* [pve-devel] [PATCH pve-network] zone: qinq: add vnet without tag support
@ 2021-04-29 21:00 Alexandre Derumier
2021-05-05 6:26 ` [pve-devel] applied: " Thomas Lamprecht
0 siblings, 1 reply; 2+ messages in thread
From: Alexandre Derumier @ 2021-04-29 21:00 UTC (permalink / raw)
To: pve-devel
some user want to be able to define a vnet without vlan,
so at qinq zone level, to be able to see traffic from others vnets of this
qinq zone.
Some example of usage is a inter-vnet firewall/gateway vm.
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/Network/SDN/Zones/QinQPlugin.pm | 97 +++++++++----------
.../zones/qinq/bridge/expected_sdn_interfaces | 53 +++++++---
.../bridge_notagvnet/expected_sdn_interfaces | 36 +++++++
test/zones/qinq/bridge_notagvnet/interfaces | 5 +
test/zones/qinq/bridge_notagvnet/sdn_config | 14 +++
.../bridge_vlanaware/expected_sdn_interfaces | 24 ++++-
.../expected_sdn_interfaces | 27 ++++++
.../bridge_vlanaware_notagvnet/interfaces | 7 ++
.../bridge_vlanaware_notagvnet/sdn_config | 11 +++
.../expected_sdn_interfaces | 12 ++-
.../expected_sdn_interfaces | 12 ++-
.../expected_sdn_interfaces | 23 ++++-
.../expected_sdn_interfaces | 23 ++++-
test/zones/qinq/ovs/expected_sdn_interfaces | 24 ++++-
.../ovs_notagvnet/expected_sdn_interfaces | 37 +++++++
test/zones/qinq/ovs_notagvnet/interfaces | 9 ++
test/zones/qinq/ovs_notagvnet/sdn_config | 11 +++
.../ovs_vlanawarevnet/expected_sdn_interfaces | 12 ++-
.../ovs_vlanprotocol/expected_sdn_interfaces | 12 ++-
19 files changed, 366 insertions(+), 83 deletions(-)
create mode 100644 test/zones/qinq/bridge_notagvnet/expected_sdn_interfaces
create mode 100644 test/zones/qinq/bridge_notagvnet/interfaces
create mode 100644 test/zones/qinq/bridge_notagvnet/sdn_config
create mode 100644 test/zones/qinq/bridge_vlanaware_notagvnet/expected_sdn_interfaces
create mode 100644 test/zones/qinq/bridge_vlanaware_notagvnet/interfaces
create mode 100644 test/zones/qinq/bridge_vlanaware_notagvnet/sdn_config
create mode 100644 test/zones/qinq/ovs_notagvnet/expected_sdn_interfaces
create mode 100644 test/zones/qinq/ovs_notagvnet/interfaces
create mode 100644 test/zones/qinq/ovs_notagvnet/sdn_config
diff --git a/PVE/Network/SDN/Zones/QinQPlugin.pm b/PVE/Network/SDN/Zones/QinQPlugin.pm
index c5016f5..8282e35 100644
--- a/PVE/Network/SDN/Zones/QinQPlugin.pm
+++ b/PVE/Network/SDN/Zones/QinQPlugin.pm
@@ -65,6 +65,16 @@ sub generate_sdn_config {
my @iface_config = ();
my $vnet_bridge_ports = "";
+ my $zone_bridge_ports = "";
+ my $zone_notag_uplink = "ln_".$zoneid;
+ my $zone_notag_uplinkpeer = "pr_".$zoneid;
+ my $zone = "z_$zoneid";
+
+ if($ctag) {
+ $vnet_bridge_ports = "$zone.$ctag";
+ } else {
+ $vnet_bridge_ports = $zone_notag_uplinkpeer;
+ }
if($is_ovs) {
@@ -72,7 +82,6 @@ sub generate_sdn_config {
$vlanprotocol = "802.1q" if !$vlanprotocol;
my $svlan_iface = "sv_".$zoneid;
- my $zone = "z_$zoneid";
#ovs dot1q-tunnel port
@iface_config = ();
@@ -87,45 +96,23 @@ sub generate_sdn_config {
my @ovs_ports = split / / , @{$config->{$bridge}}[0];
