* [pve-devel] [PATCH qemu-server 0/3] add disable bridge learning feature
@ 2021-09-24 8:51 Alexandre Derumier
2021-09-24 8:51 ` [pve-devel] [PATCH qemu-server 1/3] tap_plug: add support for bridge disable learning Alexandre Derumier
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Alexandre Derumier @ 2021-09-24 8:51 UTC (permalink / raw)
To: pve-devel
following pve-common
https://lists.proxmox.com/pipermail/pve-devel/2021-September/050090.html
Alexandre Derumier (3):
tap_plug: add support for bridge disable learning
vm_start/vm_resume : add_nets_bridge_fdb
migration : add del_nets_bridge_fdb
PVE/QemuMigrate.pm | 1 +
PVE/QemuServer.pm | 52 +++++++++++++++++++++++++--
test/MigrationTest/QemuMigrateMock.pm | 3 ++
vm-network-scripts/pve-bridge | 6 +++-
4 files changed, 58 insertions(+), 4 deletions(-)
--
2.30.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] [PATCH qemu-server 1/3] tap_plug: add support for bridge disable learning
2021-09-24 8:51 [pve-devel] [PATCH qemu-server 0/3] add disable bridge learning feature Alexandre Derumier
@ 2021-09-24 8:51 ` Alexandre Derumier
2021-09-24 8:51 ` [pve-devel] [PATCH qemu-server 2/3] vm_start/vm_resume : add_nets_bridge_fdb Alexandre Derumier
2021-09-24 8:51 ` [pve-devel] [PATCH qemu-server 3/3] migration : add del_nets_bridge_fdb Alexandre Derumier
2 siblings, 0 replies; 4+ messages in thread
From: Alexandre Derumier @ 2021-09-24 8:51 UTC (permalink / raw)
To: pve-devel
This disabling mac learning && unicast flood for the tap interface
for vmstart, we don't add mac directly to fdb.
We set it latter if it's a migration or a fresh start.
for nic hotplug, we directly add mac to fdb
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/QemuServer.pm | 7 ++++++-
vm-network-scripts/pve-bridge | 6 +++++-
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 0fb8628..1023ede 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -4867,8 +4867,13 @@ sub vmconfig_update_net {
if ($have_sdn) {
PVE::Network::SDN::Zones::tap_plug($iface, $newnet->{bridge}, $newnet->{tag}, $newnet->{firewall}, $newnet->{trunks}, $newnet->{rate});
+ PVE::Network::SDN::Zones::add_bridge_fdb($iface, $newnet->{macaddr}, $newnet->{bridge}, $newnet->{firewall});
} else {
- PVE::Network::tap_plug($iface, $newnet->{bridge}, $newnet->{tag}, $newnet->{firewall}, $newnet->{trunks}, $newnet->{rate});
+ my $interfaces_config = PVE::INotify::read_file('interfaces');
+ my $bridge = $newnet->{bridge};
+ my $disablelearning = 1 if $interfaces_config->{ifaces}->{$bridge} && $interfaces_config->{ifaces}->{$bridge}->{'bridge-disable-mac-learning'};
+ PVE::Network::tap_plug($iface, $newnet->{bridge}, $newnet->{tag}, $newnet->{firewall}, $newnet->{trunks}, $newnet->{rate}, $disablelearning);
+ PVE::Network::add_bridge_fdb($iface, $newnet->{macaddr}, $newnet->{firewall}) if $disablelearning;
}
} elsif (safe_num_ne($oldnet->{rate}, $newnet->{rate})) {
# Rate can be applied on its own but any change above needs to
diff --git a/vm-network-scripts/pve-bridge b/vm-network-scripts/pve-bridge
index d37ce33..ced5831 100755
--- a/vm-network-scripts/pve-bridge
+++ b/vm-network-scripts/pve-bridge
@@ -47,8 +47,12 @@ if ($have_sdn) {
