[ovirt-users] mixing tagged and untagged vlans on a same interface

Nathanaël Blanchet blanchet at abes.fr
Mon Feb 16 03:41:38 EST 2015

Thank you for the explanation.

Le 16/02/2015 09:06, Lior Vernia a écrit :
> What Martin said is correct, let me just add that originally this
> limitation was put in place because in older kernels the bridge for the
> untagged network could see tagged traffic over the same physical
> interface, which was a security loophole (as a VM using the untagged
> bridge could sniff all the traffic on the physical interface).
> This isn't the case anymore, so in 3.6 we want to remove this limitation.
> On 13/02/15 17:31, Martin Pavlík wrote:
>> Hi,
>> it is possible to achieve the state you describe. You just can’t have ovirtmgmt as VM network in such case.
>> You need to set ovirtmgmt as nonVM [1] (aka bridgeless network), then you can put it on one interface with VLANs.
>> Be aware that you can put on one interface only one bridges network + multiple VLANs.
>> [1] http://www.ovirt.org/Features/Design/Network/Bridgeless_Networks#Functionality
>> HTH
>> Martin Pavlik
>>> On 13 Feb 2015, at 16:17, Nathanaël Blanchet <blanchet at abes.fr> wrote:
>>> Hi all,
>>> On a standalone libvirt/KVM, I've been used to mix tagged and untagged vlans on the same interface, the untagged vlan dedicated to the physical interface em1 and the other tagged ones to VLAN em1.X.
>>> I've just installed a new datacenter with an untagged ovirtmgmt and then realized that I've been prevented from attaching additional vlan to the same inetrface.
>>> Is there a reason for that, knowing that nothing should technically be wrong?
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users

More information about the Users mailing list