@{$config->{$bridge}}[0] .= " $svlan_iface" if !grep( $_ eq $svlan_iface, @ovs_ports );
- #zone vlan aware bridge
- @iface_config = ();
- push @iface_config, "mtu $mtu" if $mtu;
- push @iface_config, "bridge-stp off";
- push @iface_config, "bridge-ports $svlan_iface";
- push @iface_config, "bridge-fd 0";
- push @iface_config, "bridge-vlan-aware yes";
- push @iface_config, "bridge-vids 2-4094";
- push(@{$config->{$zone}}, @iface_config) if !$config->{$zone};
-
- $vnet_bridge_ports = "$zone.$ctag";
+ $zone_bridge_ports = $svlan_iface;
} elsif ($vlan_aware) {
#vlanawarebrige-(tag)----->vlanwarebridge-(tag)----->vnet
- my $zone = "z_$zoneid";
-
if($vlanprotocol) {
@iface_config = ();
push @iface_config, "bridge-vlan-protocol $vlanprotocol";
push(@{$config->{$bridge}}, @iface_config) if !$config->{$bridge};
}
- #zone vlan bridge
- @iface_config = ();
- push @iface_config, "mtu $mtu" if $mtu;
- push @iface_config, "bridge-stp off";
- push @iface_config, "bridge-ports $bridge.$stag";
- push @iface_config, "bridge-fd 0";
- push @iface_config, "bridge-vlan-aware yes";
- push @iface_config, "bridge-vids 2-4094";
- push(@{$config->{$zone}}, @iface_config) if !$config->{$zone};
-
- $vnet_bridge_ports = "$zone.$ctag";
+ $zone_bridge_ports = "$bridge.$stag";
} else {
- #eth--->eth.x(svlan)--->eth.x.y(cvlan)---->vnet
+ #eth--->eth.x(svlan)----->vlanwarebridge-(tag)----->vnet---->vnet
my @bridge_ifaces = PVE::Network::SDN::Zones::Plugin::get_bridge_ifaces($bridge);
@@ -133,7 +120,6 @@ sub generate_sdn_config {
# use named vlan interface to avoid too long names
my $svlan_iface = "sv_$zoneid";
- my $cvlan_iface = "cv_$vnetid";
#svlan
@iface_config = ();
@@ -142,16 +128,32 @@ sub generate_sdn_config {
push @iface_config, "vlan-protocol $vlanprotocol" if $vlanprotocol;
push(@{$config->{$svlan_iface}}, @iface_config) if !$config->{$svlan_iface};
- #cvlan
- @iface_config = ();
- push @iface_config, "vlan-raw-device $svlan_iface";
- push @iface_config, "vlan-id $ctag";
- push(@{$config->{$cvlan_iface}}, @iface_config) if !$config->{$cvlan_iface};
-
- $vnet_bridge_ports .= " $cvlan_iface";
+ $zone_bridge_ports = $svlan_iface;
+ last;
}
}
+ #veth peer for notag vnet
+ @iface_config = ();
+ push @iface_config, "link-type veth";
+ push @iface_config, "veth-peer-name $zone_notag_uplinkpeer";
+ push(@{$config->{$zone_notag_uplink}}, @iface_config) if !$config->{$zone_notag_uplink};
+
+ @iface_config = ();
+ push @iface_config, "link-type veth";
+ push @iface_config, "veth-peer-name $zone_notag_uplink";
+ push(@{$config->{$zone_notag_uplinkpeer}}, @iface_config) if !$config->{$zone_notag_uplinkpeer};
+
+ #zone vlan aware bridge
+ @iface_config = ();
+ push @iface_config, "mtu $mtu" if $mtu;
+ push @iface_config, "bridge-stp off";
+ push @iface_config, "bridge-ports $zone_bridge_ports $zone_notag_uplink";
+ push @iface_config, "bridge-fd 0";
+ push @iface_config, "bridge-vlan-aware yes";
+ push @iface_config, "bridge-vids 2-4094";
+ push(@{$config->{$zone}}, @iface_config) if !$config->{$zone};
+
#vnet bridge
@iface_config = ();
push @iface_config, "bridge_ports $vnet_bridge_ports";
