| Message ID | 20240508213824.55824-1-leigh@solinno.co.uk (mailing list archive) |
|---|---|
| Headers | show |
| Series | Add bridge VLAN support | expand |
On 08/05/2024 10:38 pm, Leigh Brown wrote: > Hello all, > > I realised over the weekend that there is a valid use case for providing > a VIF to a domain that has access to multiple VLANs, e.g. a router. Yes, > you can create a VIF per VLAN, but if you start having several VLANs (as > I do), it would be nicer to create a single interface that has access to > all the relevant VLANs (e.g. enX0.10, enX0.20, etc.). > > So, version 2 changes the name and type of the parameter from an integer > called `vid' to a string called `vlan'. The vlan parameter is then > parsed by the vif-bridge script (actually, the functions called by it in > xen-network-common.sh). > > As it quite a common practice to allocate VLANs in round numbers, I also > implemented the ability to specify contiguous or non-contiguous ranges. > You can specify whether a VLAN is tagged or untagged, and which VLAN is > the PVID (only one PVID is allowed). For example, > > vif = [ 'mac=xx:xx:xx:xx:xx:xx, bridge=br0, vlan=10p/20-29' ] > > will setup the VIF so that 10 is the PVID and VLAN IDs 20 through 29 > are permitted with tags. Another example: > > vif = [ 'mac=xx:xx:xx:xx:xx:xx, bridge=br0, vlan=1p/10+10x9' ] > > will setup the bridge to set 1 as the PVID and permit access with > tags for VLAN IDs 10, 20, 30, 40, 50, 60, 70, 80 and 90. > > This patch set enables this capability as follows: > > 1. Adds `vlan' as a new member of the libxl_device_nic structure; > 2. Adds support to read and write the vlan parameter from the xenstore; > 3. Adds `vlan' as a new keyword for the vif configuration option; > 4. Adds support to assign the bridge VLANs in the Linux hotplug scripts; > 5. Updated xl-network-configuration(5) manpage and example configs. > > Original blurb below: > > For many years I have been configuring VLANs on my Linux Dom0 by > creating VLAN interfaces for each VLAN I wanted to connect a domain > to and then a corresponding bridge. So I would tend to have things > like: > > enp0s0 -> br0 -> vif1, vif2 > enp0s0.10 -> br0vl10 -> vif3, vif4 > enp0s0.20 -> br0vl20 -> vif5 > dummy0 -> br1 -> vif6 > > I recently discovered that iproute2 supports creating bridge VLANs that > allows you to assign a VLAN to each of the interfaces associated to a > bridge. This allows a greatly simplified configuration where a single > bridge can support all the domains, and the iproute2 bridge command can > assign each VIF to the required VLAN. This looks like this: > > # bridge vlan > port vlan-id > enp0s0 1 PVID Egress Untagged > 10 > 20 > br0 1 PVID Egress Untagged > vif1.0 1 PVID Egress Untagged > vif2.0 1 PVID Egress Untagged > vif3.0 10 PVID Egress Untagged > vif4.0 10 PVID Egress Untagged > vif5.0 20 PVID Egress Untagged > vif6.0 30 PVID Egress Untagged > > This patch set enables this capability as follows: > > 1. Adds `vid' as a new member of the libxl_device_nic structure; > 2. Adds support to read and write vid from the xenstore; > 3. Adds `vid' as a new keyword for the vif configuration option; > 4. Adds support for assign the bridge VLAN in the Linux hotplug scripts. > > I don't believe NetBSD or FreeBSD support this capability, but if they > do please point me in the direction of some documentation and/or examples. > > NB: I'm not very familiar with Xen code base so may have missed > something important, although I have tested it and it is working well > for me. > > Cheers, > > Leigh. > > > Leigh Brown (5): > tools/libs/light: Add vlan field to libxl_device_nic > tools/xl: add vlan keyword to vif option > tools/hotplug/Linux: Add bridge VLAN support > docs/man: document VIF vlan keyword > tools/examples: Example Linux bridge VLAN config > > docs/man/xl-network-configuration.5.pod.in | 38 ++++++ > tools/examples/linux-bridge-vlan/README | 68 +++++++++++ > tools/examples/linux-bridge-vlan/br0.netdev | 7 ++ > tools/examples/linux-bridge-vlan/br0.network | 8 ++ > .../examples/linux-bridge-vlan/enp0s0.network | 16 +++ > tools/hotplug/Linux/xen-network-common.sh | 111 ++++++++++++++++++ > tools/libs/light/libxl_nic.c | 10 ++ > tools/libs/light/libxl_types.idl | 1 + > tools/xl/xl_parse.c | 2 + > 9 files changed, 261 insertions(+) > create mode 100644 tools/examples/linux-bridge-vlan/README > create mode 100644 tools/examples/linux-bridge-vlan/br0.netdev > create mode 100644 tools/examples/linux-bridge-vlan/br0.network > create mode 100644 tools/examples/linux-bridge-vlan/enp0s0.network > This is past the last-post date, so Oleksii will need to decide whether he's happy to make an exception for it. Anthony is OoO for a month now, so if this is to get in for 4.19, then it will need reviewing by others. I've CC'd a few plausible candidates... ~Andrew
Hi Andrew, On 2024-05-09 16:53, Andrew Cooper wrote: > On 08/05/2024 10:38 pm, Leigh Brown wrote: >> Hello all, >> >> I realised over the weekend that there is a valid use case for >> providing >> a VIF to a domain that has access to multiple VLANs, e.g. a router. >> Yes, >> you can create a VIF per VLAN, but if you start having several VLANs >> (as >> I do), it would be nicer to create a single interface that has access >> to >> all the relevant VLANs (e.g. enX0.10, enX0.20, etc.). >> >> So, version 2 changes the name and type of the parameter from an >> integer >> called `vid' to a string called `vlan'. The vlan parameter is then >> parsed by the vif-bridge script (actually, the functions called by it >> in >> xen-network-common.sh). >> >> As it quite a common practice to allocate VLANs in round numbers, I >> also >> implemented the ability to specify contiguous or non-contiguous >> ranges. >> You can specify whether a VLAN is tagged or untagged, and which VLAN >> is >> the PVID (only one PVID is allowed). For example, >> >> vif = [ 'mac=xx:xx:xx:xx:xx:xx, bridge=br0, vlan=10p/20-29' ] >> >> will setup the VIF so that 10 is the PVID and VLAN IDs 20 through 29 >> are permitted with tags. Another example: >> >> vif = [ 'mac=xx:xx:xx:xx:xx:xx, bridge=br0, vlan=1p/10+10x9' ] >> >> will setup the bridge to set 1 as the PVID and permit access with >> tags for VLAN IDs 10, 20, 30, 40, 50, 60, 70, 80 and 90. >> >> This patch set enables this capability as follows: >> >> 1. Adds `vlan' as a new member of the libxl_device_nic structure; >> 2. Adds support to read and write the vlan parameter from the >> xenstore; >> 3. Adds `vlan' as a new keyword for the vif configuration option; >> 4. Adds support to assign the bridge VLANs in the Linux hotplug >> scripts; >> 5. Updated xl-network-configuration(5) manpage and example configs. >> >> Original blurb below: >> >> For many years I have been configuring VLANs on my Linux Dom0 by >> creating VLAN interfaces for each VLAN I wanted to connect a domain >> to and then a corresponding bridge. So I would tend to have things >> like: >> >> enp0s0 -> br0 -> vif1, vif2 >> enp0s0.10 -> br0vl10 -> vif3, vif4 >> enp0s0.20 -> br0vl20 -> vif5 >> dummy0 -> br1 -> vif6 >> >> I recently discovered that iproute2 supports creating bridge VLANs >> that >> allows you to assign a VLAN to each of the interfaces associated to a >> bridge. This allows a greatly simplified configuration where a single >> bridge can support all the domains, and the iproute2 bridge command >> can >> assign each VIF to the required VLAN. This looks like this: >> >> # bridge vlan >> port vlan-id >> enp0s0 1 PVID Egress Untagged >> 10 >> 20 >> br0 1 PVID Egress Untagged >> vif1.0 1 PVID Egress Untagged >> vif2.0 1 PVID Egress Untagged >> vif3.0 10 PVID Egress Untagged >> vif4.0 10 PVID Egress Untagged >> vif5.0 20 PVID Egress Untagged >> vif6.0 30 PVID Egress Untagged >> >> This patch set enables this capability as follows: >> >> 1. Adds `vid' as a new member of the libxl_device_nic structure; >> 2. Adds support to read and write vid from the xenstore; >> 3. Adds `vid' as a new keyword for the vif configuration option; >> 4. Adds support for assign the bridge VLAN in the Linux hotplug >> scripts. >> >> I don't believe NetBSD or FreeBSD support this capability, but if they >> do please point me in the direction of some documentation and/or >> examples. >> >> NB: I'm not very familiar with Xen code base so may have missed >> something important, although I have tested it and it is working well >> for me. >> >> Cheers, >> >> Leigh. >> >> >> Leigh Brown (5): >> tools/libs/light: Add vlan field to libxl_device_nic >> tools/xl: add vlan keyword to vif option >> tools/hotplug/Linux: Add bridge VLAN support >> docs/man: document VIF vlan keyword >> tools/examples: Example Linux bridge VLAN config >> >> docs/man/xl-network-configuration.5.pod.in | 38 ++++++ >> tools/examples/linux-bridge-vlan/README | 68 +++++++++++ >> tools/examples/linux-bridge-vlan/br0.netdev | 7 ++ >> tools/examples/linux-bridge-vlan/br0.network | 8 ++ >> .../examples/linux-bridge-vlan/enp0s0.network | 16 +++ >> tools/hotplug/Linux/xen-network-common.sh | 111 >> ++++++++++++++++++ >> tools/libs/light/libxl_nic.c | 10 ++ >> tools/libs/light/libxl_types.idl | 1 + >> tools/xl/xl_parse.c | 2 + >> 9 files changed, 261 insertions(+) >> create mode 100644 tools/examples/linux-bridge-vlan/README >> create mode 100644 tools/examples/linux-bridge-vlan/br0.netdev >> create mode 100644 tools/examples/linux-bridge-vlan/br0.network >> create mode 100644 tools/examples/linux-bridge-vlan/enp0s0.network >> > > This is past the last-post date, so Oleksii will need to decide whether > he's happy to make an exception for it. From my own perspective, I know this is an enhancement and am more than happy to maintain it locally for the time being, so no problem if it has to wait. Still happy for any feedback though :-) > Anthony is OoO for a month now, so if this is to get in for 4.19, then > it will need reviewing by others. I've CC'd a few plausible > candidates... > > ~Andrew Regards, Leigh,
On Thu, May 9, 2024 at 12:10 PM Leigh Brown <leigh@solinno.co.uk> wrote: > > Hi Andrew, > > On 2024-05-09 16:53, Andrew Cooper wrote: > > On 08/05/2024 10:38 pm, Leigh Brown wrote: > > This is past the last-post date, so Oleksii will need to decide whether > > he's happy to make an exception for it. > > From my own perspective, I know this is an enhancement and am more than > happy to maintain it locally for the time being, so no problem if it has > to wait. Still happy for any feedback though :-) > > > Anthony is OoO for a month now, so if this is to get in for 4.19, then > > it will need reviewing by others. I've CC'd a few plausible > > candidates... I'll try to review them in the next few days. Regards, Jason
On Thu, 2024-05-09 at 16:53 +0100, Andrew Cooper wrote: > On 08/05/2024 10:38 pm, Leigh Brown wrote: > > Hello all, > > > > I realised over the weekend that there is a valid use case for > > providing > > a VIF to a domain that has access to multiple VLANs, e.g. a router. > > Yes, > > you can create a VIF per VLAN, but if you start having several > > VLANs (as > > I do), it would be nicer to create a single interface that has > > access to > > all the relevant VLANs (e.g. enX0.10, enX0.20, etc.). > > > > So, version 2 changes the name and type of the parameter from an > > integer > > called `vid' to a string called `vlan'. The vlan parameter is then > > parsed by the vif-bridge script (actually, the functions called by > > it in > > xen-network-common.sh). > > > > As it quite a common practice to allocate VLANs in round numbers, I > > also > > implemented the ability to specify contiguous or non-contiguous > > ranges. > > You can specify whether a VLAN is tagged or untagged, and which > > VLAN is > > the PVID (only one PVID is allowed). For example, > > > > vif = [ 'mac=xx:xx:xx:xx:xx:xx, bridge=br0, vlan=10p/20-29' ] > > > > will setup the VIF so that 10 is the PVID and VLAN IDs 20 through > > 29 > > are permitted with tags. Another example: > > > > vif = [ 'mac=xx:xx:xx:xx:xx:xx, bridge=br0, vlan=1p/10+10x9' ] > > > > will setup the bridge to set 1 as the PVID and permit access with > > tags for VLAN IDs 10, 20, 30, 40, 50, 60, 70, 80 and 90. > > > > This patch set enables this capability as follows: > > > > 1. Adds `vlan' as a new member of the libxl_device_nic structure; > > 2. Adds support to read and write the vlan parameter from the > > xenstore; > > 3. Adds `vlan' as a new keyword for the vif configuration option; > > 4. Adds support to assign the bridge VLANs in the Linux hotplug > > scripts; > > 5. Updated xl-network-configuration(5) manpage and example configs. > > > > Original blurb below: > > > > For many years I have been configuring VLANs on my Linux Dom0 by > > creating VLAN interfaces for each VLAN I wanted to connect a domain > > to and then a corresponding bridge. So I would tend to have things > > like: > > > > enp0s0 -> br0 -> vif1, vif2 > > enp0s0.10 -> br0vl10 -> vif3, vif4 > > enp0s0.20 -> br0vl20 -> vif5 > > dummy0 -> br1 -> vif6 > > > > I recently discovered that iproute2 supports creating bridge VLANs > > that > > allows you to assign a VLAN to each of the interfaces associated to > > a > > bridge. This allows a greatly simplified configuration where a > > single > > bridge can support all the domains, and the iproute2 bridge command > > can > > assign each VIF to the required VLAN. This looks like this: > > > > # bridge vlan > > port vlan-id > > enp0s0 1 PVID Egress Untagged > > 10 > > 20 > > br0 1 PVID Egress Untagged > > vif1.0 1 PVID Egress Untagged > > vif2.0 1 PVID Egress Untagged > > vif3.0 10 PVID Egress Untagged > > vif4.0 10 PVID Egress Untagged > > vif5.0 20 PVID Egress Untagged > > vif6.0 30 PVID Egress Untagged > > > > This patch set enables this capability as follows: > > > > 1. Adds `vid' as a new member of the libxl_device_nic structure; > > 2. Adds support to read and write vid from the xenstore; > > 3. Adds `vid' as a new keyword for the vif configuration option; > > 4. Adds support for assign the bridge VLAN in the Linux hotplug > > scripts. > > > > I don't believe NetBSD or FreeBSD support this capability, but if > > they > > do please point me in the direction of some documentation and/or > > examples. > > > > NB: I'm not very familiar with Xen code base so may have missed > > something important, although I have tested it and it is working > > well > > for me. > > > > Cheers, > > > > Leigh. > > > > > > Leigh Brown (5): > > tools/libs/light: Add vlan field to libxl_device_nic > > tools/xl: add vlan keyword to vif option > > tools/hotplug/Linux: Add bridge VLAN support > > docs/man: document VIF vlan keyword > > tools/examples: Example Linux bridge VLAN config > > > > docs/man/xl-network-configuration.5.pod.in | 38 ++++++ > > tools/examples/linux-bridge-vlan/README | 68 +++++++++++ > > tools/examples/linux-bridge-vlan/br0.netdev | 7 ++ > > tools/examples/linux-bridge-vlan/br0.network | 8 ++ > > .../examples/linux-bridge-vlan/enp0s0.network | 16 +++ > > tools/hotplug/Linux/xen-network-common.sh | 111 > > ++++++++++++++++++ > > tools/libs/light/libxl_nic.c | 10 ++ > > tools/libs/light/libxl_types.idl | 1 + > > tools/xl/xl_parse.c | 2 + > > 9 files changed, 261 insertions(+) > > create mode 100644 tools/examples/linux-bridge-vlan/README > > create mode 100644 tools/examples/linux-bridge-vlan/br0.netdev > > create mode 100644 tools/examples/linux-bridge-vlan/br0.network > > create mode 100644 tools/examples/linux-bridge-vlan/enp0s0.network > > > > This is past the last-post date, so Oleksii will need to decide > whether > he's happy to make an exception for it. We also have Feature Freeze this week. But if maintainers think they have additional/enough time for reviewing this patch series then we can consider to have in Xen 4.19. ~ Oleksii > > Anthony is OoO for a month now, so if this is to get in for 4.19, > then > it will need reviewing by others. I've CC'd a few plausible > candidates... > > ~Andrew
Hello all, I realised over the weekend that there is a valid use case for providing a VIF to a domain that has access to multiple VLANs, e.g. a router. Yes, you can create a VIF per VLAN, but if you start having several VLANs (as I do), it would be nicer to create a single interface that has access to all the relevant VLANs (e.g. enX0.10, enX0.20, etc.). So, version 2 changes the name and type of the parameter from an integer called `vid' to a string called `vlan'. The vlan parameter is then parsed by the vif-bridge script (actually, the functions called by it in xen-network-common.sh). As it quite a common practice to allocate VLANs in round numbers, I also implemented the ability to specify contiguous or non-contiguous ranges. You can specify whether a VLAN is tagged or untagged, and which VLAN is the PVID (only one PVID is allowed). For example, vif = [ 'mac=xx:xx:xx:xx:xx:xx, bridge=br0, vlan=10p/20-29' ] will setup the VIF so that 10 is the PVID and VLAN IDs 20 through 29 are permitted with tags. Another example: vif = [ 'mac=xx:xx:xx:xx:xx:xx, bridge=br0, vlan=1p/10+10x9' ] will setup the bridge to set 1 as the PVID and permit access with tags for VLAN IDs 10, 20, 30, 40, 50, 60, 70, 80 and 90. This patch set enables this capability as follows: 1. Adds `vlan' as a new member of the libxl_device_nic structure; 2. Adds support to read and write the vlan parameter from the xenstore; 3. Adds `vlan' as a new keyword for the vif configuration option; 4. Adds support to assign the bridge VLANs in the Linux hotplug scripts; 5. Updated xl-network-configuration(5) manpage and example configs. Original blurb below: For many years I have been configuring VLANs on my Linux Dom0 by creating VLAN interfaces for each VLAN I wanted to connect a domain to and then a corresponding bridge. So I would tend to have things like: enp0s0 -> br0 -> vif1, vif2 enp0s0.10 -> br0vl10 -> vif3, vif4 enp0s0.20 -> br0vl20 -> vif5 dummy0 -> br1 -> vif6 I recently discovered that iproute2 supports creating bridge VLANs that allows you to assign a VLAN to each of the interfaces associated to a bridge. This allows a greatly simplified configuration where a single bridge can support all the domains, and the iproute2 bridge command can assign each VIF to the required VLAN. This looks like this: # bridge vlan port vlan-id enp0s0 1 PVID Egress Untagged 10 20 br0 1 PVID Egress Untagged vif1.0 1 PVID Egress Untagged vif2.0 1 PVID Egress Untagged vif3.0 10 PVID Egress Untagged vif4.0 10 PVID Egress Untagged vif5.0 20 PVID Egress Untagged vif6.0 30 PVID Egress Untagged This patch set enables this capability as follows: 1. Adds `vid' as a new member of the libxl_device_nic structure; 2. Adds support to read and write vid from the xenstore; 3. Adds `vid' as a new keyword for the vif configuration option; 4. Adds support for assign the bridge VLAN in the Linux hotplug scripts. I don't believe NetBSD or FreeBSD support this capability, but if they do please point me in the direction of some documentation and/or examples. NB: I'm not very familiar with Xen code base so may have missed something important, although I have tested it and it is working well for me. Cheers, Leigh. Leigh Brown (5): tools/libs/light: Add vlan field to libxl_device_nic tools/xl: add vlan keyword to vif option tools/hotplug/Linux: Add bridge VLAN support docs/man: document VIF vlan keyword tools/examples: Example Linux bridge VLAN config docs/man/xl-network-configuration.5.pod.in | 38 ++++++ tools/examples/linux-bridge-vlan/README | 68 +++++++++++ tools/examples/linux-bridge-vlan/br0.netdev | 7 ++ tools/examples/linux-bridge-vlan/br0.network | 8 ++ .../examples/linux-bridge-vlan/enp0s0.network | 16 +++ tools/hotplug/Linux/xen-network-common.sh | 111 ++++++++++++++++++ tools/libs/light/libxl_nic.c | 10 ++ tools/libs/light/libxl_types.idl | 1 + tools/xl/xl_parse.c | 2 + 9 files changed, 261 insertions(+) create mode 100644 tools/examples/linux-bridge-vlan/README create mode 100644 tools/examples/linux-bridge-vlan/br0.netdev create mode 100644 tools/examples/linux-bridge-vlan/br0.network create mode 100644 tools/examples/linux-bridge-vlan/enp0s0.network