[libvirt] Exact meaning of "nativeMode" attribute in vlan tags
You'd think that I would know this, since I'm the person who reviewed jrobson's patch adding support for the nativeMode attribute to the vlan tag element. But you'd be wrong. Here is what the config looks like: <vlan trunk='yes'> <tag id='42' nativeMode='untagged'/> <tag id='47'/> </vlan> I understand that trunk='yes' means that packets with any of the tags listed in a <tag> subelement can be sent out this port (and the tag will *not* be removed), and likewise packets arriving into the bridge from the port are allowed to have any of the listed tags (and, again, no tag will be removed). But what exactly do nativeMode='untagged' and nativeMode='tagged' mean? As I understand it, (nativeMode='untagged'|nativeMode='tagged') means that packets (arriving from|sent to) the port (without a tag/with that tag) will be (tagged|untagged). Can someone who fully understands this please select A or B for each of the 4 parenthesized items (in as many permutations as make sense). I guess that in one of the modes, untagged packets going in one direction or the other will be tagged, and vice versa, I just don't know which direction does which, and for which mode, and don't want to guess. (I'm asking this because I want to implement identical functionality for standard Linux host bridges - I want to make sure there are no surprises for people switching between OVS and Linux host bridge implementations).
On 02/22/2015 01:31 PM, Laine Stump wrote:
You'd think that I would know this, since I'm the person who reviewed jrobson's patch adding support for the nativeMode attribute to the vlan tag element. But you'd be wrong. Here is what the config looks like:
<vlan trunk='yes'> <tag id='42' nativeMode='untagged'/> <tag id='47'/> </vlan>
I understand that trunk='yes' means that packets with any of the tags listed in a <tag> subelement can be sent out this port (and the tag will *not* be removed), and likewise packets arriving into the bridge from the port are allowed to have any of the listed tags (and, again, no tag will be removed). But what exactly do nativeMode='untagged' and nativeMode='tagged' mean?
As I understand it, (nativeMode='untagged'|nativeMode='tagged') means that packets (arriving from|sent to) the port (without a tag/with that tag) will be (tagged|untagged). Can someone who fully understands this please select A or B for each of the 4 parenthesized items (in as many permutations as make sense).
I guess that in one of the modes, untagged packets going in one direction or the other will be tagged, and vice versa, I just don't know which direction does which, and for which mode, and don't want to guess.
(I'm asking this because I want to implement identical functionality for standard Linux host bridges - I want to make sure there are no surprises for people switching between OVS and Linux host bridge implementations).
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Laine, You are on the right path for figuring this out. I'm coming from a more traditional hardware networking viewpoint with vast experience in Cisco and HP switching products. In that arena, the "Native" vlan is the vlan of the trunk itself. For example, lets say you have a trunk carrying vlans 20-26, with a native vlan of 15. This native vlan only comes into play when that vlan interface on the switch itself has an IP address. Consider it the infrastructure management vlan - you really don't want it on vlan 1 (which is the default, and all trunks are have a native vlan of 1) for security purposes, so you create a management vlan and assign the vlan interface on all of your switches with an IP address from that range. When the trunks are built, the native vlan carries the untagged packets for the management network, while the tagged vlans are trunked through. In this specific scenario, and to answer your questions as asked, nativeMode='untagged' means that packets traveling to and from that port on that specific vlan ID will be untagged. nativeMode='tagged' means that packets in the native vlan will be tagged when sent or received on that port. I hope this helps, I can try to reword it if I made it even more confusing. -Dan -- Dan Mossor Systems Engineer at Large Fedora KDE WG | Fedora QA Team | Fedora Server SIG Fedora Infrastructure Apprentice FAS: dmossor IRC: danofsatx San Antonio, Texas, USA
To clarify the behaviour of open vswitch: With either of the native modes selected, a packet that comes in to the switch without a vlan header will be placed in the native vlan and the header added before the packet is forwarded. With nativeMode='tagged', a packet in the native vlan will be sent out of the switch with its vlan header intact. With nativeMode='untagged' a packet in the native vlan will be sent out of the switch with the vlan header removed. In case it helps, here is the open vswitch doc for the vlan settings: Bridge ports support the following types of VLAN configuration: trunk A trunk port carries packets on one or more specified VLANs specified in the trunks column (often, on every VLAN). A packet that ingresses on a trunk port is in the VLAN specified in its 802.1Q header, or VLAN 0 if the packet has no 802.1Q header. A packet that egresses through a trunk port will have an 802.1Q header if it has a nonzero VLAN ID. Any packet that ingresses on a trunk port tagged with a VLAN that the port does not trunk is dropped. access An access port carries packets on exactly one VLAN specified in the tag column. Packets egressing on an access port have no 802.1Q header. Any packet with an 802.1Q header with a nonzero VLAN ID that ingresses on an access port is dropped, regardless of whether the VLAN ID in the header is the access port’s VLAN ID. native-tagged A native-tagged port resembles a trunk port, with the exception that a packet without an 802.1Q header that ingresses on a native-tagged port is in the ‘‘native VLAN’’ (specified in the tag column). native-untagged A native-untagged port resembles a native-tagged port, with the exception that a packet that egresses on a native- untagged port in the native VLAN will not have an 802.1Q header. ________________________________________ From: sendmail [justsendmailnothingelse@gmail.com] on behalf of Laine Stump [laine@laine.org] Sent: 22 February 2015 19:31 To: Libvirt Cc: Robson, James Subject: Exact meaning of "nativeMode" attribute in vlan tags You'd think that I would know this, since I'm the person who reviewed jrobson's patch adding support for the nativeMode attribute to the vlan tag element. But you'd be wrong. Here is what the config looks like: <vlan trunk='yes'> <tag id='42' nativeMode='untagged'/> <tag id='47'/> </vlan> I understand that trunk='yes' means that packets with any of the tags listed in a <tag> subelement can be sent out this port (and the tag will *not* be removed), and likewise packets arriving into the bridge from the port are allowed to have any of the listed tags (and, again, no tag will be removed). But what exactly do nativeMode='untagged' and nativeMode='tagged' mean? As I understand it, (nativeMode='untagged'|nativeMode='tagged') means that packets (arriving from|sent to) the port (without a tag/with that tag) will be (tagged|untagged). Can someone who fully understands this please select A or B for each of the 4 parenthesized items (in as many permutations as make sense). I guess that in one of the modes, untagged packets going in one direction or the other will be tagged, and vice versa, I just don't know which direction does which, and for which mode, and don't want to guess. (I'm asking this because I want to implement identical functionality for standard Linux host bridges - I want to make sure there are no surprises for people switching between OVS and Linux host bridge implementations). To report this email as SPAM, please forward it to spam@websense.com
participants (3)
-
Dan Mossor -
Laine Stump -
Robson, James