Comments on: Network virtualisation http://veejoe.net/blog/2010/02/network-virtualisation/ Vic's Blog Fri, 18 May 2012 15:44:00 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Edouard Bourguignon http://veejoe.net/blog/2010/02/network-virtualisation/comment-page-1/#comment-465 Edouard Bourguignon Thu, 19 May 2011 15:22:00 +0000 http://veejoe.net/blog/?p=5494#comment-465  Thank you, I will try to get this issue of Admin Magazine  Thank you, I will try to get this issue of Admin Magazine

]]> By: Vic Cross http://veejoe.net/blog/2010/02/network-virtualisation/comment-page-1/#comment-426 Vic Cross Tue, 10 May 2011 14:32:00 +0000 http://veejoe.net/blog/?p=5494#comment-426 Thanks for your comment... I have to admit it took me a while to understand again what the problem was with the way I was trying to work it. The problem was that I wanted different virtual machines to be configured differently -- some to receive untagged frames for particular VLANs, and others to receive all the tagged frames straight from the switch. I can't recall if I tried your method or not, but what I found was that the physical interface no longer saw any packets once a VLAN was configured against it, which meant the "VLAN-aware bridge" didn't see any traffic. It didn't appear that a bridge was sufficient isolation of that (the second paragraph in my original post implies that I tried something like what you described but it didn't work for me). Perhaps the choice of network card makes a difference too, changing where the VLAN processing happens...? Like I said though, I can't recall if I tried a bridge behind a bridge as you've shown -- perhaps I should give it a go! Thanks for your comment… I have to admit it took me a while to understand again what the problem was with the way I was trying to work it.

The problem was that I wanted different virtual machines to be configured differently — some to receive untagged frames for particular VLANs, and others to receive all the tagged frames straight from the switch. I can’t recall if I tried your method or not, but what I found was that the physical interface no longer saw any packets once a VLAN was configured against it, which meant the “VLAN-aware bridge” didn’t see any traffic. It didn’t appear that a bridge was sufficient isolation of that (the second paragraph in my original post implies that I tried something like what you described but it didn’t work for me). Perhaps the choice of network card makes a difference too, changing where the VLAN processing happens…?

Like I said though, I can’t recall if I tried a bridge behind a bridge as you’ve shown — perhaps I should give it a go!

]]> By: veejoe http://veejoe.net/blog/2010/02/network-virtualisation/comment-page-1/#comment-423 veejoe Tue, 10 May 2011 13:51:00 +0000 http://veejoe.net/blog/?p=5494#comment-423 Yes, I was doing something very similar to what you describe. I was having trouble trying to use the brcompat functionality to make Open vSwitch fit into the Ubuntu network startup method, but I think I've now learned that I need to throw away the normal network startup and let Open vSwitch take care of everything (unless Ubuntu Server has native support for Open vSwitch nowadays...). There is a nice looking writeup of Open vSwitch in Issue 03 of ADMIN Magazine; the author discusses the use of fake bridges to achieve PVID-like function. Yes, I was doing something very similar to what you describe. I was having trouble trying to use the brcompat functionality to make Open vSwitch fit into the Ubuntu network startup method, but I think I’ve now learned that I need to throw away the normal network startup and let Open vSwitch take care of everything (unless Ubuntu Server has native support for Open vSwitch nowadays…).

There is a nice looking writeup of Open vSwitch in Issue 03 of ADMIN Magazine; the author discusses the use of fake bridges to achieve PVID-like function.

]]> By: Edouard Bourguignon http://veejoe.net/blog/2010/02/network-virtualisation/comment-page-1/#comment-418 Edouard Bourguignon Thu, 28 Apr 2011 12:54:00 +0000 http://veejoe.net/blog/?p=5494#comment-418 Hi, Do you know if openvswitch can tag untagged traffic? Like PVID functionnality on physical switch. Because our VM boots on PXE, and PXE doesn't support VLAN. So we have to tag our vswitch port to 0 to allow untagged traffic from the VM to pass thru. Is it possible that fake bridge could handle that traffic to a tagged port? Hi,

Do you know if openvswitch can tag untagged traffic? Like PVID functionnality on physical switch. Because our VM boots on PXE, and PXE doesn’t support VLAN. So we have to tag our vswitch port to 0 to allow untagged traffic from the VM to pass thru. Is it possible that fake bridge could handle that traffic to a tagged port?

]]> By: telmich http://veejoe.net/blog/2010/02/network-virtualisation/comment-page-1/#comment-302 telmich Sat, 22 Jan 2011 08:58:00 +0000 http://veejoe.net/blog/?p=5494#comment-302 I'm also a bit confused, it looks like this should work directly with one additional interface: Assume eth0 is the physical interface of the vm-host which receives and sends tagged frames (8021q). Assume further that there's a bridge named brtag, into which eth0 is bound. Then you add a vlan enabled device called vlan123 on brtag, that adds the vlan tag 123. Then you create a bridge named "brvlan123" and add the interface vlan123 to it. Guests which shall set tags themselves are added to brtag, guests which should not setup tags are bound to brvlan123.nnMaybe I'm misunderstanding your post, but I do not see a need for binding one interface to multiple bridges. I’m also a bit confused, it looks like this should work directly with one additional interface: Assume eth0 is the physical interface of the vm-host which receives and sends tagged frames (8021q). Assume further that there’s a bridge named brtag, into which eth0 is bound. Then you add a vlan enabled device called vlan123 on brtag, that adds the vlan tag 123. Then you create a bridge named “brvlan123″ and add the interface vlan123 to it. Guests which shall set tags themselves are added to brtag, guests which should not setup tags are bound to brvlan123.nnMaybe I’m misunderstanding your post, but I do not see a need for binding one interface to multiple bridges.

]]> By: Vic http://veejoe.net/blog/2010/02/network-virtualisation/comment-page-1/#comment-270 Vic Sat, 28 Aug 2010 13:29:08 +0000 http://veejoe.net/blog/?p=5494#comment-270 Hi Guido, I have used that method, when running VMware Server in the past. Trouble is, it doesn't work when you have a mixture of VLAN-aware and VLAN-unaware guests that you want to share an adapter: as soon as the 8021q module is bound to an interface (when a VLAN is configured) the "non-VLAN" or "raw" interface no longer receives all the packets. In my VMware Server days, I had to allocate an additional NIC with no VLAN membership for VLAN-aware guests. I thought that OpenVswitch would be a way to provide more flexibility, and allow me greater control to do interesting things with my available network hardware (especially since I was moving to a new machine with reduced capacity for NIC installation). Unfortunately I had a lot of trouble integrating OpenVswitch into the boot process of Ubuntu Lucid -- every bootup required manual network reconfiguration. I have not looked at it for a while though, hopefully there's better support in distros now. Thanks for your comment! Vic Hi Guido,

I have used that method, when running VMware Server in the past. Trouble is, it doesn’t work when you have a mixture of VLAN-aware and VLAN-unaware guests that you want to share an adapter: as soon as the 8021q module is bound to an interface (when a VLAN is configured) the “non-VLAN” or “raw” interface no longer receives all the packets. In my VMware Server days, I had to allocate an additional NIC with no VLAN membership for VLAN-aware guests.

I thought that OpenVswitch would be a way to provide more flexibility, and allow me greater control to do interesting things with my available network hardware (especially since I was moving to a new machine with reduced capacity for NIC installation). Unfortunately I had a lot of trouble integrating OpenVswitch into the boot process of Ubuntu Lucid — every bootup required manual network reconfiguration. I have not looked at it for a while though, hopefully there’s better support in distros now.

Thanks for your comment!

Vic

]]> By: Guido Trotter http://veejoe.net/blog/2010/02/network-virtualisation/comment-page-1/#comment-178 Guido Trotter Fri, 20 Aug 2010 12:45:32 +0000 http://veejoe.net/blog/?p=5494#comment-178 What's the advantage of using Openvswitch over simply configuring 802.1Q interfaces on linux (for example with: ip link add link eth0 name eth0.3 type vlan id 3) and then connecting those (in this example eth0.3) to a bridge: brctl addbr br3 brctl addbr addif br3 eth0.3 Sounds like you'd get the same effect without patching your kernel. Thanks, Guido What’s the advantage of using Openvswitch over simply configuring 802.1Q interfaces on linux (for example with: ip link add link eth0 name eth0.3 type vlan id 3) and then connecting those (in this example eth0.3) to a bridge:
brctl addbr br3
brctl addbr addif br3 eth0.3

Sounds like you’d get the same effect without patching your kernel.

Thanks,

Guido

]]> By: deshantm http://veejoe.net/blog/2010/02/network-virtualisation/comment-page-1/#comment-83 deshantm Thu, 04 Mar 2010 00:38:01 +0000 http://veejoe.net/blog/?p=5494#comment-83 Thanks for this post. I have also been trying open vSwitch with KVM lately, for a different project. I was trying to figure if libvirt could use a custom script, but it seems they have disabled that functionality [1]. I was then looking at the libvirt code, and it didn't look that hard to add, but it would be a hack. Hacking the default /etc/qemu-ifup makes more sense. I will try that. Thanks again for the idea.<br><br><br>[1] <a href="http://www.mail-archive.com/libvir-list%40redhat.com/msg18133.html" rel="nofollow">http://www.mail-archive.com/libvir-list@redhat....</a> Thanks for this post. I have also been trying open vSwitch with KVM lately, for a different project. I was trying to figure if libvirt could use a custom script, but it seems they have disabled that functionality [1]. I was then looking at the libvirt code, and it didn't look that hard to add, but it would be a hack. Hacking the default /etc/qemu-ifup makes more sense. I will try that. Thanks again for the idea.

[1] http://www.mail-archive.com/libvir-list@redhat….

]]>