[libvirt] [PATCH 1/1] Add vlantag parameter for openvswitch ports

Kyle Mestery (kmestery) kmestery at cisco.com
Fri Aug 10 15:21:01 UTC 2012 

On Aug 9, 2012, at 3:14 PM, Laine Stump wrote:
> On 08/08/2012 03:47 PM, Kyle Mestery wrote:
>> Add the ability to specify a "vlantag" parameter for bridge
>> networks with a virtualport type of openvswitch. This
>> allows for specifying the port is on a single VLAN, and
>> should receive untagged traffic (e.g. vlantag=10), or that
>> a port should receive tagged traffic and is a trunk port
>> (e.g. vlantag=10,11).
> 
> Ha! We must have a telepathic link!
> 
Well, we're at least thinking in the same general direction. :)

> I'm just about to add vlan support for SR-IOV VFs in PCI passthrough
> (aka "hostdev") and macvtap passthrough modes (the only thing that's
> kept me from action is indecision about where to put the vlan tag in the
> xml), and since at least one of those modes doesn't use <virtualport> at
> all, I was planning to add a <vlan tag='x'/> element at the toplevel of
> interface. There would also be a similar element at the toplevel of
> <network>, and another within <portgroup>.
> 
> Something like this:
> 
> <interface type='hostdev'>
>  <mac address='52:54:00:11:22:33'/>
>  <vlan tag='42'/>
>  ...
> </interface>
> 
> In this case, there is no <network> involved. Here's a case that uses a
> network:
> 
> 
> <interface type='network'>
>  <mac address='52:54:00:11:22:33'/>
>  <source network='net42'/>
>  ...
> </interface>
> 
> <network>
>  <name>net42</name>
>  <vlan tag='42'/>
>  <forward mode='passthrough'>
>    <interface dev='eth5'/>
>    <interface dev='eth6'/>
>    <interface dev='eth7'/>
>  </forward>
> </network>
> 
> In this second case, when the interface was brought up, it would
> allocate a physical device from the pool, and inherit the vlan tag,
> which would be set in the SR-IOV card's hardware as it's assigned to the
> guest. Note that hostdev passthrough would behave similarly (except
> forward mode would be 'hosted')
> 
Those cases both look good. I think the formatting works just fine for
virtualport type=openvswitch as well, something like this:

Single VLAN (no trunk):
<interface type='bridge'>
 <mac address='52:54:00:30:23:a6'/>
 <source bridge='data-br'/>
 <vlan tag='70'/>
 <virtualport type='openvswitch'> 
   <parameters interfaceid='cdbbbc31-b7fe-16ca-a715-cc7cc76e18b2'>
 </virtualport>                    
 <model type='virtio'/>                  
 <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>

Single VLAN (trunk):
<interface type='bridge'>
 <mac address='52:54:00:30:23:a6'/>
 <source bridge='data-br'/>
 <vlan tag='70'/ trunk=yes>
 <virtualport type='openvswitch'> 
   <parameters interfaceid='cdbbbc31-b7fe-16ca-a715-cc7cc76e18b2'>
 </virtualport>                    
 <model type='virtio'/>                  
 <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>

Multiple VLANs (trunk):
<interface type='bridge'>
 <mac address='52:54:00:30:23:a6'/>
 <source bridge='data-br'/>
 <vlan trunk='yes'>
  <tag id='70'>
  <tag id='71'>
 </vlan>
 <virtualport type='openvswitch'> 
   <parameters interfaceid='cdbbbc31-b7fe-16ca-a715-cc7cc76e18b2'>
 </virtualport>                    
 <model type='virtio'/>                  
 <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>


> Finally, there may be a network with multiple vlans. portgroups could be
> used for that:
> 
> <interface type='network'>
>  <mac address='52:54:00:11:22:33'/>
>  <source network='physnet' portgroup='production'/>
>  ...
> </interface>
> 
> <network>
>  <name>net42</name>
>  <forward mode='passthrough'>
>    <interface dev='eth5'/>
>    <interface dev='eth6'/>
>    <interface dev='eth7'/>
>  </forward>
>  <portgroup name='production' default='yes'>
>    <vlan tag='42'/>
>    <bandwidth>
>      ..
>    </bandwidth>
>  </portgroup>
>  <portgroup name='test'>
>    <vlan tag='666'/>
>    <bandwidth>
>      ..
>    </bandwidth>
>  </portgroup>
> </network>
> 
> Selecting a different portgroup would put you on a difference vlan of
> the same switch. We would need to make a decision about which would take
> precedence if the vlan tag was given in multiple places - should the
> domain's request be honored, in order to allow it to made individual
> modifications to the general config in the <network>? Or should the
> network, as an entity of higher authority, be allowed to override what
> the domain asks for?
> 
I think this is the most elegant solution, and dovetails nicely with the fact that
virtualport type='openvswitch' ports already support port-profiles. I think in general,
my feeling here is the domain XML should override the network element. This is
similar to an interface override of a port-profile on a Cisco switch, for example, where
you define configuration in a port-profile, but allow configuration directly on the
interface itself to override the port-profile configuration.

> I've never used vlan trunk groups, but I'm guessing whatever information
> you needed could be added as attributes to the <vlan> element. BTW, in
> general we don't like to have multiple pieces of data in a single
> element. We would prefer that they be in separate elements. So maybe if
> you wanted a single vlan tag, you could do it as above, but when you
> wanted a trunk group, you could do something like:
> 
>   <vlan trunk='yes'>
>     <tag id='23'/>
>     <tag id='24'/>
>     <tag id='25'/>
>   </vlan>
> 
> (you might allow omitting the "trunk='yes'") Or possibly put them all at
> the top level:
> 
>   <vlan tag='23'/>
>   <vlan tag='24'/>
>   <vlan tag='25'/>
> 
> and if you wanted a vlan trunk with only a single vlan in it:
> 
>   <vlan tag='23' trunk='yes'/>
> 
> (actually, having multiple toplevel elements could get messy if we
> started talking about merging the elements from
> network/portgroup/interface together, so maybe that's not such a good idea).
> 
> *Still another* possibility would be to put the vlan element as
> described above inside <virtualport>, then allow <virtualport> with no
> type to contain a <vlan> element. This would require a change to my
> recent <virtualport> merging patches, but they haven't been pushed yet.
> I'm not convinced I like that option, though.
> 
> I think this needs a day or so to stew...

So I guess the question is, are you going to role this up into your patches? If so, you
can likely make use of some pieces of the patches I posted. Let me know, and I can
also work with you on this as well.

Thanks,
Kyle

More information about the libvir-list mailing list