@@ -179,27 +181,24 @@ sub status {
}
my $vlan_aware = PVE::Network::SDN::Zones::Plugin::is_vlanaware($bridge);
- my $is_ovs = PVE::Network::SDN::Zones::Plugin::is_ovs($bridge);
my $tag = $vnet->{tag};
my $vnet_uplink = "ln_".$vnetid;
my $vnet_uplinkpeer = "pr_".$vnetid;
+ my $zone_notag_uplink = "ln_".$zone;
+ my $zone_notag_uplinkpeer = "pr_".$zone;
+ my $zonebridge = "z_$zone";
# ifaces to check
my $ifaces = [ $vnetid, $bridge ];
- if($is_ovs) {
- my $svlan_iface = "sv_".$zone;
- my $zonebridge = "z_$zone";
- push @$ifaces, $svlan_iface;
- push @$ifaces, $zonebridge;
- } elsif ($vlan_aware) {
- my $zonebridge = "z_$zone";
- push @$ifaces, $zonebridge;
- } else {
- my $svlan_iface = "sv_$vnetid";
- my $cvlan_iface = "cv_$vnetid";
+
+ push @$ifaces, $zonebridge;
+ push @$ifaces, $zone_notag_uplink;
+ push @$ifaces, $zone_notag_uplinkpeer;
+
+ if (!$vlan_aware) {
+ my $svlan_iface = "sv_$zone";
push @$ifaces, $svlan_iface;
- push @$ifaces, $cvlan_iface;
}
foreach my $iface (@{$ifaces}) {
@@ -218,8 +217,7 @@ sub vnet_update_hook {
my $vnet = $vnet_cfg->{ids}->{$vnetid};
my $tag = $vnet->{tag};
- raise_param_exc({ tag => "missing vlan tag"}) if !defined($vnet->{tag});
- raise_param_exc({ tag => "vlan tag max value is 4096"}) if $vnet->{tag} > 4096;
+ raise_param_exc({ tag => "vlan tag max value is 4096"}) if $tag && $tag > 4096;
# verify that tag is not already defined in another vnet on same zone
foreach my $id (keys %{$vnet_cfg->{ids}}) {
@@ -228,6 +226,7 @@ sub vnet_update_hook {
my $other_tag = $othervnet->{tag};
next if $vnet->{zone} ne $othervnet->{zone};
raise_param_exc({ tag => "tag $tag already exist in vnet $id"}) if $other_tag && $tag eq $other_tag;
+ raise_param_exc({ tag => "vnet $id without tag already exist in this zone"}) if !$other_tag && !$tag;
}
}
diff --git a/test/zones/qinq/bridge/expected_sdn_interfaces b/test/zones/qinq/bridge/expected_sdn_interfaces
index 91ef667..58a0e23 100644
--- a/test/zones/qinq/bridge/expected_sdn_interfaces
+++ b/test/zones/qinq/bridge/expected_sdn_interfaces
@@ -1,38 +1,43 @@
#version:1
-auto cv_myvnet
-iface cv_myvnet
- vlan-raw-device sv_myzone
- vlan-id 100
+auto ln_myzone
+iface ln_myzone
+ link-type veth
+ veth-peer-name pr_myzone
-auto cv_myvnet2
-iface cv_myvnet2
- vlan-raw-device sv_myzone
- vlan-id 101
-
-auto cv_myvnet3
-iface cv_myvnet3
- vlan-raw-device sv_myzone2
- vlan-id 100
+auto ln_myzone2
+iface ln_myzone2
+ link-type veth
+ veth-peer-name pr_myzone2
auto myvnet
iface myvnet
- bridge_ports cv_myvnet
+ bridge_ports z_myzone.100
bridge_stp off
bridge_fd 0
auto myvnet2
iface myvnet2
- bridge_ports cv_myvnet2
+ bridge_ports z_myzone.101
bridge_stp off
bridge_fd 0
auto myvnet3
iface myvnet3
- bridge_ports cv_myvnet3
+ bridge_ports z_myzone2.100
bridge_stp off
bridge_fd 0
+auto pr_myzone
+iface pr_myzone
+ link-type veth
+ veth-peer-name ln_myzone
+
+auto pr_myzone2
+iface pr_myzone2
+ link-type veth
+ veth-peer-name ln_myzone2
+
auto sv_myzone
iface sv_myzone
vlan-raw-device eth0
@@ -42,3 +47,19 @@ auto sv_myzone2
iface sv_myzone2
vlan-raw-device eth0
vlan-id 20
+
