Bug 1652910
| Summary: | [RFE] expose VLAN filtering in linux bridge connection attributes | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Dan Kenigsberg <danken> |
| Component: | NetworkManager | Assignee: | Beniamino Galvani <bgalvani> |
| Status: | CLOSED ERRATA | QA Contact: | Desktop QE <desktop-qa-list> |
| Severity: | high | Docs Contact: | Marc Muehlfeld <mmuehlfe> |
| Priority: | unspecified | ||
| Version: | 7.0 | CC: | atragler, bgalvani, fgiudici, fpokryvk, haliu, jmaxwell, lmiksik, lrintel, mduarted, pasik, rkhan, sukulkar, thaller |
| Target Milestone: | rc | Keywords: | FutureFeature |
| Target Release: | 7.7 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | NetworkManager-1.18.0-1.el7 | Doc Type: | Enhancement |
| Doc Text: |
.`NetworkManager` now supports VLAN filtering on bridge interfaces
With this enhancement, administrators can configure virtual LAN (VLAN) filtering on bridge interfaces in the corresponding `NetworkManager` connection profiles. This enables administrators to define VLANs directly on bridge ports.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-08-06 13:16:25 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1605123, 1654714, 1709731 | ||
|
Description
Dan Kenigsberg
2018-11-23 13:52:39 UTC
I think this is a duplicate of bug 1605123, isn't it? actually I only need a single boolean attribute to enable/disable vlan_filtering ip link set br0 type bridge vlan_filtering 1 I pushed a branch for review at: https://github.com/NetworkManager/NetworkManager/pull/322 It adds the following connection properties: * bridge.vlan-filtering: yes|no Enables/disables VLAN filtering. * bridge.vlan-default-pvid: 0-4094 The VLAN id assigned to incoming untagged frames. 0 disables the default VLAN. * bridge.vlans: <vid> [pvid] [untagged], ... List of VLANs on the bridge, in addition to the default one. * bridge-port.vlans: <vid> [pvid] [untagged], ... List of VLANs on the bridge port, in addition to the default one. What should I do to enable vlans 1-4095 on a port named bond0? I realize (quite late) that this is an important piece of our use case. Would my ifcfg have thousands of lines? (In reply to Dan Kenigsberg from comment #7) > What should I do to enable vlans 1-4095 on a port named bond0? I realize > (quite late) that this is an important piece of our use case. Would my ifcfg > have thousands of lines? Not thousands of lines, but a single BRIDGE_VLANS= line with thousands of elements. I think we could implement VLANs ranges to support this use case. Yes, having a range in ifcfg, nmcli and dbus API would make this more workable. Could you include this in 7.7? (In reply to Dan Kenigsberg from comment #9) > Yes, having a range in ifcfg, nmcli and dbus API would make this more > workable. > > Could you include this in 7.7? Filed merge request: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/114 I hope this will be merged before the NM 1.18 release that will be used in 7.7. Notes for QE:
Supported properties:
* bridge.vlan-filtering: yes|no
Enables/disables VLAN filtering.
* bridge.vlan-default-pvid: 0-4094
The VLAN id assigned to incoming untagged frames. 0 disables the
default VLAN pvid.
* bridge.vlans: <vid>[-<vid>] [pvid] [untagged], ...
List of VLANs on the bridge, in addition to the default one set with
the 'bridge.vlan-default-pvid' property. Each element can be a
single VLAN or a range. vid must be [1-4094]. Ranges must be valid
(start < end). Duplicated VLANs and overlapping ranges are not
allowed. Only one vlan can have the 'pvid' attribute. If a VLAN is
pvid, it overrides the default-pvid.
* bridge-port.vlans: <vid>[-<vid>] [pvid] [untagged], ...
Same as 'bridge.vlans'.
Examples:
==== no pvid ====
$ nmcli connection add type bridge \
ifname mybr con-name mybr+ \
bridge.vlan-default-pvid 0 \
bridge.vlan-filtering yes \
bridge.vlans "10"
$ nmcli connection add type ethernet \
ifname ens11 con-name ens11-slave+ \
master mybr slave-type bridge \
bridge-port.vlans "4094"
$ bridge vlan
port vlan ids
ens11
4094
mybr
10
==== default pvid (1) ====
$ nmcli connection add type bridge \
ifname mybr con-name mybr+ \
bridge.vlan-filtering yes \
bridge.vlans "10-14 untagged"
$ nmcli connection add type ethernet \
ifname ens11 con-name ens11-slave+ \
master mybr slave-type bridge \
bridge-port.vlans "4 untagged, 5"
$ bridge vlan
port vlan ids
ens11
1 PVID untagged 4 untagged 5
mybr
1 PVID untagged 10 untagged 11 untagged 12 untagged 13 untagged 14 untagged
==== non-default pvid ====
$ nmcli connection add type bridge \
ifname mybr con-name mybr+ \
bridge.vlan-filtering yes \
bridge.vlan-default-pvid 80 \
bridge.vlans "1-10, 100 pvid, 200 untagged"
$ nmcli connection add type ethernet \
ifname ens11 con-name ens11-slave+ \
master mybr slave-type bridge \
bridge-port.vlans 4000-4010
$ bridge vlan
port vlan ids
ens11
80 PVID untagged 4000 4001 4002 4003 4004 4005 4006 4007 4008 4009 4010
mybr
1 2 3 4 5 6 7 8 9 10 80 untagged 100 PVID 200 untagged
*** Bug 1605123 has been marked as a duplicate of this bug. *** Looks good, thanks! Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2302 |