type => 'integer',
description => "vlan or vxlan id",
},
+ vlanaware => {
+ type => 'boolean',
+ description => 'Allow vm VLANs to pass through this vnet.',
+ },
alias => {
type => 'string',
description => "alias name of the vnet",
ipv4 => { optional => 1 },
ipv6 => { optional => 1 },
mac => { optional => 1 },
+ vlanaware => { optional => 1 },
};
}
return($zone_status, $vnet_status);
}
-sub get_bridge_vlan {
- my ($vnetid) = @_;
-
- my $vnet = PVE::Network::SDN::Vnets::get_vnet($vnetid);
-
- return ($vnetid, undef) if !$vnet; # fallback for classic bridge
-
- my $plugin_config = get_plugin_config($vnet);
- my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type});
- return $plugin->get_bridge_vlan($plugin_config, $vnetid, $vnet->{tag});
-}
-
sub tap_create {
my ($iface, $bridge) = @_;
if $plugin_config->{nodes} && !defined($plugin_config->{nodes}->{$nodename});
my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type});
- $plugin->tap_plug($plugin_config, $vnet, $iface, $bridge, $firewall, $rate);
+ $plugin->tap_plug($plugin_config, $vnet, $tag, $iface, $bridge, $firewall, $trunks, $rate);
}
1;
my $vrfvxlan = $plugin_config->{'vrf-vxlan'};
die "missing vxlan tag" if !$tag;
+ warn "vlan-aware vnet can't be enabled with evpn plugin" if $vnet->{vlanaware};
my @peers = split(',', $controller->{'peers'});
my ($ifaceip, $iface) = PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers);
}
-sub get_bridge_vlan {
- my ($class, $plugin_config, $vnetid, $tag) = @_;
-
- my $bridge = $vnetid;
- $tag = undef;
-
- die "bridge $bridge is missing" if !-d "/sys/class/net/$bridge/";
-
- return ($bridge, $tag);
-}
-
sub tap_create {
my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_;
- my $tag = $vnet->{tag};
- my ($bridge, undef) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag);
- die "unable to get bridge setting\n" if !$bridge;
-
- PVE::Network::tap_create($iface, $bridge);
+ PVE::Network::tap_create($iface, $vnetid);
}
sub veth_create {
my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_;
- my $tag = $vnet->{tag};
- my ($bridge, undef) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag);
- die "unable to get bridge setting\n" if !$bridge;
-
- PVE::Network::veth_create($veth, $vethpeer, $bridge, $hwaddr);
+ PVE::Network::veth_create($veth, $vethpeer, $vnetid, $hwaddr);
}
sub tap_plug {
- my ($class, $plugin_config, $vnet, $iface, $vnetid, $firewall, $rate) = @_;
-
- my $tag = $vnet->{tag};
+ my ($class, $plugin_config, $vnet, $tag, $iface, $vnetid, $firewall, $trunks, $rate) = @_;
- ($vnetid, $tag) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag);
- my $trunks = undef;
+ my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$vnetid/bridge/vlan_filtering");
+ die "vm vlans are not allowed on vnet $vnetid" if !$vlan_aware && ($tag || $trunks);
PVE::Network::tap_plug($iface, $vnetid, $tag, $firewall, $trunks, $rate);
}
push @iface_config, "bridge_ports $vnet_bridge_ports";
push @iface_config, "bridge_stp off";
push @iface_config, "bridge_fd 0";
+ if($vnet->{vlanaware}) {
+ push @iface_config, "bridge-vlan-aware yes";
+ push @iface_config, "bridge-vids 2-4094";
+ }
push @iface_config, "mtu $mtu" if $mtu;
push @iface_config, "alias $alias" if $alias;
push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};
push @iface_config, "bridge_ports $vnet_uplink";
push @iface_config, "bridge_stp off";
push @iface_config, "bridge_fd 0";
+ if($vnet->{vlanaware}) {
+ push @iface_config, "bridge-vlan-aware yes";
+ push @iface_config, "bridge-vids 2-4094";
+ }
push @iface_config, "mtu $mtu" if $mtu;
push @iface_config, "alias $alias" if $alias;
push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};
push @iface_config, "bridge_ports $vxlan_iface";
push @iface_config, "bridge_stp off";
push @iface_config, "bridge_fd 0";
+ if($vnet->{vlanaware}) {
+ push @iface_config, "bridge-vlan-aware yes";
+ push @iface_config, "bridge-vids 2-4094";
+ }
push @iface_config, "mtu $mtu" if $mtu;
push @iface_config, "alias $alias" if $alias;
push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};
projects / pve-network.git / commitdiff