[ovirt-users] mixing tagged and untagged vlans on a same interface

[Nathanaël Blanchet]

Thank you for the explanation.

Le 16/02/2015 09:06, Lior Vernia a écrit :
> What Martin said is correct, let me just add that originally this
> limitation was put in place because in older kernels the bridge for the
> untagged network could see tagged traffic over the same physical
> interface, which was a security loophole (as a VM using the untagged
> bridge could sniff all the traffic on the physical interface).
>
> This isn't the case anymore, so in 3.6 we want to remove this limitation.
>
> On 13/02/15 17:31, Martin Pavlík wrote:
>> Hi,
>>
>> it is possible to achieve the state you describe. You just can’t have ovirtmgmt as VM network in such case.
>>
>> You need to set ovirtmgmt as nonVM [1] (aka bridgeless network), then you can put it on one interface with VLANs.
>>
>> Be aware that you can put on one interface only one bridges network + multiple VLANs.
>>
>> [1] http://www.ovirt.org/Features/Design/Network/Bridgeless_Networks#Functionality
>>
>> HTH
>>
>> Martin Pavlik
>>
>> RHEV QE
>>
>>> On 13 Feb 2015, at 16:17, Nathanaël Blanchet <blanchet at abes.fr> wrote:
>>>
>>> Hi all,
>>>
>>> On a standalone libvirt/KVM, I've been used to mix tagged and untagged vlans on the same interface, the untagged vlan dedicated to the physical interface em1 and the other tagged ones to VLAN em1.X.
>>> I've just installed a new datacenter with an untagged ovirtmgmt and then realized that I've been prevented from attaching additional vlan to the same inetrface.
>>> Is there a reason for that, knowing that nothing should technically be wrong?
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>