* [pve-devel] [PATCH ifupdown2 1/1] d/patches: allow subinterfaces on bond members
@ 2025-09-30 14:09 Stefan Hanreich
0 siblings, 0 replies; only message in thread
From: Stefan Hanreich @ 2025-09-30 14:09 UTC (permalink / raw)
To: pve-devel
ifupdown2 commit c50aff4f702ea366955552865aceab5b3735513a introduced a
change that disallows creating subinterfaces (e.g. VLAN) on top of
interfaces that are members of a bond.
This breaks a setup that is common to users utilizing storage boxes
via iSCSI multipath where a bond is defined on two interfaces and used
for e.g. VM traffic, but a specific VLAN is configured on the bond
members themselves and used as storage network. An example ifupdown2
configuration might look like this:
auto bond0
iface bond0 inet manual
bond-slaves eth1 eth2
[..]
auto eth1.123
iface eth1.123 inet static
address 192.0.2.1/24
auto eth2.123
iface eth2.123 inet static
address 192.0.2.2/24
ifupdown2 then errors out with the message:
bond0 : error: bond0: sub interfaces are not allowed on bond slave: eth1.123
The kernel networking stack itself allows creating VLAN devices on top
of interfaces that are bond members manually. And the setup generally
works fine if certain precautions are taken when utilizing the same
subnet on multiple interfaces (setting arp_ignore or utilizing VRFs).
So whilst not the most optimal setup, it seems to be quite common with
users of storage boxes and there's not really an escape hatch except
for bypassing our tooling and configuring everything manually. To
enable configuring that setup via our networking stack again, revert
the respective patch.
This has been reported multiple times in the forum [1], as well as in
our enterprise support.
[1] https://forum.proxmox.com/threads/pve9-unable-to-share-vlan-and-bridge-on-same-port-vs-pve8.170428/#post-804300
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
...-interface-is-detected-on-bond-slave.patch | 59 +++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 60 insertions(+)
create mode 100644 debian/patches/pve/0015-revert-addons-bond-warn-if-sub-interface-is-detected-on-bond-slave.patch
diff --git a/debian/patches/pve/0015-revert-addons-bond-warn-if-sub-interface-is-detected-on-bond-slave.patch b/debian/patches/pve/0015-revert-addons-bond-warn-if-sub-interface-is-detected-on-bond-slave.patch
new file mode 100644
index 0000000..18a2e94
--- /dev/null
+++ b/debian/patches/pve/0015-revert-addons-bond-warn-if-sub-interface-is-detected-on-bond-slave.patch
@@ -0,0 +1,59 @@
+From 9a5516c7fdcb35c7a4911bbf2b6bbf1708e5b976 Mon Sep 17 00:00:00 2001
+From: Stefan Hanreich <s.hanreich@proxmox.com>
+Date: Tue, 30 Sep 2025 15:50:33 +0200
+Subject: [PATCH] Revert "addons: bond: warn if sub interface is detected on
+ bond slave"
+
+This reverts commit c50aff4f702ea366955552865aceab5b3735513a.
+
+Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
+---
+ ifupdown2/addons/bond.py | 18 +-----------------
+ 1 file changed, 1 insertion(+), 17 deletions(-)
+
+diff --git a/ifupdown2/addons/bond.py b/ifupdown2/addons/bond.py
+index f2d38de..74d2cab 100644
+--- a/ifupdown2/addons/bond.py
++++ b/ifupdown2/addons/bond.py
+@@ -362,7 +362,7 @@ class bond(Addon, moduleBase):
+ def compare_bond_and_slave_speed(self, bond_ifaceobj, slave_ifname, slave_speed):
+ if self.current_bond_speed != slave_speed:
+ self.log_error(
+- "%s: ignoring device due to device's speed (%s) mismatching bond (%s) speed (%s)"
++ "%s: ignoring device to due device's speed (%s) mismatching bond (%s) speed (%s)"
+ % (slave_ifname, slave_speed, bond_ifaceobj.name, self.current_bond_speed),
+ ifaceobj=bond_ifaceobj
+ )
+@@ -407,19 +407,6 @@ class bond(Addon, moduleBase):
+ bond_speed = slave_speed
+ return bond_speed
+
+- def get_bond_slave_upper_dev_ifaceobj(self, ifname, ifaceobj_getfunc):
+- for ifaceobj in ifaceobj_getfunc(ifname):
+- yield from ifaceobj.upperifaces or []
+-
+- def slave_has_no_subinterface(self, bond_ifaceobj, slave, ifaceobj_getfunc):
+- for upper_ifname in self.get_bond_slave_upper_dev_ifaceobj(slave, ifaceobj_getfunc):
+- if upper_ifname != bond_ifaceobj.name:
+- self.log_error(
+- f"{bond_ifaceobj.name}: sub interfaces are not allowed on bond slave: {slave} ({upper_ifname})",
+- bond_ifaceobj
+- )
+- return True
+-
+ def _add_slaves(self, ifaceobj, runningslaves, ifaceobj_getfunc=None):
+ # reset the current_bond_speed
+ self.current_bond_speed = -1
+@@ -452,9 +439,6 @@ class bond(Addon, moduleBase):
+ except Exception as e:
+ self.logger.debug("%s: bond-slave (%s) speed validation failed: %s" % (ifaceobj.name, slave, str(e)))
+
+- if not self.slave_has_no_subinterface(ifaceobj, slave, ifaceobj_getfunc):
+- continue
+-
+ link_up = False
+ if self.cache.link_is_up(slave):
+ self.netlink.link_down_force(slave)
+--
+2.47.3
+
diff --git a/debian/patches/series b/debian/patches/series
index 266f57d..043e209 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -14,3 +14,4 @@ pve/0013-addons-nlcache-set-interface-alias-through-netlink-i.patch
upstream/0001-add-ipv6-slaac-support-inet6-auto-and-accept_ra.patch
upstream/0001-use-raw-strings-for-regex-to-fix-backslash-interpret.patch
pve/0014-nlmanager-read-ipv6-devconf-disable_ipv6-attribute-t.patch
+pve/0015-revert-addons-bond-warn-if-sub-interface-is-detected-on-bond-slave.patch
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-09-30 14:10 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-09-30 14:09 [pve-devel] [PATCH ifupdown2 1/1] d/patches: allow subinterfaces on bond members Stefan Hanreich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox