public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
* [pve-devel] [PATCH pve-network] zone: qinq: add vnet without tag support
@ 2021-04-29 21:00 Alexandre Derumier
  2021-05-05  6:26 ` [pve-devel] applied: " Thomas Lamprecht
  0 siblings, 1 reply; 2+ messages in thread
From: Alexandre Derumier @ 2021-04-29 21:00 UTC (permalink / raw)
  To: pve-devel

some user want to be able to define a vnet without vlan,
so at qinq zone level, to be able to see traffic from others vnets of this
qinq zone.
Some example of usage is a inter-vnet firewall/gateway vm.

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 PVE/Network/SDN/Zones/QinQPlugin.pm           | 97 +++++++++----------
 .../zones/qinq/bridge/expected_sdn_interfaces | 53 +++++++---
 .../bridge_notagvnet/expected_sdn_interfaces  | 36 +++++++
 test/zones/qinq/bridge_notagvnet/interfaces   |  5 +
 test/zones/qinq/bridge_notagvnet/sdn_config   | 14 +++
 .../bridge_vlanaware/expected_sdn_interfaces  | 24 ++++-
 .../expected_sdn_interfaces                   | 27 ++++++
 .../bridge_vlanaware_notagvnet/interfaces     |  7 ++
 .../bridge_vlanaware_notagvnet/sdn_config     | 11 +++
 .../expected_sdn_interfaces                   | 12 ++-
 .../expected_sdn_interfaces                   | 12 ++-
 .../expected_sdn_interfaces                   | 23 ++++-
 .../expected_sdn_interfaces                   | 23 ++++-
 test/zones/qinq/ovs/expected_sdn_interfaces   | 24 ++++-
 .../ovs_notagvnet/expected_sdn_interfaces     | 37 +++++++
 test/zones/qinq/ovs_notagvnet/interfaces      |  9 ++
 test/zones/qinq/ovs_notagvnet/sdn_config      | 11 +++
 .../ovs_vlanawarevnet/expected_sdn_interfaces | 12 ++-
 .../ovs_vlanprotocol/expected_sdn_interfaces  | 12 ++-
 19 files changed, 366 insertions(+), 83 deletions(-)
 create mode 100644 test/zones/qinq/bridge_notagvnet/expected_sdn_interfaces
 create mode 100644 test/zones/qinq/bridge_notagvnet/interfaces
 create mode 100644 test/zones/qinq/bridge_notagvnet/sdn_config
 create mode 100644 test/zones/qinq/bridge_vlanaware_notagvnet/expected_sdn_interfaces
 create mode 100644 test/zones/qinq/bridge_vlanaware_notagvnet/interfaces
 create mode 100644 test/zones/qinq/bridge_vlanaware_notagvnet/sdn_config
 create mode 100644 test/zones/qinq/ovs_notagvnet/expected_sdn_interfaces
 create mode 100644 test/zones/qinq/ovs_notagvnet/interfaces
 create mode 100644 test/zones/qinq/ovs_notagvnet/sdn_config

diff --git a/PVE/Network/SDN/Zones/QinQPlugin.pm b/PVE/Network/SDN/Zones/QinQPlugin.pm
index c5016f5..8282e35 100644
--- a/PVE/Network/SDN/Zones/QinQPlugin.pm
+++ b/PVE/Network/SDN/Zones/QinQPlugin.pm
@@ -65,6 +65,16 @@ sub generate_sdn_config {
 
     my @iface_config = ();
     my $vnet_bridge_ports = "";
+    my $zone_bridge_ports = "";
+    my $zone_notag_uplink = "ln_".$zoneid;
+    my $zone_notag_uplinkpeer = "pr_".$zoneid;
+    my $zone = "z_$zoneid";
+
+    if($ctag) {
+	$vnet_bridge_ports = "$zone.$ctag";
+    } else {
+	$vnet_bridge_ports = $zone_notag_uplinkpeer;
+    }
 
     if($is_ovs) {
 
@@ -72,7 +82,6 @@ sub generate_sdn_config {
 
 	$vlanprotocol = "802.1q" if !$vlanprotocol;
 	my $svlan_iface = "sv_".$zoneid;
-	my $zone = "z_$zoneid";
 
 	#ovs dot1q-tunnel port
 	@iface_config = ();
@@ -87,45 +96,23 @@ sub generate_sdn_config {
 	my @ovs_ports = split / / , @{$config->{$bridge}}[0];
 	@{$config->{$bridge}}[0] .= " $svlan_iface" if !grep( $_ eq $svlan_iface, @ovs_ports );
 
-	#zone vlan aware bridge
-	@iface_config = ();
-	push @iface_config, "mtu $mtu" if $mtu;
-	push @iface_config, "bridge-stp off";
-	push @iface_config, "bridge-ports $svlan_iface";
-	push @iface_config, "bridge-fd 0";
-	push @iface_config, "bridge-vlan-aware yes";
-	push @iface_config, "bridge-vids 2-4094";
-	push(@{$config->{$zone}}, @iface_config) if !$config->{$zone};
-
-	$vnet_bridge_ports = "$zone.$ctag";
+	$zone_bridge_ports = $svlan_iface;
 
     } elsif ($vlan_aware) {
 
         #vlanawarebrige-(tag)----->vlanwarebridge-(tag)----->vnet
 
-	my $zone = "z_$zoneid";
-
 	if($vlanprotocol) {
 	    @iface_config = ();
 	    push @iface_config, "bridge-vlan-protocol $vlanprotocol";
 	    push(@{$config->{$bridge}}, @iface_config) if !$config->{$bridge};
 	}
 
-	#zone vlan bridge
-	@iface_config = ();
-	push @iface_config, "mtu $mtu" if $mtu;
-	push @iface_config, "bridge-stp off";
-	push @iface_config, "bridge-ports $bridge.$stag";
-	push @iface_config, "bridge-fd 0";
-	push @iface_config, "bridge-vlan-aware yes";
-	push @iface_config, "bridge-vids 2-4094";
-	push(@{$config->{$zone}}, @iface_config) if !$config->{$zone};
-
-	$vnet_bridge_ports = "$zone.$ctag";
+	$zone_bridge_ports = "$bridge.$stag";
 
     } else {
 
-	#eth--->eth.x(svlan)--->eth.x.y(cvlan)---->vnet
+	#eth--->eth.x(svlan)----->vlanwarebridge-(tag)----->vnet---->vnet
 
 	my @bridge_ifaces = PVE::Network::SDN::Zones::Plugin::get_bridge_ifaces($bridge);
 
@@ -133,7 +120,6 @@ sub generate_sdn_config {
 
 	    # use named vlan interface to avoid too long names
 	    my $svlan_iface = "sv_$zoneid";
-	    my $cvlan_iface = "cv_$vnetid";
 
 	    #svlan
 	    @iface_config = ();
@@ -142,16 +128,32 @@ sub generate_sdn_config {
 	    push @iface_config, "vlan-protocol $vlanprotocol" if $vlanprotocol;
 	    push(@{$config->{$svlan_iface}}, @iface_config) if !$config->{$svlan_iface};
 
-	    #cvlan
-	    @iface_config = ();
-	    push @iface_config, "vlan-raw-device $svlan_iface";
-	    push @iface_config, "vlan-id $ctag";
-	    push(@{$config->{$cvlan_iface}}, @iface_config) if !$config->{$cvlan_iface};
-
-	    $vnet_bridge_ports .= " $cvlan_iface";
+	    $zone_bridge_ports = $svlan_iface;
+	    last;
         }
    }
 
+    #veth peer for notag vnet
+    @iface_config = ();
+    push @iface_config, "link-type veth";
+    push @iface_config, "veth-peer-name $zone_notag_uplinkpeer";
+    push(@{$config->{$zone_notag_uplink}}, @iface_config) if !$config->{$zone_notag_uplink};
+
+    @iface_config = ();
+    push @iface_config, "link-type veth";
+    push @iface_config, "veth-peer-name $zone_notag_uplink";
+    push(@{$config->{$zone_notag_uplinkpeer}}, @iface_config) if !$config->{$zone_notag_uplinkpeer};
+
+    #zone vlan aware bridge
+    @iface_config = ();
+    push @iface_config, "mtu $mtu" if $mtu;
+    push @iface_config, "bridge-stp off";
+    push @iface_config, "bridge-ports $zone_bridge_ports $zone_notag_uplink";
+    push @iface_config, "bridge-fd 0";
+    push @iface_config, "bridge-vlan-aware yes";
+    push @iface_config, "bridge-vids 2-4094";
+    push(@{$config->{$zone}}, @iface_config) if !$config->{$zone};
+
     #vnet bridge
     @iface_config = ();
     push @iface_config, "bridge_ports $vnet_bridge_ports";
@@ -179,27 +181,24 @@ sub status {
     }
 
     my $vlan_aware = PVE::Network::SDN::Zones::Plugin::is_vlanaware($bridge);
-    my $is_ovs = PVE::Network::SDN::Zones::Plugin::is_ovs($bridge);
 
     my $tag = $vnet->{tag};
     my $vnet_uplink = "ln_".$vnetid;
     my $vnet_uplinkpeer = "pr_".$vnetid;
+    my $zone_notag_uplink = "ln_".$zone;
+    my $zone_notag_uplinkpeer = "pr_".$zone;
+    my $zonebridge = "z_$zone";
 
     # ifaces to check
     my $ifaces = [ $vnetid, $bridge ];
-    if($is_ovs) {
-	my $svlan_iface = "sv_".$zone;
-	my $zonebridge = "z_$zone";
-	push @$ifaces, $svlan_iface;
-	push @$ifaces, $zonebridge;
-    } elsif ($vlan_aware) {
-	my $zonebridge = "z_$zone";
-	push @$ifaces, $zonebridge;
-    } else {
-	my $svlan_iface = "sv_$vnetid";
-	my $cvlan_iface = "cv_$vnetid";
+
+    push @$ifaces, $zonebridge;
+    push @$ifaces, $zone_notag_uplink;
+    push @$ifaces, $zone_notag_uplinkpeer;
+
+    if (!$vlan_aware) {
+	my $svlan_iface = "sv_$zone";
 	push @$ifaces, $svlan_iface;
-	push @$ifaces, $cvlan_iface;
     }
 
     foreach my $iface (@{$ifaces}) {
@@ -218,8 +217,7 @@ sub vnet_update_hook {
     my $vnet = $vnet_cfg->{ids}->{$vnetid};
     my $tag = $vnet->{tag};
 
-    raise_param_exc({ tag => "missing vlan tag"}) if !defined($vnet->{tag});
-    raise_param_exc({ tag => "vlan tag max value is 4096"}) if $vnet->{tag} > 4096;
+    raise_param_exc({ tag => "vlan tag max value is 4096"}) if $tag && $tag > 4096;
 
     # verify that tag is not already defined in another vnet on same zone
     foreach my $id (keys %{$vnet_cfg->{ids}}) {
@@ -228,6 +226,7 @@ sub vnet_update_hook {
 	my $other_tag = $othervnet->{tag};
 	next if $vnet->{zone} ne $othervnet->{zone};
         raise_param_exc({ tag => "tag $tag already exist in vnet $id"}) if $other_tag && $tag eq $other_tag;
+	raise_param_exc({ tag => "vnet $id without tag already exist in this zone"}) if !$other_tag && !$tag;
     }
 }
 
diff --git a/test/zones/qinq/bridge/expected_sdn_interfaces b/test/zones/qinq/bridge/expected_sdn_interfaces
index 91ef667..58a0e23 100644
--- a/test/zones/qinq/bridge/expected_sdn_interfaces
+++ b/test/zones/qinq/bridge/expected_sdn_interfaces
@@ -1,38 +1,43 @@
 #version:1
 
-auto cv_myvnet
-iface cv_myvnet
-	vlan-raw-device sv_myzone
-	vlan-id 100
+auto ln_myzone
+iface ln_myzone
+	link-type veth
+	veth-peer-name pr_myzone
 
-auto cv_myvnet2
-iface cv_myvnet2
-	vlan-raw-device sv_myzone
-	vlan-id 101
-
-auto cv_myvnet3
-iface cv_myvnet3
-	vlan-raw-device sv_myzone2
-	vlan-id 100
+auto ln_myzone2
+iface ln_myzone2
+	link-type veth
+	veth-peer-name pr_myzone2
 
 auto myvnet
 iface myvnet
-	bridge_ports  cv_myvnet
+	bridge_ports z_myzone.100
 	bridge_stp off
 	bridge_fd 0
 
 auto myvnet2
 iface myvnet2
-	bridge_ports  cv_myvnet2
+	bridge_ports z_myzone.101
 	bridge_stp off
 	bridge_fd 0
 
 auto myvnet3
 iface myvnet3
-	bridge_ports  cv_myvnet3
+	bridge_ports z_myzone2.100
 	bridge_stp off
 	bridge_fd 0
 
+auto pr_myzone
+iface pr_myzone
+	link-type veth
+	veth-peer-name ln_myzone
+
+auto pr_myzone2
+iface pr_myzone2
+	link-type veth
+	veth-peer-name ln_myzone2
+
 auto sv_myzone
 iface sv_myzone
 	vlan-raw-device eth0
@@ -42,3 +47,19 @@ auto sv_myzone2
 iface sv_myzone2
 	vlan-raw-device eth0
 	vlan-id 20
+
+auto z_myzone
+iface z_myzone
+	bridge-stp off
+	bridge-ports sv_myzone ln_myzone
+	bridge-fd 0
+	bridge-vlan-aware yes
+	bridge-vids 2-4094
+
+auto z_myzone2
+iface z_myzone2
+	bridge-stp off
+	bridge-ports sv_myzone2 ln_myzone2
+	bridge-fd 0
+	bridge-vlan-aware yes
+	bridge-vids 2-4094
diff --git a/test/zones/qinq/bridge_notagvnet/expected_sdn_interfaces b/test/zones/qinq/bridge_notagvnet/expected_sdn_interfaces
new file mode 100644
index 0000000..cfa43a2
--- /dev/null
+++ b/test/zones/qinq/bridge_notagvnet/expected_sdn_interfaces
@@ -0,0 +1,36 @@
+#version:1
+
+auto ln_myzone
+iface ln_myzone
+	link-type veth
+	veth-peer-name pr_myzone
+
+auto myvnet
+iface myvnet
+	bridge_ports z_myzone.100
+	bridge_stp off
+	bridge_fd 0
+
+auto myvnet2
+iface myvnet2
+	bridge_ports pr_myzone
+	bridge_stp off
+	bridge_fd 0
+
+auto pr_myzone
+iface pr_myzone
+	link-type veth
+	veth-peer-name ln_myzone
+
+auto sv_myzone
+iface sv_myzone
+	vlan-raw-device eth0
+	vlan-id 10
+
+auto z_myzone
+iface z_myzone
+	bridge-stp off
+	bridge-ports sv_myzone ln_myzone
+	bridge-fd 0
+	bridge-vlan-aware yes
+	bridge-vids 2-4094
diff --git a/test/zones/qinq/bridge_notagvnet/interfaces b/test/zones/qinq/bridge_notagvnet/interfaces
new file mode 100644
index 0000000..68b6a88
--- /dev/null
+++ b/test/zones/qinq/bridge_notagvnet/interfaces
@@ -0,0 +1,5 @@
+auto vmbr0
+iface vmbr0 inet manual
+        bridge-ports eth0
+        bridge-stp off
+        bridge-fd 0
diff --git a/test/zones/qinq/bridge_notagvnet/sdn_config b/test/zones/qinq/bridge_notagvnet/sdn_config
new file mode 100644
index 0000000..1b1938a
--- /dev/null
+++ b/test/zones/qinq/bridge_notagvnet/sdn_config
@@ -0,0 +1,14 @@
+{
+  version => 1,
+  vnets   => {
+               ids => {
+                        myvnet => { tag => 100, type => "vnet", zone => "myzone" },
+                        myvnet2 => { type => "vnet", zone => "myzone" },
+                      },
+             },
+  zones   => {
+               ids => { 
+			myzone => { bridge => "vmbr0", tag => 10, ipam => "pve", type => "qinq" },
+		      },
+             },
+}
diff --git a/test/zones/qinq/bridge_vlanaware/expected_sdn_interfaces b/test/zones/qinq/bridge_vlanaware/expected_sdn_interfaces
index 7eefce1..c325dec 100644
--- a/test/zones/qinq/bridge_vlanaware/expected_sdn_interfaces
+++ b/test/zones/qinq/bridge_vlanaware/expected_sdn_interfaces
@@ -1,5 +1,15 @@
 #version:1
 
+auto ln_myzone
+iface ln_myzone
+	link-type veth
+	veth-peer-name pr_myzone
+
+auto ln_myzone2
+iface ln_myzone2
+	link-type veth
+	veth-peer-name pr_myzone2
+
 auto myvnet
 iface myvnet
 	bridge_ports z_myzone.100
@@ -18,10 +28,20 @@ iface myvnet3
 	bridge_stp off
 	bridge_fd 0
 
+auto pr_myzone
+iface pr_myzone
+	link-type veth
+	veth-peer-name ln_myzone
+
+auto pr_myzone2
+iface pr_myzone2
+	link-type veth
+	veth-peer-name ln_myzone2
+
 auto z_myzone
 iface z_myzone
 	bridge-stp off
-	bridge-ports vmbr0.10
+	bridge-ports vmbr0.10 ln_myzone
 	bridge-fd 0
 	bridge-vlan-aware yes
 	bridge-vids 2-4094
@@ -29,7 +49,7 @@ iface z_myzone
 auto z_myzone2
 iface z_myzone2
 	bridge-stp off
-	bridge-ports vmbr0.20
+	bridge-ports vmbr0.20 ln_myzone2
 	bridge-fd 0
 	bridge-vlan-aware yes
 	bridge-vids 2-4094
diff --git a/test/zones/qinq/bridge_vlanaware_notagvnet/expected_sdn_interfaces b/test/zones/qinq/bridge_vlanaware_notagvnet/expected_sdn_interfaces
new file mode 100644
index 0000000..cd87a3a
--- /dev/null
+++ b/test/zones/qinq/bridge_vlanaware_notagvnet/expected_sdn_interfaces
@@ -0,0 +1,27 @@
+#version:1
+
+auto ln_myzone
+iface ln_myzone
+	link-type veth
+	veth-peer-name pr_myzone
+
+auto myvnet
+iface myvnet
+	bridge_ports pr_myzone
+	bridge_stp off
+	bridge_fd 0
+	bridge-vlan-aware yes
+	bridge-vids 2-4094
+
+auto pr_myzone
+iface pr_myzone
+	link-type veth
+	veth-peer-name ln_myzone
+
+auto z_myzone
+iface z_myzone
+	bridge-stp off
+	bridge-ports vmbr0.10 ln_myzone
+	bridge-fd 0
+	bridge-vlan-aware yes
+	bridge-vids 2-4094
diff --git a/test/zones/qinq/bridge_vlanaware_notagvnet/interfaces b/test/zones/qinq/bridge_vlanaware_notagvnet/interfaces
new file mode 100644
index 0000000..cfdfafe
--- /dev/null
+++ b/test/zones/qinq/bridge_vlanaware_notagvnet/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet manual
+        bridge-ports eth0
+        bridge-stp off
+        bridge-fd 0
+	bridge-vids 2-4094
+	bridge-vlan-aware 1
diff --git a/test/zones/qinq/bridge_vlanaware_notagvnet/sdn_config b/test/zones/qinq/bridge_vlanaware_notagvnet/sdn_config
new file mode 100644
index 0000000..2382f4d
--- /dev/null
+++ b/test/zones/qinq/bridge_vlanaware_notagvnet/sdn_config
@@ -0,0 +1,11 @@
+{
+  version => 1,
+  vnets   => {
+               ids => {
+                        myvnet => { type => "vnet", vlanaware => "1", zone => "myzone" },
+                      },
+             },
+  zones   => {
+               ids => { myzone => { bridge => "vmbr0", tag => 10, ipam => "pve", type => "qinq" } },
+             },
+}
diff --git a/test/zones/qinq/bridge_vlanaware_vlanawarevnet/expected_sdn_interfaces b/test/zones/qinq/bridge_vlanaware_vlanawarevnet/expected_sdn_interfaces
index 373eff2..28d215b 100644
--- a/test/zones/qinq/bridge_vlanaware_vlanawarevnet/expected_sdn_interfaces
+++ b/test/zones/qinq/bridge_vlanaware_vlanawarevnet/expected_sdn_interfaces
@@ -1,5 +1,10 @@
 #version:1
 
+auto ln_myzone
+iface ln_myzone
+	link-type veth
+	veth-peer-name pr_myzone
+
 auto myvnet
 iface myvnet
 	bridge_ports z_myzone.100
@@ -8,10 +13,15 @@ iface myvnet
 	bridge-vlan-aware yes
 	bridge-vids 2-4094
 
+auto pr_myzone
+iface pr_myzone
+	link-type veth
+	veth-peer-name ln_myzone
+
 auto z_myzone
 iface z_myzone
 	bridge-stp off
-	bridge-ports vmbr0.10
+	bridge-ports vmbr0.10 ln_myzone
 	bridge-fd 0
 	bridge-vlan-aware yes
 	bridge-vids 2-4094
diff --git a/test/zones/qinq/bridge_vlanaware_vlanprotocol/expected_sdn_interfaces b/test/zones/qinq/bridge_vlanaware_vlanprotocol/expected_sdn_interfaces
index 6bf2b12..0bc301b 100644
--- a/test/zones/qinq/bridge_vlanaware_vlanprotocol/expected_sdn_interfaces
+++ b/test/zones/qinq/bridge_vlanaware_vlanprotocol/expected_sdn_interfaces
@@ -1,11 +1,21 @@
 #version:1
 
+auto ln_myzone
+iface ln_myzone
+	link-type veth
+	veth-peer-name pr_myzone
+
 auto myvnet
 iface myvnet
 	bridge_ports z_myzone.100
 	bridge_stp off
 	bridge_fd 0
 
+auto pr_myzone
+iface pr_myzone
+	link-type veth
+	veth-peer-name ln_myzone
+
 auto vmbr0
 iface vmbr0
 	bridge-vlan-protocol 802.1ad
@@ -13,7 +23,7 @@ iface vmbr0
 auto z_myzone
 iface z_myzone
 	bridge-stp off
-	bridge-ports vmbr0.10
+	bridge-ports vmbr0.10 ln_myzone
 	bridge-fd 0
 	bridge-vlan-aware yes
 	bridge-vids 2-4094
diff --git a/test/zones/qinq/bridge_vlanawarevnet/expected_sdn_interfaces b/test/zones/qinq/bridge_vlanawarevnet/expected_sdn_interfaces
index 59265fd..bde23d9 100644
--- a/test/zones/qinq/bridge_vlanawarevnet/expected_sdn_interfaces
+++ b/test/zones/qinq/bridge_vlanawarevnet/expected_sdn_interfaces
@@ -1,19 +1,32 @@
 #version:1
 
-auto cv_myvnet
-iface cv_myvnet
-	vlan-raw-device sv_myzone
-	vlan-id 100
+auto ln_myzone
+iface ln_myzone
+	link-type veth
+	veth-peer-name pr_myzone
 
 auto myvnet
 iface myvnet
-	bridge_ports  cv_myvnet
+	bridge_ports z_myzone.100
 	bridge_stp off
 	bridge_fd 0
 	bridge-vlan-aware yes
 	bridge-vids 2-4094
 
+auto pr_myzone
+iface pr_myzone
+	link-type veth
+	veth-peer-name ln_myzone
+
 auto sv_myzone
 iface sv_myzone
 	vlan-raw-device eth0
 	vlan-id 10
+
+auto z_myzone
+iface z_myzone
+	bridge-stp off
+	bridge-ports sv_myzone ln_myzone
+	bridge-fd 0
+	bridge-vlan-aware yes
+	bridge-vids 2-4094
diff --git a/test/zones/qinq/bridge_vlanprotocol/expected_sdn_interfaces b/test/zones/qinq/bridge_vlanprotocol/expected_sdn_interfaces
index 528ceaa..6b59164 100644
--- a/test/zones/qinq/bridge_vlanprotocol/expected_sdn_interfaces
+++ b/test/zones/qinq/bridge_vlanprotocol/expected_sdn_interfaces
@@ -1,18 +1,31 @@
 #version:1
 
-auto cv_myvnet
-iface cv_myvnet
-	vlan-raw-device sv_myzone
-	vlan-id 100
+auto ln_myzone
+iface ln_myzone
+	link-type veth
+	veth-peer-name pr_myzone
 
 auto myvnet
 iface myvnet
-	bridge_ports  cv_myvnet
+	bridge_ports z_myzone.100
 	bridge_stp off
 	bridge_fd 0
 
+auto pr_myzone
+iface pr_myzone
+	link-type veth
+	veth-peer-name ln_myzone
+
 auto sv_myzone
 iface sv_myzone
 	vlan-raw-device eth0
 	vlan-id 10
 	vlan-protocol 802.1ad
+
+auto z_myzone
+iface z_myzone
+	bridge-stp off
+	bridge-ports sv_myzone ln_myzone
+	bridge-fd 0
+	bridge-vlan-aware yes
+	bridge-vids 2-4094
diff --git a/test/zones/qinq/ovs/expected_sdn_interfaces b/test/zones/qinq/ovs/expected_sdn_interfaces
index 068ae7d..d25b2a8 100644
--- a/test/zones/qinq/ovs/expected_sdn_interfaces
+++ b/test/zones/qinq/ovs/expected_sdn_interfaces
@@ -1,5 +1,15 @@
 #version:1
 
+auto ln_myzone
+iface ln_myzone
+	link-type veth
+	veth-peer-name pr_myzone
+
+auto ln_myzone2
+iface ln_myzone2
+	link-type veth
+	veth-peer-name pr_myzone2
+
 auto myvnet
 iface myvnet
 	bridge_ports z_myzone.100
@@ -18,6 +28,16 @@ iface myvnet3
 	bridge_stp off
 	bridge_fd 0
 
+auto pr_myzone
+iface pr_myzone
+	link-type veth
+	veth-peer-name ln_myzone
+
+auto pr_myzone2
+iface pr_myzone2
+	link-type veth
+	veth-peer-name ln_myzone2
+
 auto sv_myzone
 iface sv_myzone
 	ovs_type OVSIntPort
@@ -37,7 +57,7 @@ iface vmbr0
 auto z_myzone
 iface z_myzone
 	bridge-stp off
-	bridge-ports sv_myzone
+	bridge-ports sv_myzone ln_myzone
 	bridge-fd 0
 	bridge-vlan-aware yes
 	bridge-vids 2-4094
@@ -45,7 +65,7 @@ iface z_myzone
 auto z_myzone2
 iface z_myzone2
 	bridge-stp off
-	bridge-ports sv_myzone2
+	bridge-ports sv_myzone2 ln_myzone2
 	bridge-fd 0
 	bridge-vlan-aware yes
 	bridge-vids 2-4094
diff --git a/test/zones/qinq/ovs_notagvnet/expected_sdn_interfaces b/test/zones/qinq/ovs_notagvnet/expected_sdn_interfaces
new file mode 100644
index 0000000..5f47b28
--- /dev/null
+++ b/test/zones/qinq/ovs_notagvnet/expected_sdn_interfaces
@@ -0,0 +1,37 @@
+#version:1
+
+auto ln_myzone
+iface ln_myzone
+	link-type veth
+	veth-peer-name pr_myzone
+
+auto myvnet
+iface myvnet
+	bridge_ports pr_myzone
+	bridge_stp off
+	bridge_fd 0
+	bridge-vlan-aware yes
+	bridge-vids 2-4094
+
+auto pr_myzone
+iface pr_myzone
+	link-type veth
+	veth-peer-name ln_myzone
+
+auto sv_myzone
+iface sv_myzone
+	ovs_type OVSIntPort
+	ovs_bridge vmbr0
+	ovs_options vlan_mode=dot1q-tunnel tag=10 other_config:qinq-ethtype=802.1q
+
+auto vmbr0
+iface vmbr0
+	ovs_ports sv_myzone
+
+auto z_myzone
+iface z_myzone
+	bridge-stp off
+	bridge-ports sv_myzone ln_myzone
+	bridge-fd 0
+	bridge-vlan-aware yes
+	bridge-vids 2-4094
diff --git a/test/zones/qinq/ovs_notagvnet/interfaces b/test/zones/qinq/ovs_notagvnet/interfaces
new file mode 100644
index 0000000..14d2f1e
--- /dev/null
+++ b/test/zones/qinq/ovs_notagvnet/interfaces
@@ -0,0 +1,9 @@
+auto eth0
+iface eth0 inet manual
+        ovs_type OVSPort
+        ovs_bridge vmbr0
+
+auto vmbr0
+iface vmbr0 inet manual
+        ovs_type OVSBridge
+        ovs_ports eth0
diff --git a/test/zones/qinq/ovs_notagvnet/sdn_config b/test/zones/qinq/ovs_notagvnet/sdn_config
new file mode 100644
index 0000000..2382f4d
--- /dev/null
+++ b/test/zones/qinq/ovs_notagvnet/sdn_config
@@ -0,0 +1,11 @@
+{
+  version => 1,
+  vnets   => {
+               ids => {
+                        myvnet => { type => "vnet", vlanaware => "1", zone => "myzone" },
+                      },
+             },
+  zones   => {
+               ids => { myzone => { bridge => "vmbr0", tag => 10, ipam => "pve", type => "qinq" } },
+             },
+}
diff --git a/test/zones/qinq/ovs_vlanawarevnet/expected_sdn_interfaces b/test/zones/qinq/ovs_vlanawarevnet/expected_sdn_interfaces
index cf87ad1..d69d38c 100644
--- a/test/zones/qinq/ovs_vlanawarevnet/expected_sdn_interfaces
+++ b/test/zones/qinq/ovs_vlanawarevnet/expected_sdn_interfaces
@@ -1,5 +1,10 @@
 #version:1
 
+auto ln_myzone
+iface ln_myzone
+	link-type veth
+	veth-peer-name pr_myzone
+
 auto myvnet
 iface myvnet
 	bridge_ports z_myzone.100
@@ -8,6 +13,11 @@ iface myvnet
 	bridge-vlan-aware yes
 	bridge-vids 2-4094
 
+auto pr_myzone
+iface pr_myzone
+	link-type veth
+	veth-peer-name ln_myzone
+
 auto sv_myzone
 iface sv_myzone
 	ovs_type OVSIntPort
@@ -21,7 +31,7 @@ iface vmbr0
 auto z_myzone
 iface z_myzone
 	bridge-stp off
-	bridge-ports sv_myzone
+	bridge-ports sv_myzone ln_myzone
 	bridge-fd 0
 	bridge-vlan-aware yes
 	bridge-vids 2-4094
diff --git a/test/zones/qinq/ovs_vlanprotocol/expected_sdn_interfaces b/test/zones/qinq/ovs_vlanprotocol/expected_sdn_interfaces
index 10b59f8..aeefec9 100644
--- a/test/zones/qinq/ovs_vlanprotocol/expected_sdn_interfaces
+++ b/test/zones/qinq/ovs_vlanprotocol/expected_sdn_interfaces
@@ -1,11 +1,21 @@
 #version:1
 
+auto ln_myzone
+iface ln_myzone
+	link-type veth
+	veth-peer-name pr_myzone
+
 auto myvnet
 iface myvnet
 	bridge_ports z_myzone.100
 	bridge_stp off
 	bridge_fd 0
 
+auto pr_myzone
+iface pr_myzone
+	link-type veth
+	veth-peer-name ln_myzone
+
 auto sv_myzone
 iface sv_myzone
 	ovs_type OVSIntPort
@@ -19,7 +29,7 @@ iface vmbr0
 auto z_myzone
 iface z_myzone
 	bridge-stp off
-	bridge-ports sv_myzone
+	bridge-ports sv_myzone ln_myzone
 	bridge-fd 0
 	bridge-vlan-aware yes
 	bridge-vids 2-4094
-- 
2.20.1




^ permalink raw reply	[flat|nested] 2+ messages in thread

* [pve-devel] applied: [PATCH pve-network] zone: qinq: add vnet without tag support
  2021-04-29 21:00 [pve-devel] [PATCH pve-network] zone: qinq: add vnet without tag support Alexandre Derumier
@ 2021-05-05  6:26 ` Thomas Lamprecht
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2021-05-05  6:26 UTC (permalink / raw)
  To: Proxmox VE development discussion, Alexandre Derumier

On 29.04.21 23:00, Alexandre Derumier wrote:
> some user want to be able to define a vnet without vlan,
> so at qinq zone level, to be able to see traffic from others vnets of this
> qinq zone.
> Some example of usage is a inter-vnet firewall/gateway vm.
> 
> Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
> ---
>  PVE/Network/SDN/Zones/QinQPlugin.pm           | 97 +++++++++----------
>  .../zones/qinq/bridge/expected_sdn_interfaces | 53 +++++++---
>  .../bridge_notagvnet/expected_sdn_interfaces  | 36 +++++++
>  test/zones/qinq/bridge_notagvnet/interfaces   |  5 +
>  test/zones/qinq/bridge_notagvnet/sdn_config   | 14 +++
>  .../bridge_vlanaware/expected_sdn_interfaces  | 24 ++++-
>  .../expected_sdn_interfaces                   | 27 ++++++
>  .../bridge_vlanaware_notagvnet/interfaces     |  7 ++
>  .../bridge_vlanaware_notagvnet/sdn_config     | 11 +++
>  .../expected_sdn_interfaces                   | 12 ++-
>  .../expected_sdn_interfaces                   | 12 ++-
>  .../expected_sdn_interfaces                   | 23 ++++-
>  .../expected_sdn_interfaces                   | 23 ++++-
>  test/zones/qinq/ovs/expected_sdn_interfaces   | 24 ++++-
>  .../ovs_notagvnet/expected_sdn_interfaces     | 37 +++++++
>  test/zones/qinq/ovs_notagvnet/interfaces      |  9 ++
>  test/zones/qinq/ovs_notagvnet/sdn_config      | 11 +++
>  .../ovs_vlanawarevnet/expected_sdn_interfaces | 12 ++-
>  .../ovs_vlanprotocol/expected_sdn_interfaces  | 12 ++-
>  19 files changed, 366 insertions(+), 83 deletions(-)
>  create mode 100644 test/zones/qinq/bridge_notagvnet/expected_sdn_interfaces
>  create mode 100644 test/zones/qinq/bridge_notagvnet/interfaces
>  create mode 100644 test/zones/qinq/bridge_notagvnet/sdn_config
>  create mode 100644 test/zones/qinq/bridge_vlanaware_notagvnet/expected_sdn_interfaces
>  create mode 100644 test/zones/qinq/bridge_vlanaware_notagvnet/interfaces
>  create mode 100644 test/zones/qinq/bridge_vlanaware_notagvnet/sdn_config
>  create mode 100644 test/zones/qinq/ovs_notagvnet/expected_sdn_interfaces
>  create mode 100644 test/zones/qinq/ovs_notagvnet/interfaces
>  create mode 100644 test/zones/qinq/ovs_notagvnet/sdn_config

applied, thanks!




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-05-05  6:26 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-29 21:00 [pve-devel] [PATCH pve-network] zone: qinq: add vnet without tag support Alexandre Derumier
2021-05-05  6:26 ` [pve-devel] applied: " Thomas Lamprecht

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal