From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 9704C75F81 for ; Wed, 14 Jul 2021 12:54:30 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 7DBF510040 for ; Wed, 14 Jul 2021 12:54:00 +0200 (CEST) Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 5013510035 for ; Wed, 14 Jul 2021 12:53:58 +0200 (CEST) Received: by mail-wr1-x432.google.com with SMTP id f17so2665381wrt.6 for ; Wed, 14 Jul 2021 03:53:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=odiso-com.20150623.gappssmtp.com; s=20150623; h=message-id:subject:from:to:date:in-reply-to:references:user-agent :mime-version:content-transfer-encoding; bh=Q2OJIesljSwrlX/NdoCCRQdmyCPoZnXs4h9V4BhmQ4E=; b=BN9TbfIEQfSQWcsz4xK+fI4n2guvlQGX8+DSgNeT/fnLpIj9P9DljO6SpP8ahku+YI PZePf9cI2yf/9+Rd4U+q8i41G+4+WU5qUDJHFcxu2RD5wULpJ3rswIVswuK1AMdyBJnX ZImotOupDhaPA7YpRk/+crDwYB5SK42vbsFzc9u6n3kgH3ZN3Q7XJku6X7gzncUEUlsv f1k7g4iWOBsdoaByoDfKh9UCR1o4+eIXw+m040RwHmhJZXS4GnEZA55ov7uCSua902hA 6DH/nu7VndFFpCwJWpUU3dPYixiIx3x0YRevgDG5Tg0dBQNCRiy49Iq9fB+XG41z9zAp xn8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:date:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=Q2OJIesljSwrlX/NdoCCRQdmyCPoZnXs4h9V4BhmQ4E=; b=d4KFryYzl3931V8pDLwknQOCGeIfEZJplkLIPUdx4KVIXWkQESV72ayRUJCS3Uhu2A 1XgIxrdRQKj0buTeShaEXkq+6EEkKx9HmT1EsmqbDY+jnxcLCV1o8MGkZ79SQwK+pbud qZbhk/eqcbWO99ZfAfobH6t5uZ4eZDJjlFIAhJ0E7ls7BiPqY9JcfBEoMIGdps4hciS5 y3Zm2ezPuF4gNpTXEtnnItjKfmJNN1k1fSegvVziSKmID1vv9hrrCdG9cWQsdgn9nWk6 xmTqn4NGwDalyWAOs/K1HplQjK/agiL8EzhEVyAp0u9RfhIh8ooU7OS0xzF33KmQlIiS QkzQ== X-Gm-Message-State: AOAM532Xzj/5vRSdTexTD3pYHjdxVIpejlUUqtv43HYdzPbMOPevfGT/ EuZ9Bxy0nNBnpRjIsNVZvZLDDoYgvNlTcQ== X-Google-Smtp-Source: ABdhPJyQGNCroIG6H1AQORuNRjvWKQArYhxV/+D8CK5WHa8VnnwHgCTm1oyfVBpqXGaLGES7CEJXfw== X-Received: by 2002:adf:ed07:: with SMTP id a7mr12698985wro.70.1626260031832; Wed, 14 Jul 2021 03:53:51 -0700 (PDT) Received: from ?IPv6:2a0a:1580:0:1::100c? (ovpn1.odiso.net. [2a0a:1580:2000::3f]) by smtp.gmail.com with ESMTPSA id t9sm2113587wrq.92.2021.07.14.03.53.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Jul 2021 03:53:51 -0700 (PDT) Message-ID: <39b44d45b08598f24483024cbfe4716eef7c7cb5.camel@odiso.com> From: alexandre derumier To: Proxmox VE development discussion Date: Wed, 14 Jul 2021 12:53:50 +0200 In-Reply-To: <26cb0ae8-18d6-436e-4932-7e9ed812de24@proxmox.com> References: <75efa993d34cb722b91d0a1b378664c3d026f2a9.camel@odiso.com> <3ac18ec6-e4e2-e52e-a5a0-0949b4b6eccb@proxmox.com> <26cb0ae8-18d6-436e-4932-7e9ed812de24@proxmox.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.40.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.765 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] ifupdown2 "bridge_set_static_mac_from_port" policy X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jul 2021 10:54:30 -0000 ok, I have done some tests. /etc/network/ifupdown2/policy.d/bridgemac.json { "bridge": { "module_globals": { "bridge_set_static_mac_from_port": "yes" } } test1 ----- auto vmbr4 iface vmbr4 inet manual bridge-ports eno4 eno3 bridge-stp off bridge-fd 0 bridge-vlan-aware yes bridge-vids 2-4094 with eno4 mac: c8:1f:66:f8:e8:bf "ifreload -a" (vmbr4 didn't exist before) info: executing /bin/ip -force -batch - [link set dev eno3 up] debug: vmbr4: evaluating port expr '['eno4', 'eno3']' debug: vmbr4: _get_bridge_mac returned (eno4, c8:1f:66:f8:e8:bf) debug: vmbr4: cached hwaddress value: 1a:dc:cd:5f:95:a2 info: vmbr4: setting bridge mac to port eno4 mac info: vmbr4: netlink: ip link set dev vmbr4 address c8:1f:66:f8:e8:bf debug: vmbr4: pre-up : running module bridgevlan debug: vmbr4: pre-up : running module tunnel debug: vmbr4: pre-up : running module vrf debug: vmbr4: pre-up : running module address vmbr4 correctly inherit eno4 mac switch eno3,eno4 auto vmbr4 iface vmbr4 inet manual bridge-ports eno3 eno4 bridge-stp off bridge-fd 0 bridge-vlan-aware yes bridge-vids 2-4094 ifreload -a debug: vmbr4: evaluating port expr '['eno3', 'eno4']' info: vmbr4: port eno3: already processed info: vmbr4: port eno4: already processed info: vmbr4: applying bridge configuration specific to ports info: vmbr4: processing bridge config for port eno3 info: vmbr4: processing bridge config for port eno4 debug: vmbr4: evaluating port expr '['eno3', 'eno4']' info: bridge mac is already inherited from eno4 debug: vmbr4: _get_bridge_mac returned (eno4, c8:1f:66:f8:e8:bf) debug: vmbr4: cached hwaddress value: c8:1f:66:f8:e8:bf mac don't change on reload. ifdown vmbr4/ifup vmbr4 --> mac is changed to eno3 mac. test2 ----- existing vmbr0 + vmbr0.100 + a running tap115i0 on vmbr0 auto vmbr0 iface vmbr0 inet manual bridge-ports eno1 bridge-stp off bridge-fd 0 bridge-vlan-aware yes bridge-vids 2-4094 auto vmbr0.100 iface vmbr0.100 inet static address 10.59.100.233/24 gateway 10.59.100.1 now, add policy, ifreload -a info: vmbr0: port tap115i0 will stay enslaved as it matches with bridge-ports-condone-regex debug: vmbr0: evaluating port expr '['eno1']' info: vmbr0: port eno1: already processed info: vmbr0: applying bridge configuration specific to ports info: vmbr0: processing bridge config for port eno1 debug: vmbr0: evaluating port expr '['eno1']' debug: vmbr0: _get_bridge_mac returned (eno1, c8:1f:66:f8:e8:bc) debug: vmbr0: cached hwaddress value: 42:74:ea:71:d6:fa info: vmbr0: setting bridge mac to port eno1 mac info: vmbr0: netlink: ip link set dev vmbr0 down info: vmbr0: netlink: ip link set dev vmbr0 address c8:1f:66:f8:e8:bc info: vmbr0: netlink: ip link set dev vmbr0 up info: executing /sbin/sysctl net.mpls.conf.vmbr0/100.input=0 info: vmbr0.100: netlink: ip link set dev vmbr0.100 down info: vmbr0.100: netlink: ip link set dev vmbr0.100 address c8:1f:66:f8:e8:bc info: vmbr0.100: netlink: ip link set dev vmbr0.100 up Works too. Le mercredi 14 juillet 2021 à 08:19 +0200, Thomas Lamprecht a écrit : > On 14.07.21 07:38, Thomas Lamprecht wrote: > > On 13.07.21 07:16, alexandre derumier wrote: > > > Hi, > > > it seem that it's possible to enable some policy on bridge in > > > ifupdown2 > > > > > > > > > cumulus linux distro for example, have this policy > > > > > > $ cat /var/lib/ifupdown2/policy.d/bridge.json > > > { > > > "bridge": { > > > "module_globals": { > > > "warn_on_untagged_bridge_absence": "yes", > > > "vxlan_bridge_default_igmp_snooping": "off", > > > "allow_arp_nd_suppress_only_on_vxlan": "yes", > > > "bridge_set_static_mac_from_port": "yes" > > > }, > > > "defaults": { > > > "bridge-stp": "on", > > > "bridge-vlan-stats" : "on", > > > "bridge-mcstats" : "on", > > > "bridge-portprios": "8", > > > "bridge-hashel": "4096", > > > "bridge-hashmax": "4096", > > > "bridge-ageing": "1800" > > > } > > > } > > > } > > > > > > > > > bridge_set_static_mac_from_port could be usefull to reuse physical > > > interface mac on bridge. > > > > > > > sounds good in theory, but to which port? As with more than one it's > > important > > to be deterministic - that's why we had that kernel patch in the > > first place. > > Found it, they use first in port list, which is almost always good. > > But if one would add another bridge port or switch order of existing > ones, and then do a > `ifreload -a` it could change the bridge MAC address? I mean, it > happens in the `up_bridge` > function, not sure if that is called on reload or just when really > doing something like > `ifdown vmbr0; ifup vmbr0` >