[libvirt] [PATCH 1/1] Add vlantag parameter for openvswitch ports
Kyle Mestery (kmestery)
kmestery at cisco.com
Fri Aug 10 15:21:01 UTC 2012
On Aug 9, 2012, at 3:14 PM, Laine Stump wrote:
> On 08/08/2012 03:47 PM, Kyle Mestery wrote:
>> Add the ability to specify a "vlantag" parameter for bridge
>> networks with a virtualport type of openvswitch. This
>> allows for specifying the port is on a single VLAN, and
>> should receive untagged traffic (e.g. vlantag=10), or that
>> a port should receive tagged traffic and is a trunk port
>> (e.g. vlantag=10,11).
>
> Ha! We must have a telepathic link!
>
Well, we're at least thinking in the same general direction. :)
> I'm just about to add vlan support for SR-IOV VFs in PCI passthrough
> (aka "hostdev") and macvtap passthrough modes (the only thing that's
> kept me from action is indecision about where to put the vlan tag in the
> xml), and since at least one of those modes doesn't use <virtualport> at
> all, I was planning to add a <vlan tag='x'/> element at the toplevel of
> interface. There would also be a similar element at the toplevel of
> <network>, and another within <portgroup>.
>
> Something like this:
>
> <interface type='hostdev'>
> <mac address='52:54:00:11:22:33'/>
> <vlan tag='42'/>
> ...
> </interface>
>
> In this case, there is no <network> involved. Here's a case that uses a
> network:
>
>
> <interface type='network'>
> <mac address='52:54:00:11:22:33'/>
> <source network='net42'/>
> ...
> </interface>
>
> <network>
> <name>net42</name>
> <vlan tag='42'/>
> <forward mode='passthrough'>
> <interface dev='eth5'/>
> <interface dev='eth6'/>
> <interface dev='eth7'/>
> </forward>
> </network>
>
> In this second case, when the interface was brought up, it would
> allocate a physical device from the pool, and inherit the vlan tag,
> which would be set in the SR-IOV card's hardware as it's assigned to the
> guest. Note that hostdev passthrough would behave similarly (except
> forward mode would be 'hosted')
>
Those cases both look good. I think the formatting works just fine for
virtualport type=openvswitch as well, something like this:
Single VLAN (no trunk):
<interface type='bridge'>
<mac address='52:54:00:30:23:a6'/>
<source bridge='data-br'/>
<vlan tag='70'/>
<virtualport type='openvswitch'>
<parameters interfaceid='cdbbbc31-b7fe-16ca-a715-cc7cc76e18b2'>
</virtualport>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
Single VLAN (trunk):
<interface type='bridge'>
<mac address='52:54:00:30:23:a6'/>
<source bridge='data-br'/>
<vlan tag='70'/ trunk=yes>
<virtualport type='openvswitch'>
<parameters interfaceid='cdbbbc31-b7fe-16ca-a715-cc7cc76e18b2'>
</virtualport>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
Multiple VLANs (trunk):
<interface type='bridge'>
<mac address='52:54:00:30:23:a6'/>
<source bridge='data-br'/>
<vlan trunk='yes'>
<tag id='70'>
<tag id='71'>
</vlan>
<virtualport type='openvswitch'>
<parameters interfaceid='cdbbbc31-b7fe-16ca-a715-cc7cc76e18b2'>
</virtualport>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
> Finally, there may be a network with multiple vlans. portgroups could be
> used for that:
>
> <interface type='network'>
> <mac address='52:54:00:11:22:33'/>
> <source network='physnet' portgroup='production'/>
> ...
> </interface>
>
> <network>
> <name>net42</name>
> <forward mode='passthrough'>
> <interface dev='eth5'/>
> <interface dev='eth6'/>
> <interface dev='eth7'/>
> </forward>
> <portgroup name='production' default='yes'>
> <vlan tag='42'/>
> <bandwidth>
> ..
> </bandwidth>
> </portgroup>
> <portgroup name='test'>
> <vlan tag='666'/>
> <bandwidth>
> ..
> </bandwidth>
> </portgroup>
> </network>
>
> Selecting a different portgroup would put you on a difference vlan of
> the same switch. We would need to make a decision about which would take
> precedence if the vlan tag was given in multiple places - should the
> domain's request be honored, in order to allow it to made individual
> modifications to the general config in the <network>? Or should the
> network, as an entity of higher authority, be allowed to override what
> the domain asks for?
>
I think this is the most elegant solution, and dovetails nicely with the fact that
virtualport type='openvswitch' ports already support port-profiles. I think in general,
my feeling here is the domain XML should override the network element. This is
similar to an interface override of a port-profile on a Cisco switch, for example, where
you define configuration in a port-profile, but allow configuration directly on the
interface itself to override the port-profile configuration.
> I've never used vlan trunk groups, but I'm guessing whatever information
> you needed could be added as attributes to the <vlan> element. BTW, in
> general we don't like to have multiple pieces of data in a single
> element. We would prefer that they be in separate elements. So maybe if
> you wanted a single vlan tag, you could do it as above, but when you
> wanted a trunk group, you could do something like:
>
> <vlan trunk='yes'>
> <tag id='23'/>
> <tag id='24'/>
> <tag id='25'/>
> </vlan>
>
> (you might allow omitting the "trunk='yes'") Or possibly put them all at
> the top level:
>
> <vlan tag='23'/>
> <vlan tag='24'/>
> <vlan tag='25'/>
>
> and if you wanted a vlan trunk with only a single vlan in it:
>
> <vlan tag='23' trunk='yes'/>
>
> (actually, having multiple toplevel elements could get messy if we
> started talking about merging the elements from
> network/portgroup/interface together, so maybe that's not such a good idea).
>
> *Still another* possibility would be to put the vlan element as
> described above inside <virtualport>, then allow <virtualport> with no
> type to contain a <vlan> element. This would require a change to my
> recent <virtualport> merging patches, but they haven't been pushed yet.
> I'm not convinced I like that option, though.
>
> I think this needs a day or so to stew...
So I guess the question is, are you going to role this up into your patches? If so, you
can likely make use of some pieces of the patches I posted. Let me know, and I can
also work with you on this as well.
Thanks,
Kyle
More information about the libvir-list
mailing list