Re: Combining bridging, 802.1q, and tap

From: Chris Adams
Date: Wed Apr 15 2009 - 20:53:12 EST


Once upon a time, Garry Dolley <gdolley@xxxxxxxxxxxxxxx> said:
> So you have something like:
>
> ------ --------
> | | tap0 ----> br0 ----> eth0 | |
> | VM | tap1 ----> br1 ----> eth1 | Host |
> | | tap2 ----> br2 ----> eth2 | |
> ------ --------
>
> Correct?

Not exactly. More like:

--------
| | eth0 --> br0
| Host | eth1 --> br1
| | eth2 --> br2 (VLANed with br2.20 and br2.30)
--------

--------
| | eth0 --> host tap0 --> br0
| KVM | eth1 --> host tap1 --> br1
| QEMU | eth2 --> host tap2 --> br2
| | (VLANed in the VM with eth2.20 and eth2.30)
--------

In the host, I see:

# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0002b3c1c9aa no eth0
tap0
br1 8000.0030bdb23c63 no eth1
tap1
br2 8000.0004614aee26 no eth2
tap2
# cat /proc/net/vlan/config
VLAN Dev name | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
br2.20 | 20 | br2
br2.30 | 30 | br2


In the VM, I see (no bridging here):
# cat /proc/net/vlan/config
VLAN Dev name | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
eth2.20 | 20 | eth2
eth2.30 | 30 | eth2


> First of all, show us the tcpdump command you're running.

I'm running "tcpdump -s0 -e -n -i eth2". If I run it in the host and
ping from the host to something on the LAN, I see:

19:00:16.629191 00:04:61:4a:ee:26 > Broadcast, ethertype 802.1Q (0x8100), length 46: vlan 20, p 0, ethertype ARP, arp who-has 172.24.54.14 tell 172.24.54.206
19:00:16.629420 00:30:48:22:9c:d1 > 00:04:61:4a:ee:26, ethertype 802.1Q (0x8100), length 64: vlan 20, p 0, ethertype ARP, arp reply 172.24.54.14 is-at 00:30:48:22:9c:d1
19:00:16.629477 00:04:61:4a:ee:26 > 00:30:48:22:9c:d1, ethertype 802.1Q (0x8100), length 102: vlan 20, p 0, ethertype IPv4, 172.24.54.206 > 172.24.54.14: ICMP echo request, id 49703, seq 1, length 64
19:00:16.630770 00:30:48:22:9c:d1 > 00:04:61:4a:ee:26, ethertype 802.1Q (0x8100), length 102: vlan 20, p 0, ethertype IPv4, 172.24.54.14 > 172.24.54.206: ICMP echo reply, id 49703, seq 1, length 64


If I run tcpdump in the VM and ping from the VM, I see:

19:02:04.443160 00:04:61:4a:ee:27 > Broadcast, ethertype ARP (0x0806), length 42: arp who-has 172.24.54.14 tell 172.24.54.207


I swear I saw tagged packets within the VM earlier. :-(

Okay, if I watch eth2 and eth2.20 with the same tcpdump command as
above, I see incoming packets correctly. On eth2, I see the tag, and
then they show up on eth2.20 without the tag. It appears to only be a
problem with outbound packets not getting tagged (I see the same
untagged packets in the host with a tcpdump on tap2).

Any ideas why the VM wouldn't be tagging properly? It appears to be
configured correctly. The VM system is RHEL5.3, with the latest kernel
(kernel-2.6.18-128.1.6.el5.x86_64). I don't have a non-virtual RHEL5
system I can put my hands on at the momet to test there to see if this
is a general bug.

--
Chris Adams <cmadams@xxxxxxxxxx>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html