+auto z_myzone
+iface z_myzone
+ bridge-stp off
+ bridge-ports sv_myzone ln_myzone
+ bridge-fd 0
+ bridge-vlan-aware yes
+ bridge-vids 2-4094
+
+auto z_myzone2
+iface z_myzone2
+ bridge-stp off
+ bridge-ports sv_myzone2 ln_myzone2
+ bridge-fd 0
+ bridge-vlan-aware yes
+ bridge-vids 2-4094
diff --git a/test/zones/qinq/bridge_notagvnet/expected_sdn_interfaces b/test/zones/qinq/bridge_notagvnet/expected_sdn_interfaces
new file mode 100644
index 0000000..cfa43a2
--- /dev/null
+++ b/test/zones/qinq/bridge_notagvnet/expected_sdn_interfaces
@@ -0,0 +1,36 @@
+#version:1
+
+auto ln_myzone
+iface ln_myzone
+ link-type veth
+ veth-peer-name pr_myzone
+
+auto myvnet
+iface myvnet
+ bridge_ports z_myzone.100
+ bridge_stp off
+ bridge_fd 0
+
+auto myvnet2
+iface myvnet2
+ bridge_ports pr_myzone
+ bridge_stp off
+ bridge_fd 0
+
+auto pr_myzone
+iface pr_myzone
+ link-type veth
+ veth-peer-name ln_myzone
+
+auto sv_myzone
+iface sv_myzone
+ vlan-raw-device eth0
+ vlan-id 10
+
+auto z_myzone
+iface z_myzone
+ bridge-stp off
+ bridge-ports sv_myzone ln_myzone
+ bridge-fd 0
+ bridge-vlan-aware yes
+ bridge-vids 2-4094
diff --git a/test/zones/qinq/bridge_notagvnet/interfaces b/test/zones/qinq/bridge_notagvnet/interfaces
new file mode 100644
index 0000000..68b6a88
--- /dev/null
+++ b/test/zones/qinq/bridge_notagvnet/interfaces
@@ -0,0 +1,5 @@
+auto vmbr0
+iface vmbr0 inet manual
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
diff --git a/test/zones/qinq/bridge_notagvnet/sdn_config b/test/zones/qinq/bridge_notagvnet/sdn_config
new file mode 100644
index 0000000..1b1938a
--- /dev/null
+++ b/test/zones/qinq/bridge_notagvnet/sdn_config
@@ -0,0 +1,14 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { tag => 100, type => "vnet", zone => "myzone" },
+ myvnet2 => { type => "vnet", zone => "myzone" },
+ },
+ },
+ zones => {
+ ids => {
+ myzone => { bridge => "vmbr0", tag => 10, ipam => "pve", type => "qinq" },
+ },
+ },
+}
diff --git a/test/zones/qinq/bridge_vlanaware/expected_sdn_interfaces b/test/zones/qinq/bridge_vlanaware/expected_sdn_interfaces
index 7eefce1..c325dec 100644
--- a/test/zones/qinq/bridge_vlanaware/expected_sdn_interfaces
+++ b/test/zones/qinq/bridge_vlanaware/expected_sdn_interfaces
@@ -1,5 +1,15 @@
#version:1
+auto ln_myzone
+iface ln_myzone
+ link-type veth
+ veth-peer-name pr_myzone
+
+auto ln_myzone2
+iface ln_myzone2
+ link-type veth
+ veth-peer-name pr_myzone2
+
auto myvnet
iface myvnet
bridge_ports z_myzone.100
@@ -18,10 +28,20 @@ iface myvnet3
bridge_stp off
bridge_fd 0
+auto pr_myzone
+iface pr_myzone
+ link-type veth
+ veth-peer-name ln_myzone
+
+auto pr_myzone2
+iface pr_myzone2
+ link-type veth
+ veth-peer-name ln_myzone2
+
auto z_myzone
iface z_myzone
bridge-stp off
- bridge-ports vmbr0.10
+ bridge-ports vmbr0.10 ln_myzone
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
@@ -29,7 +49,7 @@ iface z_myzone
auto z_myzone2
iface z_myzone2
bridge-stp off
- bridge-ports vmbr0.20
+ bridge-ports vmbr0.20 ln_myzone2
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
diff --git a/test/zones/qinq/bridge_vlanaware_notagvnet/expected_sdn_interfaces b/test/zones/qinq/bridge_vlanaware_notagvnet/expected_sdn_interfaces
new file mode 100644
index 0000000..cd87a3a
--- /dev/null
+++ b/test/zones/qinq/bridge_vlanaware_notagvnet/expected_sdn_interfaces
@@ -0,0 +1,27 @@
+#version:1
+
+auto ln_myzone
+iface ln_myzone
+ link-type veth
+ veth-peer-name pr_myzone
+
+auto myvnet
+iface myvnet
+ bridge_ports pr_myzone
+ bridge_stp off
+ bridge_fd 0
+ bridge-vlan-aware yes
+ bridge-vids 2-4094
+
+auto pr_myzone
+iface pr_myzone
+ link-type veth
+ veth-peer-name ln_myzone
+
+auto z_myzone
+iface z_myzone
+ bridge-stp off
+ bridge-ports vmbr0.10 ln_myzone
+ bridge-fd 0
+ bridge-vlan-aware yes
+ bridge-vids 2-4094
diff --git a/test/zones/qinq/bridge_vlanaware_notagvnet/interfaces b/test/zones/qinq/bridge_vlanaware_notagvnet/interfaces
new file mode 100644
index 0000000..cfdfafe
--- /dev/null
+++ b/test/zones/qinq/bridge_vlanaware_notagvnet/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet manual
+ bridge-ports eth0
+ bridge-stp off
+ bridge-fd 0
+ bridge-vids 2-4094
+ bridge-vlan-aware 1
diff --git a/test/zones/qinq/bridge_vlanaware_notagvnet/sdn_config b/test/zones/qinq/bridge_vlanaware_notagvnet/sdn_config
new file mode 100644
index 0000000..2382f4d
--- /dev/null
+++ b/test/zones/qinq/bridge_vlanaware_notagvnet/sdn_config
@@ -0,0 +1,11 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { type => "vnet", vlanaware => "1", zone => "myzone" },
+ },
+ },
+ zones => {
+ ids => { myzone => { bridge => "vmbr0", tag => 10, ipam => "pve", type => "qinq" } },
+ },
+}
diff --git a/test/zones/qinq/bridge_vlanaware_vlanawarevnet/expected_sdn_interfaces b/test/zones/qinq/bridge_vlanaware_vlanawarevnet/expected_sdn_interfaces
index 373eff2..28d215b 100644
--- a/test/zones/qinq/bridge_vlanaware_vlanawarevnet/expected_sdn_interfaces
+++ b/test/zones/qinq/bridge_vlanaware_vlanawarevnet/expected_sdn_interfaces
@@ -1,5 +1,10 @@
#version:1
+auto ln_myzone
+iface ln_myzone
+ link-type veth
+ veth-peer-name pr_myzone
+
auto myvnet
iface myvnet
bridge_ports z_myzone.100
@@ -8,10 +13,15 @@ iface myvnet
bridge-vlan-aware yes
bridge-vids 2-4094
+auto pr_myzone
+iface pr_myzone
+ link-type veth
+ veth-peer-name ln_myzone
+
auto z_myzone
iface z_myzone
bridge-stp off
- bridge-ports vmbr0.10
+ bridge-ports vmbr0.10 ln_myzone
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
diff --git a/test/zones/qinq/bridge_vlanaware_vlanprotocol/expected_sdn_interfaces b/test/zones/qinq/bridge_vlanaware_vlanprotocol/expected_sdn_interfaces
index 6bf2b12..0bc301b 100644
--- a/test/zones/qinq/bridge_vlanaware_vlanprotocol/expected_sdn_interfaces
+++ b/test/zones/qinq/bridge_vlanaware_vlanprotocol/expected_sdn_interfaces
@@ -1,11 +1,21 @@
#version:1
+auto ln_myzone
+iface ln_myzone
+ link-type veth
+ veth-peer-name pr_myzone
+
auto myvnet
iface myvnet
bridge_ports z_myzone.100
bridge_stp off
bridge_fd 0
+auto pr_myzone
+iface pr_myzone
+ link-type veth
+ veth-peer-name ln_myzone
+
auto vmbr0
iface vmbr0
bridge-vlan-protocol 802.1ad
@@ -13,7 +23,7 @@ iface vmbr0
auto z_myzone
iface z_myzone
bridge-stp off
- bridge-ports vmbr0.10
+ bridge-ports vmbr0.10 ln_myzone
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
diff --git a/test/zones/qinq/bridge_vlanawarevnet/expected_sdn_interfaces b/test/zones/qinq/bridge_vlanawarevnet/expected_sdn_interfaces
index 59265fd..bde23d9 100644
--- a/test/zones/qinq/bridge_vlanawarevnet/expected_sdn_interfaces
+++ b/test/zones/qinq/bridge_vlanawarevnet/expected_sdn_interfaces
@@ -1,19 +1,32 @@
#version:1
-auto cv_myvnet
-iface cv_myvnet
- vlan-raw-device sv_myzone
- vlan-id 100
+auto ln_myzone
+iface ln_myzone
+ link-type veth
+ veth-peer-name pr_myzone
auto myvnet
iface myvnet
- bridge_ports cv_myvnet
+ bridge_ports z_myzone.100
bridge_stp off
bridge_fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
+auto pr_myzone
+iface pr_myzone
+ link-type veth
+ veth-peer-name ln_myzone
+
auto sv_myzone
iface sv_myzone
vlan-raw-device eth0
vlan-id 10
+
+auto z_myzone
+iface z_myzone
+ bridge-stp off
+ bridge-ports sv_myzone ln_myzone
+ bridge-fd 0
+ bridge-vlan-aware yes
+ bridge-vids 2-4094
diff --git a/test/zones/qinq/bridge_vlanprotocol/expected_sdn_interfaces b/test/zones/qinq/bridge_vlanprotocol/expected_sdn_interfaces
index 528ceaa..6b59164 100644
--- a/test/zones/qinq/bridge_vlanprotocol/expected_sdn_interfaces
+++ b/test/zones/qinq/bridge_vlanprotocol/expected_sdn_interfaces
@@ -1,18 +1,31 @@
#version:1
-auto cv_myvnet
-iface cv_myvnet
- vlan-raw-device sv_myzone
- vlan-id 100
+auto ln_myzone
+iface ln_myzone
+ link-type veth
+ veth-peer-name pr_myzone
auto myvnet
iface myvnet
- bridge_ports cv_myvnet
+ bridge_ports z_myzone.100
bridge_stp off
bridge_fd 0
+auto pr_myzone
+iface pr_myzone
+ link-type veth
+ veth-peer-name ln_myzone
+
auto sv_myzone
iface sv_myzone
vlan-raw-device eth0
vlan-id 10
vlan-protocol 802.1ad
+
+auto z_myzone
+iface z_myzone
+ bridge-stp off
+ bridge-ports sv_myzone ln_myzone
+ bridge-fd 0
+ bridge-vlan-aware yes
+ bridge-vids 2-4094
diff --git a/test/zones/qinq/ovs/expected_sdn_interfaces b/test/zones/qinq/ovs/expected_sdn_interfaces
index 068ae7d..d25b2a8 100644
--- a/test/zones/qinq/ovs/expected_sdn_interfaces
+++ b/test/zones/qinq/ovs/expected_sdn_interfaces
@@ -1,5 +1,15 @@
#version:1
+auto ln_myzone
+iface ln_myzone
+ link-type veth
+ veth-peer-name pr_myzone
+
+auto ln_myzone2
+iface ln_myzone2
+ link-type veth
+ veth-peer-name pr_myzone2
+
auto myvnet
iface myvnet
bridge_ports z_myzone.100
@@ -18,6 +28,16 @@ iface myvnet3
bridge_stp off
bridge_fd 0
+auto pr_myzone
+iface pr_myzone
+ link-type veth
+ veth-peer-name ln_myzone
+
+auto pr_myzone2
+iface pr_myzone2
+ link-type veth
+ veth-peer-name ln_myzone2
+
auto sv_myzone
iface sv_myzone
ovs_type OVSIntPort
@@ -37,7 +57,7 @@ iface vmbr0
auto z_myzone
iface z_myzone
bridge-stp off
- bridge-ports sv_myzone
+ bridge-ports sv_myzone ln_myzone
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
@@ -45,7 +65,7 @@ iface z_myzone
auto z_myzone2
iface z_myzone2
bridge-stp off
- bridge-ports sv_myzone2
+ bridge-ports sv_myzone2 ln_myzone2
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
diff --git a/test/zones/qinq/ovs_notagvnet/expected_sdn_interfaces b/test/zones/qinq/ovs_notagvnet/expected_sdn_interfaces
new file mode 100644
index 0000000..5f47b28
--- /dev/null
+++ b/test/zones/qinq/ovs_notagvnet/expected_sdn_interfaces
@@ -0,0 +1,37 @@
+#version:1
+
+auto ln_myzone
+iface ln_myzone
+ link-type veth
+ veth-peer-name pr_myzone
+
+auto myvnet
+iface myvnet
+ bridge_ports pr_myzone
+ bridge_stp off
+ bridge_fd 0
+ bridge-vlan-aware yes
+ bridge-vids 2-4094
+
+auto pr_myzone
+iface pr_myzone
+ link-type veth
+ veth-peer-name ln_myzone
+
+auto sv_myzone
+iface sv_myzone
+ ovs_type OVSIntPort
+ ovs_bridge vmbr0
+ ovs_options vlan_mode=dot1q-tunnel tag=10 other_config:qinq-ethtype=802.1q
+
+auto vmbr0
+iface vmbr0
+ ovs_ports sv_myzone
+
+auto z_myzone
+iface z_myzone
+ bridge-stp off
+ bridge-ports sv_myzone ln_myzone
+ bridge-fd 0
+ bridge-vlan-aware yes
+ bridge-vids 2-4094
diff --git a/test/zones/qinq/ovs_notagvnet/interfaces b/test/zones/qinq/ovs_notagvnet/interfaces
new file mode 100644
index 0000000..14d2f1e
--- /dev/null
+++ b/test/zones/qinq/ovs_notagvnet/interfaces
@@ -0,0 +1,9 @@
+auto eth0
+iface eth0 inet manual
+ ovs_type OVSPort
+ ovs_bridge vmbr0
+
+auto vmbr0
+iface vmbr0 inet manual
+ ovs_type OVSBridge
+ ovs_ports eth0
diff --git a/test/zones/qinq/ovs_notagvnet/sdn_config b/test/zones/qinq/ovs_notagvnet/sdn_config
new file mode 100644
index 0000000..2382f4d
--- /dev/null
+++ b/test/zones/qinq/ovs_notagvnet/sdn_config
@@ -0,0 +1,11 @@
+{
+ version => 1,
+ vnets => {
+ ids => {
+ myvnet => { type => "vnet", vlanaware => "1", zone => "myzone" },
+ },
+ },
+ zones => {
+ ids => { myzone => { bridge => "vmbr0", tag => 10, ipam => "pve", type => "qinq" } },
+ },
+}
diff --git a/test/zones/qinq/ovs_vlanawarevnet/expected_sdn_interfaces b/test/zones/qinq/ovs_vlanawarevnet/expected_sdn_interfaces
index cf87ad1..d69d38c 100644
--- a/test/zones/qinq/ovs_vlanawarevnet/expected_sdn_interfaces
+++ b/test/zones/qinq/ovs_vlanawarevnet/expected_sdn_interfaces
@@ -1,5 +1,10 @@
#version:1
+auto ln_myzone
+iface ln_myzone
+ link-type veth
+ veth-peer-name pr_myzone
+
auto myvnet
iface myvnet
bridge_ports z_myzone.100
@@ -8,6 +13,11 @@ iface myvnet
bridge-vlan-aware yes
bridge-vids 2-4094
+auto pr_myzone
+iface pr_myzone
+ link-type veth
+ veth-peer-name ln_myzone
+
auto sv_myzone
iface sv_myzone
ovs_type OVSIntPort
@@ -21,7 +31,7 @@ iface vmbr0
auto z_myzone
iface z_myzone
bridge-stp off
- bridge-ports sv_myzone
+ bridge-ports sv_myzone ln_myzone
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
diff --git a/test/zones/qinq/ovs_vlanprotocol/expected_sdn_interfaces b/test/zones/qinq/ovs_vlanprotocol/expected_sdn_interfaces
index 10b59f8..aeefec9 100644
--- a/test/zones/qinq/ovs_vlanprotocol/expected_sdn_interfaces
+++ b/test/zones/qinq/ovs_vlanprotocol/expected_sdn_interfaces
@@ -1,11 +1,21 @@
#version:1
+auto ln_myzone
+iface ln_myzone
+ link-type veth
+ veth-peer-name pr_myzone
+
auto myvnet
iface myvnet
bridge_ports z_myzone.100
bridge_stp off
bridge_fd 0
+auto pr_myzone
+iface pr_myzone
+ link-type veth
+ veth-peer-name ln_myzone
+
auto sv_myzone
iface sv_myzone
ovs_type OVSIntPort
@@ -19,7 +29,7 @@ iface vmbr0
auto z_myzone
iface z_myzone
bridge-stp off
- bridge-ports sv_myzone
+ bridge-ports sv_myzone ln_myzone
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
--
2.20.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* [pve-devel] applied: [PATCH pve-network] zone: qinq: add vnet without tag support
2021-04-29 21:00 [pve-devel] [PATCH pve-network] zone: qinq: add vnet without tag support Alexandre Derumier
@ 2021-05-05 6:26 ` Thomas Lamprecht
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2021-05-05 6:26 UTC (permalink / raw)
To: Proxmox VE development discussion, Alexandre Derumier
On 29.04.21 23:00, Alexandre Derumier wrote:
> some user want to be able to define a vnet without vlan,
> so at qinq zone level, to be able to see traffic from others vnets of this
> qinq zone.
> Some example of usage is a inter-vnet firewall/gateway vm.
>
> Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
> ---
> PVE/Network/SDN/Zones/QinQPlugin.pm | 97 +++++++++----------
> .../zones/qinq/bridge/expected_sdn_interfaces | 53 +++++++---
> .../bridge_notagvnet/expected_sdn_interfaces | 36 +++++++
> test/zones/qinq/bridge_notagvnet/interfaces | 5 +
> test/zones/qinq/bridge_notagvnet/sdn_config | 14 +++
> .../bridge_vlanaware/expected_sdn_interfaces | 24 ++++-
> .../expected_sdn_interfaces | 27 ++++++
> .../bridge_vlanaware_notagvnet/interfaces | 7 ++
> .../bridge_vlanaware_notagvnet/sdn_config | 11 +++
> .../expected_sdn_interfaces | 12 ++-
> .../expected_sdn_interfaces | 12 ++-
> .../expected_sdn_interfaces | 23 ++++-
> .../expected_sdn_interfaces | 23 ++++-
> test/zones/qinq/ovs/expected_sdn_interfaces | 24 ++++-
> .../ovs_notagvnet/expected_sdn_interfaces | 37 +++++++
> test/zones/qinq/ovs_notagvnet/interfaces | 9 ++
> test/zones/qinq/ovs_notagvnet/sdn_config | 11 +++
> .../ovs_vlanawarevnet/expected_sdn_interfaces | 12 ++-
> .../ovs_vlanprotocol/expected_sdn_interfaces | 12 ++-
> 19 files changed, 366 insertions(+), 83 deletions(-)
> create mode 100644 test/zones/qinq/bridge_notagvnet/expected_sdn_interfaces
> create mode 100644 test/zones/qinq/bridge_notagvnet/interfaces
> create mode 100644 test/zones/qinq/bridge_notagvnet/sdn_config
> create mode 100644 test/zones/qinq/bridge_vlanaware_notagvnet/expected_sdn_interfaces
> create mode 100644 test/zones/qinq/bridge_vlanaware_notagvnet/interfaces
> create mode 100644 test/zones/qinq/bridge_vlanaware_notagvnet/sdn_config
> create mode 100644 test/zones/qinq/ovs_notagvnet/expected_sdn_interfaces
> create mode 100644 test/zones/qinq/ovs_notagvnet/interfaces
> create mode 100644 test/zones/qinq/ovs_notagvnet/sdn_config
applied, thanks!
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-05-05 6:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-29 21:00 [pve-devel] [PATCH pve-network] zone: qinq: add vnet without tag support Alexandre Derumier
2021-05-05 6:26 ` [pve-devel] applied: " Thomas Lamprecht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox