* [pve-devel] [PATCH v2 pve-common 0/1] disable rx-vlan-filter on iface in vlan-aware-bridge
@ 2023-06-27 6:53 Alexandre Derumier
2023-06-27 6:53 ` [pve-devel] [PATCH v2 pve-common 1/1] network_interfaces: disable rx-vlan-filter for physical interfaces ports of a vlan-aware bridge Alexandre Derumier
0 siblings, 1 reply; 2+ messages in thread
From: Alexandre Derumier @ 2023-06-27 6:53 UTC (permalink / raw)
To: pve-devel
Hi,
Some nics like mellanox connect-x or intel i40e don't work with vlan-aware-bridge
when too many vlans are defined.
Depend of the model, connectx-3 is limited to 64 vlans, connect-x4 to 128vlans
https://forum.proxmox.com/threads/proxmox-7-and-mellanox-connectx4-and-vlan-aware-bridge.104926/#post-555269
i40e seem to throw errors like
Jan 18 14:44:27 jupiter kernel: [ 145.060365] i40e 0000:3d:00.0: Error I40E_AQ_RC_ENOSPC, forcing overflow promiscuous on PF
https://forum.proxmox.com/threads/error-i40e_aq_rc_enospc-forcing-overflow-promiscuous-on-pf.62875/
https://forum.proxmox.com/threads/proxmox-8-and-i40e-driver-kernel-6-2.129364/
rx-vlan-filter is only a protection to drop packets with unknown vlan at nic level.
(not related to vlan offloading, where nic can support any number of vlan)
When vlan-aware is enabled, bridge is already doing the vlan filtering, so it's pretty safe to disable it.
(AFAIK, it was not enabled on proxmox 5, as I didn't have mellanox problem at this time)
This patch serie add rx-vlan-filter to /etc/network/interfaces on phys nic if the nic is port of vlan aware bridge.
(or slave of bond port of vlan-aware-bridge)
fix:
https://bugzilla.proxmox.com/show_bug.cgi?id=2329
https://bugzilla.proxmox.com/show_bug.cgi?id=3893
(maybe they are other related bug reports)
Changelog v2:
- merge missing patch
Alexandre Derumier (1):
network_interfaces: disable rx-vlan-filter for physical interfaces
ports of a vlan-aware bridge
src/PVE/INotify.pm | 15 +++++++++++++++
test/etc_network_interfaces/t.parsed_options.pl | 7 +++++++
2 files changed, 22 insertions(+)
--
2.39.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* [pve-devel] [PATCH v2 pve-common 1/1] network_interfaces: disable rx-vlan-filter for physical interfaces ports of a vlan-aware bridge
2023-06-27 6:53 [pve-devel] [PATCH v2 pve-common 0/1] disable rx-vlan-filter on iface in vlan-aware-bridge Alexandre Derumier
@ 2023-06-27 6:53 ` Alexandre Derumier
0 siblings, 0 replies; 2+ messages in thread
From: Alexandre Derumier @ 2023-06-27 6:53 UTC (permalink / raw)
To: pve-devel
some nic like mellanox connectx or intel i40e don't work well vlan-aware bridge
because they are limited in number of vlan filtering in hardware
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
src/PVE/INotify.pm | 15 +++++++++++++++
test/etc_network_interfaces/t.parsed_options.pl | 7 +++++++
2 files changed, 22 insertions(+)
diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm
index bc33a8f..c4dd85d 100644
--- a/src/PVE/INotify.pm
+++ b/src/PVE/INotify.pm
@@ -963,6 +963,7 @@ sub __read_etc_network_interfaces {
'vxlan-svcnodeip' => 1,
'vxlan-physdev' => 1,
'vxlan-local-tunnelip' => 1,
+ 'rx-vlan-filter' => 1,
};
if ($id eq 'address' || $id eq 'netmask' || $id eq 'broadcast' || $id eq 'gateway') {
@@ -1514,6 +1515,7 @@ sub __write_etc_network_interfaces {
}
# check bond
+ my $bondslaves = {};
foreach my $iface (keys %$ifaces) {
my $d = $ifaces->{$iface};
next if !($d->{type} eq 'bond' && $d->{slaves});
@@ -1529,6 +1531,7 @@ sub __write_etc_network_interfaces {
$check_mtu->($ifaces, $iface, $p);
$bond_primary_is_slave = 1 if $d->{'bond-primary'} && $d->{'bond-primary'} eq $p;
+ $bondslaves->{$p} = $iface;
}
die "bond '$iface' - bond-primary interface is not a slave" if $d->{'bond-primary'} && !$bond_primary_is_slave;
}
@@ -1658,6 +1661,18 @@ sub __write_etc_network_interfaces {
}
}
+ # disable rx-vlan-filter if physical nic is port of a vlan-aware bridge
+ foreach my $iface (keys %$ifaces) {
+ next if $iface !~ /^$PVE::Network::PHYSICAL_NIC_RE/;
+ my $phys_iface = $iface;
+ $iface = $bondslaves->{$iface} if $bondslaves->{$iface};
+ if ($bridgeports->{$iface} && $bridges->{$bridgeports->{$iface}}->{bridge_vlan_aware}) {
+ $ifaces->{$phys_iface}->{'rx-vlan-filter'} = 'off' if !defined($ifaces->{$phys_iface}->{'rx-vlan-filter'});
+ } else {
+ delete $ifaces->{$phys_iface}->{'rx-vlan-filter'};
+ }
+ }
+
my $raw = <<'NETWORKDOC';
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
diff --git a/test/etc_network_interfaces/t.parsed_options.pl b/test/etc_network_interfaces/t.parsed_options.pl
index bbb2a27..fbedf6a 100644
--- a/test/etc_network_interfaces/t.parsed_options.pl
+++ b/test/etc_network_interfaces/t.parsed_options.pl
@@ -15,6 +15,7 @@ my $gw6 = 'fc05::1';
# Load
my $cfg = load('base') . <<"CHECK";
iface eth1 inet manual
+ rx-vlan-filter off
auto vmbr0
iface vmbr0 inet static
@@ -23,6 +24,12 @@ iface vmbr0 inet static
bridge-ports eth0
bridge-stp off
bridge-fd 0
+
+auto vmbr1
+iface vmbr1 inet manual
+ bridge-ports eth1
+ bridge-stp off
+ bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
--
2.39.2
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-06-27 6:54 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-27 6:53 [pve-devel] [PATCH v2 pve-common 0/1] disable rx-vlan-filter on iface in vlan-aware-bridge Alexandre Derumier
2023-06-27 6:53 ` [pve-devel] [PATCH v2 pve-common 1/1] network_interfaces: disable rx-vlan-filter for physical interfaces ports of a vlan-aware bridge Alexandre Derumier
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox