* [pve-devel] [PATCH v2 pve-common 0/1] disable rx-vlan-filter on iface in vlan-aware-bridge
@ 2023-06-27 6:53 Alexandre Derumier
2023-06-27 6:53 ` [pve-devel] [PATCH v2 pve-common 1/1] network_interfaces: disable rx-vlan-filter for physical interfaces ports of a vlan-aware bridge Alexandre Derumier
0 siblings, 1 reply; 2+ messages in thread
From: Alexandre Derumier @ 2023-06-27 6:53 UTC (permalink / raw)
To: pve-devel
Hi,
Some nics like mellanox connect-x or intel i40e don't work with vlan-aware-bridge
when too many vlans are defined.
Depend of the model, connectx-3 is limited to 64 vlans, connect-x4 to 128vlans
https://forum.proxmox.com/threads/proxmox-7-and-mellanox-connectx4-and-vlan-aware-bridge.104926/#post-555269
i40e seem to throw errors like
Jan 18 14:44:27 jupiter kernel: [ 145.060365] i40e 0000:3d:00.0: Error I40E_AQ_RC_ENOSPC, forcing overflow promiscuous on PF
https://forum.proxmox.com/threads/error-i40e_aq_rc_enospc-forcing-overflow-promiscuous-on-pf.62875/
https://forum.proxmox.com/threads/proxmox-8-and-i40e-driver-kernel-6-2.129364/
rx-vlan-filter is only a protection to drop packets with unknown vlan at nic level.
(not related to vlan offloading, where nic can support any number of vlan)
When vlan-aware is enabled, bridge is already doing the vlan filtering, so it's pretty safe to disable it.
(AFAIK, it was not enabled on proxmox 5, as I didn't have mellanox problem at this time)
This patch serie add rx-vlan-filter to /etc/network/interfaces on phys nic if the nic is port of vlan aware bridge.
(or slave of bond port of vlan-aware-bridge)
fix:
https://bugzilla.proxmox.com/show_bug.cgi?id=2329
https://bugzilla.proxmox.com/show_bug.cgi?id=3893
(maybe they are other related bug reports)
Changelog v2:
- merge missing patch
Alexandre Derumier (1):
network_interfaces: disable rx-vlan-filter for physical interfaces
ports of a vlan-aware bridge
src/PVE/INotify.pm | 15 +++++++++++++++
test/etc_network_interfaces/t.parsed_options.pl | 7 +++++++
2 files changed, 22 insertions(+)
--
2.39.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* [pve-devel] [PATCH v2 pve-common 1/1] network_interfaces: disable rx-vlan-filter for physical interfaces ports of a vlan-aware bridge
2023-06-27 6:53 [pve-devel] [PATCH v2 pve-common 0/1] disable rx-vlan-filter on iface in vlan-aware-bridge Alexandre Derumier
@ 2023-06-27 6:53 ` Alexandre Derumier
0 siblings, 0 replies; 2+ messages in thread
From: Alexandre Derumier @ 2023-06-27 6:53 UTC (permalink / raw)
To: pve-devel
some nic like mellanox connectx or intel i40e don't work well vlan-aware bridge
because they are limited in number of vlan filtering in hardware
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
src/PVE/INotify.pm | 15 +++++++++++++++
test/etc_network_interfaces/t.parsed_options.pl | 7 +++++++
2 files changed, 22 insertions(+)
diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm
index bc33a8f..c4dd85d 100644
--- a/src/PVE/INotify.pm
+++ b/src/PVE/INotify.pm
@@ -963,6 +963,7 @@ sub __read_etc_network_interfaces {
'vxlan-svcnodeip' => 1,
'vxlan-physdev' => 1,
'vxlan-local-tunnelip' => 1,
+ 'rx-vlan-filter' => 1,
};
if ($id eq 'address' || $id eq 'netmask' || $id eq 'broadcast' || $id eq 'gateway') {
@@ -1514,6 +1515,7 @@ sub __write_etc_network_interfaces {
}
# check bond
+ my $bondslaves = {};
foreach my $iface (keys %$ifaces) {
my $d = $ifaces->{$iface};
next if !($d->{type} eq 'bond' && $d->{slaves});
@@ -1529,6 +1531,7 @@ sub __write_etc_network_interfaces {
$check_mtu->($ifaces, $iface, $p);
$bond_primary_is_slave = 1 if $d->{'bond-primary'} && $d->{'bond-primary'} eq $p;
+ $bondslaves->{$p} = $iface;
}
die "bond '$iface' - bond-primary interface is not a slave" if $d->{'bond-primary'} && !$bond_primary_is_slave;
}
@@ -1658,6 +1661,18 @@ sub __write_etc_network_interfaces {
}
}
+ # disable rx-vlan-filter if physical nic is port of a vlan-aware bridge
+ foreach my $iface (keys %$ifaces) {
+ next if $iface !~ /^$PVE::Network::PHYSICAL_NIC_RE/;
+ my $phys_iface = $iface;
+ $iface = $bondslaves->{$iface} if $bondslaves->{$iface};
+ if ($bridgeports->{$iface} && $bridges->{$bridgeports->{$iface}}->{bridge_vlan_aware}) {
+ $ifaces->{$phys_iface}->{'rx-vlan-filter'} = 'off' if !defined($ifaces->{$phys_iface}->{'rx-vlan-filter'});
+ } else {
+ delete $ifaces->{$phys_iface}->{'rx-vlan-filter'};
+ }
+ }
+
my $raw = <<'NETWORKDOC';
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
diff --git a/test/etc_network_interfaces/t.parsed_options.pl b/test/etc_network_interfaces/t.parsed_options.pl
index bbb2a27..fbedf6a 100644
--- a/test/etc_network_interfaces/t.parsed_options.pl
+++ b/test/etc_network_interfaces/t.parsed_options.pl
@@ -15,6 +15,7 @@ my $gw6 = 'fc05::1';
# Load
my $cfg = load('base') . <<"CHECK";
iface eth1 inet manual
+ rx-vlan-filter off
auto vmbr0
iface vmbr0 inet static
@@ -23,6 +24,12 @@ iface vmbr0 inet static
bridge-ports eth0
bridge-stp off
bridge-fd 0
+
+auto vmbr1
+iface vmbr1 inet manual
+ bridge-ports eth1
+ bridge-stp off
+ bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
--
2.39.2
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-06-27 6:54 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-27 6:53 [pve-devel] [PATCH v2 pve-common 0/1] disable rx-vlan-filter on iface in vlan-aware-bridge Alexandre Derumier
2023-06-27 6:53 ` [pve-devel] [PATCH v2 pve-common 1/1] network_interfaces: disable rx-vlan-filter for physical interfaces ports of a vlan-aware bridge Alexandre Derumier
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.