10:17 a.m.
Hi all,
On a standalone libvirt/KVM, I've been used to mix tagged and untagged
vlans on the same interface, the untagged vlan dedicated to the physical
interface em1 and the other tagged ones to VLAN em1.X.
I've just installed a new datacenter with an untagged ovirtmgmt and then
realized that I've been prevented from attaching additional vlan to the
same inetrface.
Is there a reason for that, knowing that nothing should technically be
wrong?
10:31 a.m.
--Apple-Mail=_819B8C08-D8E8-4238-AA7C-17377E564E19
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
Hi,
it is possible to achieve the state you describe. You just can=E2=80=99t =
have ovirtmgmt as VM network in such case.
You need to set ovirtmgmt as nonVM [1] (aka bridgeless network), then =
you can put it on one interface with VLANs.
Be aware that you can put on one interface only one bridges network + =
multiple VLANs.
[1] =
http://www.ovirt.org/Features/Design/Network/Bridgeless_Networks#Functiona=
lity
HTH
Martin Pavlik
RHEV QE
On 13 Feb 2015, at 16:17, Nathana=C3=ABl Blanchet
<blanchet(a)abes.fr> =
wrote:
=20
Hi all,
=20
On a standalone libvirt/KVM, I've been used to mix tagged and untagged =
vlans
on the same interface, the untagged vlan dedicated to the physical =
interface em1 and the other tagged ones to VLAN em1.X.
I've just installed a new datacenter with an untagged ovirtmgmt
and =
then realized that I've been prevented from attaching additional vlan to
=
the same inetrface.
Is there a reason for that, knowing that nothing should technically
be =
wrong?
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--Apple-Mail=_819B8C08-D8E8-4238-AA7C-17377E564E19
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQEcBAEBCgAGBQJU3hi+AAoJENsSVGhnNZo+4poIAIvEiF8uGNmLYQC84TXmTDGW
mKGdBf+jTsbRpvl8fMUsUBZ99mYPtmEPy/7Qeb1/y8JUCAOIFdxERZ0Yab3y4Wu6
nROYREMm0HkB0WjDun37TTCvNqQAmJjTQS0/gEXnFzOSUDAS8xQJXy8dx8mh8gJJ
eXERSok/GdOoODOa3Y4zcK5qUi3HzsXGK0neA77a5+T8Iw2iUh9Sn761jC79ESYF
sAmo7RTk88Ej6HE1drUByo8MoY5sRrdLBdUZJT7HFONtupmAQlLoTV1vIMekJSOX
bGOrpQvhQN9OsVcY4uBNfzxREqJrLvTlNhr/gOccpQJgMep04nWfxCqiDbL7qgI=
=ekO3
-----END PGP SIGNATURE-----
--Apple-Mail=_819B8C08-D8E8-4238-AA7C-17377E564E19--
3:06 a.m.
What Martin said is correct, let me just add that originally this
limitation was put in place because in older kernels the bridge for the
untagged network could see tagged traffic over the same physical
interface, which was a security loophole (as a VM using the untagged
bridge could sniff all the traffic on the physical interface).
This isn't the case anymore, so in 3.6 we want to remove this limitation.
On 13/02/15 17:31, Martin Pavlík wrote:
Hi,
it is possible to achieve the state you describe. You just can’t have ovirtmgmt as VM
network in such case.
You need to set ovirtmgmt as nonVM [1] (aka bridgeless network), then you can put it on
one interface with VLANs.
Be aware that you can put on one interface only one bridges network + multiple VLANs.
[1] http://www.ovirt.org/Features/Design/Network/Bridgeless_Networks#Function...
HTH
Martin Pavlik
RHEV QE
> On 13 Feb 2015, at 16:17, Nathanaël Blanchet <blanchet(a)abes.fr> wrote:
>
> Hi all,
>
> On a standalone libvirt/KVM, I've been used to mix tagged and untagged vlans on
the same interface, the untagged vlan dedicated to the physical interface em1 and the
other tagged ones to VLAN em1.X.
> I've just installed a new datacenter with an untagged ovirtmgmt and then realized
that I've been prevented from attaching additional vlan to the same inetrface.
> Is there a reason for that, knowing that nothing should technically be wrong?
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
3:41 a.m.
Thank you for the explanation.
Le 16/02/2015 09:06, Lior Vernia a écrit :
What Martin said is correct, let me just add that originally this
limitation was put in place because in older kernels the bridge for the
untagged network could see tagged traffic over the same physical
interface, which was a security loophole (as a VM using the untagged
bridge could sniff all the traffic on the physical interface).
This isn't the case anymore, so in 3.6 we want to remove this limitation.
On 13/02/15 17:31, Martin Pavlík wrote:
> Hi,
>
> it is possible to achieve the state you describe. You just can’t have ovirtmgmt as VM
network in such case.
>
> You need to set ovirtmgmt as nonVM [1] (aka bridgeless network), then you can put it
on one interface with VLANs.
>
> Be aware that you can put on one interface only one bridges network + multiple
VLANs.
>
> [1] http://www.ovirt.org/Features/Design/Network/Bridgeless_Networks#Function...
>
> HTH
>
> Martin Pavlik
>
> RHEV QE
>
>> On 13 Feb 2015, at 16:17, Nathanaël Blanchet <blanchet(a)abes.fr> wrote:
>>
>> Hi all,
>>
>> On a standalone libvirt/KVM, I've been used to mix tagged and untagged vlans
on the same interface, the untagged vlan dedicated to the physical interface em1 and the
other tagged ones to VLAN em1.X.
>> I've just installed a new datacenter with an untagged ovirtmgmt and then
realized that I've been prevented from attaching additional vlan to the same
inetrface.
>> Is there a reason for that, knowing that nothing should technically be wrong?
>> _______________________________________________
>> Users mailing list
>> Users(a)ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
3603
days inactive
3606
days old
3 comments
3 participants
participants (3)
-
Lior Vernia -
Martin Pavlík -
Nathanaël Blanchet