connections that support guest-transparent VLAN tagging include
``type='bridge'`` interfaces connected to an Open vSwitch bridge, SRIOV
-Virtual Functions (VF) used via ``type='hostdev'`` (direct device assignment)
-and, :since:`since 1.3.5`, SRIOV VFs used via ``type='direct'`` with
-``mode='passthrough'`` (macvtap "passthru" mode). All other
-connection types, including standard linux bridges and libvirt's own virtual
+Virtual Functions (VF) used via ``type='hostdev'`` (direct device assignment),
+:since:`since 1.3.5`, SRIOV VFs used via ``type='direct'`` with
+``mode='passthrough'`` (macvtap "passthru" mode) and, :since:`since
11.0.0`
+standard linux bridges. Other connection types, including libvirt's own virtual
networks, **do not** support it. 802.1Qbh (vn-link) and 802.1Qbg (VEPA) switches
provide their own way (outside of libvirt) to tag guest traffic onto a specific
VLAN. Each tag is given in a separate ``<tag>`` subelement of ``<vlan>``
(for
example: ``<tag id='42'/>``). For VLAN trunking of multiple tags (which is
-supported only on Open vSwitch connections), multiple ``<tag>`` subelements can
-be specified, which implies that the user wants to do VLAN trunking on the
-interface for all the specified tags. In the case that VLAN trunking of a single
-tag is desired, the optional attribute ``trunk='yes'`` can be added to the
-toplevel ``<vlan>`` element to differentiate trunking of a single tag from
-normal tagging.
-
-For network connections using Open vSwitch it is also possible to configure
-'native-tagged' and 'native-untagged' VLAN modes :since:`Since 1.1.0`.
This is
-done with the optional ``nativeMode`` attribute on the ``<tag>`` subelement:
-``nativeMode`` may be set to 'tagged' or 'untagged'. The ``id`` attribute
of the
-``<tag>`` subelement containing ``nativeMode`` sets which VLAN is considered to
-be the "native" VLAN for this interface, and the ``nativeMode`` attribute
-determines whether or not traffic for that VLAN will be tagged.
+supported on Open vSwitch connections and standard linux bridges), multiple
+``<tag>`` subelements can be specified, which implies that the user wants to do
+VLAN trunking on the interface for all the specified tags. In the case that VLAN
+trunking of a single tag is desired, the optional attribute ``trunk='yes'`` can
+be added to the toplevel ``<vlan>`` element to differentiate trunking of a
+single tag from normal tagging.
+
+For network connections using Open vSwitch and standard linux bridges it is also
+possible to configure 'native-tagged' and 'native-untagged' VLAN modes
+:since:`Since 1.1.0`. This is done with the optional ``nativeMode`` attribute on
+the ``<tag>`` subelement: ``nativeMode`` may be set to 'tagged' or
'untagged'.
+The ``id`` attribute of the ``<tag>`` subelement containing ``nativeMode`` sets
+which VLAN is considered to be the "native" VLAN for this interface, and the
+``nativeMode`` attribute determines whether or not traffic for that VLAN will be
+tagged.
Isolating guests' network traffic from each other
diff --git a/docs/formatnetwork.rst b/docs/formatnetwork.rst
index 9b4ecbf31d..053fe6ad56 100644
--- a/docs/formatnetwork.rst
+++ b/docs/formatnetwork.rst
@@ -520,28 +520,29 @@ VLAN tags to apply to the guest's network traffic :since:`Since
0.10.0`.
Network connections that support guest-transparent VLAN tagging include
``type='bridge'`` interfaces connected to an Open vSwitch bridge, SRIOV
-Virtual Functions (VF) used via ``type='hostdev'`` (direct device assignment)
-and, :since:`since 1.3.5`, SRIOV VFs used via ``type='direct'`` with
-``mode='passthrough'`` (macvtap "passthru" mode). All other
-connection types, including standard linux bridges and libvirt's own virtual
-networks, **do not** support it. 802.1Qbh (vn-link) and 802.1Qbg (VEPA) switches
-provide their own way (outside of libvirt) to tag guest traffic onto a specific
-VLAN. Each tag is given in a separate ``<tag>`` subelement of ``<vlan>``
(for
-example: ``<tag id='42'/>``). For VLAN trunking of multiple tags (which is
-supported only on Open vSwitch connections), multiple ``<tag>`` subelements can
-be specified, which implies that the user wants to do VLAN trunking on the
-interface for all the specified tags. In the case that VLAN trunking of a single
-tag is desired, the optional attribute ``trunk='yes'`` can be added to the
-toplevel ``<vlan>`` element to differentiate trunking of a single tag from
-normal tagging.
-
-For network connections using Open vSwitch it is also possible to configure
-'native-tagged' and 'native-untagged' VLAN modes :since:`Since 1.1.0`.
This is
-done with the optional ``nativeMode`` attribute on the ``<tag>`` subelement:
-``nativeMode`` may be set to 'tagged' or 'untagged'. The ``id`` attribute
of the
-``<tag>`` subelement containing ``nativeMode`` sets which VLAN is considered to
-be the "native" VLAN for this interface, and the ``nativeMode`` attribute
-determines whether or not traffic for that VLAN will be tagged.
+Virtual Functions (VF) used via ``type='hostdev'`` (direct device assignment),
+:since:`since 1.3.5`, SRIOV VFs used via ``type='direct'`` with
+``mode='passthrough'`` (macvtap "passthru" mode) and, :since:`since
11.0.0`,
+standard linux bridges. All other connection types, including libvirt's own
+virtual networks, **do not** support it. 802.1Qbh (vn-link) and 802.1Qbg (VEPA)
+switches provide their own way (outside of libvirt) to tag guest traffic onto a
+specific VLAN. Each tag is given in a separate ``<tag>`` subelement of
+``<vlan>`` (for example: ``<tag id='42'/>``). For VLAN trunking of
multiple
+tags (which is supported on Open vSwitch connections and standard linux
+bridges), multiple ``<tag>`` subelements can be specified, which implies that
+the user wants to do VLAN trunking on the interface for all the specified tags.
+In the case that VLAN trunking of a single tag is desired, the optional
+attribute ``trunk='yes'`` can be added to the toplevel ``<vlan>`` element
to
+differentiate trunking of a single tag from normal tagging.
+
+For network connections using Open vSwitch :since:`since 1.1.10` and standard
+linux bridges :since:`since 11.0.0` it is also possible to configure
+'native-tagged' and 'native-untagged' VLAN modes. This is done with the
optional
+``nativeMode`` attribute on the ``<tag>`` subelement: ``nativeMode`` may be set
+to 'tagged' or 'untagged'. The ``id`` attribute of the ``<tag>``
subelement
+containing ``nativeMode`` sets which VLAN is considered to be the "native"
VLAN
+for this interface, and the ``nativeMode`` attribute determines whether or not
+traffic for that VLAN will be tagged.
``<vlan>`` elements can also be specified in a ``<portgroup>`` element, as
well
as directly in a domain's ``<interface>`` element. In the case that a vlan tag
--
2.39.5
4
days inactive
4
days old
4 comments
1 participants
participants (1)
-
Leigh Brown