Re: Combining bridging, 802.1q, and tap

From: Garry Dolley
Date: Wed Apr 15 2009 - 19:40:50 EST


On Wed, Apr 15, 2009 at 03:37:42PM -0500, Chris Adams wrote:
> I have a system with three NICs, one of which is running 802.1q to a
> switch with a couple of VLANs. I have eth0, eth1, eth2.20, and eth2.30.
> All is well with that setup.
>
> Now I am trying to build a virtual (KVM) system on the system. I need
> the same network access on the virtual system as on the physical system,
> so I built three bridge interfaces and moved all the physical system's
> network config (including the VLANs) to the bridges. So br0, br1,
> br2.20, br2.30 (with eth0 in br0, eth1 in br1, eth2 in br2). That all
> works.
>
> I am running qemu-kvm with options to create 3 NICs, each one with a tap
> interface (tap0, tap1, and tap2). I have scripts called to add each one
> to the corresponding bridge (tap0 to br0, tap1 to br1, tap2 to br2).
> Everything works in the virtual system except for the VLANs.
>
> Looking with tcpdump on the physical system, it looks like the packets
> from the virtual system are going out without the VLAN tags.
>
> Is this something that should work?

So you have something like:

------ --------
| | tap0 ----> br0 ----> eth0 | |
| VM | tap1 ----> br1 ----> eth1 | Host |
| | tap2 ----> br2 ----> eth2 | |
------ --------

Correct?

First of all, show us the tcpdump command you're running.

Your tap's won't contain VLAN tags because the VM isn't tagging
them.

Your bridges (br0, br1, br2) aren't going to tag them either.

And eth0, eth1, eth2 are regular interfaces, so they won't tag the
packets either.

So the fact that you're seeing untagged packets looks normal in this
setup.

If you've added VLAN tags to your bridge interfaces (br2.20,
etc...), then you should remove them from the physical interface
(eth2.20, etc...). Otherwise, eth2 won't see any tags (they'll get
funneled to eth2.XX w/o tags) and if you tcpdump eth2, you'll see
the traffic but it'll all be untagged.

So me the tcpdump command and explain what you'd like to see and I
think I can get it working for you. I did this whole dance a few
weeks ago as well.

--
Garry Dolley
ARP Networks, Inc. | http://www.arpnetworks.com | (818) 206-0181
Data center, VPS, and IP Transit solutions
Member Los Angeles County REACT, Unit 336 | WQGK336
Blog http://scie.nti.st
--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html