PVE::Network::SDN::Zones::tap_create($iface, $net->{bridge});
PVE::Network::SDN::Zones::tap_plug($iface, $net->{bridge}, $net->{tag}, $net->{firewall}, $net->{trunks}, $net->{rate});
} else {
+ my $interfaces_config = PVE::INotify::read_file('interfaces');
+ my $bridge = $net->{bridge};
+ my $disablelearning = 1 if $interfaces_config->{ifaces}->{$bridge} && $interfaces_config->{ifaces}->{$bridge}->{'bridge-disable-mac-learning'};
+
PVE::Network::tap_create($iface, $net->{bridge});
- PVE::Network::tap_plug($iface, $net->{bridge}, $net->{tag}, $net->{firewall}, $net->{trunks}, $net->{rate});
+ PVE::Network::tap_plug($iface, $net->{bridge}, $net->{tag}, $net->{firewall}, $net->{trunks}, $net->{rate}, $disablelearning);
}
exit 0;
--
2.30.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] [PATCH qemu-server 2/3] vm_start/vm_resume : add_nets_bridge_fdb
2021-09-24 8:51 [pve-devel] [PATCH qemu-server 0/3] add disable bridge learning feature Alexandre Derumier
2021-09-24 8:51 ` [pve-devel] [PATCH qemu-server 1/3] tap_plug: add support for bridge disable learning Alexandre Derumier
@ 2021-09-24 8:51 ` Alexandre Derumier
2021-09-24 8:51 ` [pve-devel] [PATCH qemu-server 3/3] migration : add del_nets_bridge_fdb Alexandre Derumier
2 siblings, 0 replies; 4+ messages in thread
From: Alexandre Derumier @ 2021-09-24 8:51 UTC (permalink / raw)
To: pve-devel
on vm start (no live migration), we can simply add mac address in fdb.
In case of a live migration, we add the mac address just before the resume.
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/QemuServer.pm | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 1023ede..2f51938 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -5453,6 +5453,7 @@ sub vm_start_nolock {
my $nicconf = parse_net($conf->{$opt});
qemu_set_link_status($vmid, $opt, 0) if $nicconf->{link_down};
}
+ add_nets_bridge_fdb($conf, $vmid);
}
mon_cmd($vmid, 'qom-set',
@@ -5802,6 +5803,7 @@ sub vm_resume {
my $res = mon_cmd($vmid, 'query-status');
my $resume_cmd = 'cont';
my $reset = 0;
+ my $conf = PVE::QemuConfig->load_config($vmid);
if ($res->{status}) {
return if $res->{status} eq 'running'; # job done, go home
@@ -5811,8 +5813,6 @@ sub vm_resume {
if (!$nocheck) {
- my $conf = PVE::QemuConfig->load_config($vmid);
-
PVE::QemuConfig->check_lock($conf)
if !($skiplock || PVE::QemuConfig->has_lock($conf, 'backup'));
}
@@ -5822,6 +5822,9 @@ sub vm_resume {
# request before the backup finishes for example
mon_cmd($vmid, "system_reset");
}
+
+ add_nets_bridge_fdb($conf, $vmid) if $resume_cmd eq 'cont';
+
mon_cmd($vmid, $resume_cmd);
});
}
@@ -7796,4 +7799,22 @@ sub check_volume_storage_type {
return 1;
}
+sub add_nets_bridge_fdb {
+ my ($conf, $vmid) = @_;
+
+ foreach my $opt (keys %$conf) {
+ if ($opt =~ m/^net(\d+)$/) {
+ my $net = parse_net($conf->{$opt});
+ next if !$net;
+ next if !$net->{macaddr};
+
+ my $iface = "tap${vmid}i$1";
+ if ($have_sdn) {
+ PVE::Network::SDN::Zones::add_bridge_fdb($iface, $net->{macaddr}, $net->{bridge}, $net->{firewall});
+ } else {
+ PVE::Network::add_bridge_fdb($iface, $net->{macaddr}, $net->{firewall});
+ }
+ }
+ }
+}
1;
--
2.30.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] [PATCH qemu-server 3/3] migration : add del_nets_bridge_fdb
2021-09-24 8:51 [pve-devel] [PATCH qemu-server 0/3] add disable bridge learning feature Alexandre Derumier
2021-09-24 8:51 ` [pve-devel] [PATCH qemu-server 1/3] tap_plug: add support for bridge disable learning Alexandre Derumier
2021-09-24 8:51 ` [pve-devel] [PATCH qemu-server 2/3] vm_start/vm_resume : add_nets_bridge_fdb Alexandre Derumier
@ 2021-09-24 8:51 ` Alexandre Derumier
2 siblings, 0 replies; 4+ messages in thread
From: Alexandre Derumier @ 2021-09-24 8:51 UTC (permalink / raw)
To: pve-devel
at the end of a live migration, we need to remove old mac entries
on source host (vm is not yet stopped), before resume vm on target host
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/QemuMigrate.pm | 1 +
PVE/QemuServer.pm | 20 ++++++++++++++++++++
test/MigrationTest/QemuMigrateMock.pm | 3 +++
3 files changed, 24 insertions(+)
diff --git a/PVE/QemuMigrate.pm b/PVE/QemuMigrate.pm
index 5ecc2a7..afd8021 100644
--- a/PVE/QemuMigrate.pm
+++ b/PVE/QemuMigrate.pm
@@ -1266,6 +1266,7 @@ sub phase3_cleanup {
# transfer replication state before move config
$self->transfer_replication_state() if $self->{is_replicated};
+ PVE::QemuServer::del_nets_bridge_fdb($conf, $vmid);
PVE::QemuConfig->move_config_to_node($vmid, $self->{node});
$self->switch_replication_job_target() if $self->{is_replicated};
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 2f51938..babaff8 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -7817,4 +7817,24 @@ sub add_nets_bridge_fdb {
}
}
}
+
+sub del_nets_bridge_fdb {
+ my ($conf, $vmid) = @_;
+
+ foreach my $opt (keys %$conf) {
+ if ($opt =~ m/^net(\d+)$/) {
+ my $net = parse_net($conf->{$opt});
+ next if !$net;
+ next if !$net->{macaddr};
+
+ my $iface = "tap${vmid}i$1";
+ if ($have_sdn) {
+ PVE::Network::SDN::Zones::del_bridge_fdb($iface, $net->{macaddr}, $net->{bridge}, $net->{firewall});
+ } else {
+ PVE::Network::del_bridge_fdb($iface, $net->{macaddr}, $net->{firewall});
+ }
+ }
+ }
+}
+
1;
diff --git a/test/MigrationTest/QemuMigrateMock.pm b/test/MigrationTest/QemuMigrateMock.pm
index 8e0b7d0..a40f5c8 100644
--- a/test/MigrationTest/QemuMigrateMock.pm
+++ b/test/MigrationTest/QemuMigrateMock.pm
@@ -154,6 +154,9 @@ $MigrationTest::Shared::qemu_server_module->mock(
$vm_stop_executed = 1;
delete $expected_calls->{'vm_stop'};
},
+ del_nets_bridge_fdb => sub {
+ return;
+ },
);
my $qemu_server_cpuconfig_module = Test::MockModule->new("PVE::QemuServer::CPUConfig");
--
2.30.2
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-09-24 8:51 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-24 8:51 [pve-devel] [PATCH qemu-server 0/3] add disable bridge learning feature Alexandre Derumier
2021-09-24 8:51 ` [pve-devel] [PATCH qemu-server 1/3] tap_plug: add support for bridge disable learning Alexandre Derumier
2021-09-24 8:51 ` [pve-devel] [PATCH qemu-server 2/3] vm_start/vm_resume : add_nets_bridge_fdb Alexandre Derumier
2021-09-24 8:51 ` [pve-devel] [PATCH qemu-server 3/3] migration : add del_nets_bridge_fdb Alexandre Derumier
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.