[PATCH] network: drop use of dummy tap device in bridges

Daniel P. Berrangé berrange at redhat.com
Thu Sep 3 14:58:33 UTC 2020 

On Thu, Sep 03, 2020 at 10:56:25AM -0400, Laine Stump wrote:
> On 9/3/20 9:34 AM, Daniel P. Berrangé wrote:
> > A long time ago we introduced a dummy tap device (e.g. virbr0-nic) that
> > we attached to the bridge device created for virtual networks:
> > 
> >    commit 5754dbd56d4738112a86776c09e810e32f7c3224
> >    Author: Laine Stump <laine at redhat.com>
> >    Date:   Wed Feb 9 03:28:12 2011 -0500
> > 
> >      Give each virtual network bridge its own fixed MAC address
> > 
> > This was a hack to workaround a Linux kernel bug where it would not
> > honour any attempt to set a MAC address on a bridge. Instead the
> > bridge would adopt the numerically lowest MAC address of all NICs
> > attached to the bridge. This lead to the MAC addrss of the bridge
> > changing over time as NICs were attached/detached.
> > 
> > The Linux bug was actually fixed 3 years before the libvirt
> > workaround was added in:
> > 
> >    commit 92c0574f11598c8036f81e27d2e8bdd6eed7d76d
> >    Author: Stephen Hemminger <shemminger at vyatta.com>
> >    Date:   Tue Jun 17 16:10:06 2008 -0700
> > 
> >      bridge: make bridge address settings sticky
> > 
> >      Normally, the bridge just chooses the smallest mac address as the
> >      bridge id and mac address of bridge device. But if the administrator
> >      has explictly set the interface address then don't change it.
> > 
> >      Signed-off-by: Stephen Hemminger <shemminger at vyatta.com>
> >      Signed-off-by: David S. Miller <davem at davemloft.net>
> > 
> > but libvirt needed to support RHEL-5 kernels at that time, so
> > none the less added the workaround.
> > 
> > We have long since dropped support for RHEL-5 vintage distros,
> > so there's no reason to keep the dummy tap device for the purpose
> > of setting the bridge MAC address.
> > 
> > Later the dummy TAP device was used for a second purpose related
> > to IPv6 DAD (Duplicate Address Detection) in:
> > 
> >    commit db488c79173b240459c7754f38c3c6af9b432970
> >    Author: Benjamin Cama <benoar at dolka.fr>
> >    Date:   Wed Sep 26 21:02:20 2012 +0200
> > 
> >      network: fix dnsmasq/radvd binding to IPv6 on recent kernels
> > 
> > This was again dealing with a regression in the Linux kernel, where
> > if there were no devices attached to the bridge in the UP state,
> > IPv6 DAD would not be performed. The virbr0-nic was attached but
> > in the DOWN state, so the above libvirt fix tenporarily brought
> > the NIC online. The Linux commit causing the problem was in v2.6.38
> > 
> >    commit 1faa4356a3bd89ea11fb92752d897cff3a20ec0e
> >    Author: stephen hemminger <shemminger at vyatta.com>
> >    Date:   Mon Mar 7 08:34:06 2011 +0000
> > 
> >      bridge: control carrier based on ports online
> > 
> > A short while later Linux was tweaked so that DAD would still occur
> > if the bridge had no attached devices at all in 3.1:
> > 
> >    commit b64b73d7d0c480f75684519c6134e79d50c1b341
> >    Author: stephen hemminger <shemminger at vyatta.com>
> >    Date:   Mon Oct 3 18:14:45 2011 +0000
> > 
> >      bridge: leave carrier on for empty bridge
> > 
> > IOW, the only reason we need the DAD hack of bringing virbr0-nic
> > online is because virbr0-nic exists. Once it doesn't exist, then
> > we hit the "empty bridge" case which works in Linux.
> 
> Ooh, cool! Having it used for DAD was the only reason I didn't remove
> virbrX-nic after I put in the patch to set the bridge MAC directly:
> 
> 
> commit 13ec827052fcd79a4350f499aab5f4aa20ea83fa
> Author: Laine Stump <laine at redhat.com>
> Date:   Thu Oct 17 21:12:30 2019 -0400
> 
>     util: set bridge device MAC address explicitly during
>     virNetDevBridgeCreate
> 
> (I even comment about this, but didn't dig down to learn that it was no
> longer required for DAD - I just thought that was the way bridges + DAD were
> designed to work).
> 
> Nice detective work! Did some problem lead you to this, or did you just get
> tired of always seeing that useless device hanging around?

The bug report from a user mentioned in the commit message prompted it

> 
> Reviewed-by: Laine Stump <laine at redhat.com>
> 
> (I give this assuming the veracity of all the info you've cited.)
> 
> One thing that comes to mind - do we still need to wait for DAD to finish in
> networkStartNetworkVirtual(). I think maybe we were waiting for that only so
> that we could set the dummy interface offline (there might be some other
> reason I'm not thinking of though).

I'm not sure, and I don't currently have an IPv6 deployment to test
this, so I'm loathe to touch it myself. Perhaps someone else can do the
change and validate it though...


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the libvir-list mailing list