Bug 707522

Summary: virt-manager generates ifcfg-br0 with the wrong value STP=on which causes restart of switches
Product: Red Hat Enterprise Linux 6 Reporter: iliya.chalamov
Component: virt-managerAssignee: Cole Robinson <crobinso>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.3CC: berrange, dyuan, laine, mzhan, rwu
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-27 15:13:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description iliya.chalamov 2011-05-25 10:13:18 UTC 
Description of problem:
virt-manager generates ifcfg-br0 with the wrong value STP=on which causes restart of switches. When set to STP=off which is the default value the problem disappears.
Comment 2 Cole Robinson 2011-07-14 02:37:40 UTC 
Hmm, libvirt defaults to stp=on for it's virtual network bridges, and man brctl strongly recommends always enabling stp. I can't say I know much about the motivation but I was taking the safe default. The UI does give the option of changing the value (though if the default is dangerous we should indeed change it).

Dan or Laine, any comment on this?
Comment 3 Daniel Berrangé 2011-07-14 09:26:07 UTC 
I'd like a clarification of what is meant by  'causes restart of switches' ? It is expected that when you have STP=on, that there will be a period of time in which network traffic is blocked on that NIC, while the switch does the spanning tree algorithm to detect network loops. This delay can be controlled via the forward delay settin.

STP=on is intended to prevent accidental network loops. If a host has two network cards each in a bridge, and a guest is connected to both bridges, then the guest could potentially cause a network loop in the physical LAN. By choosing to have STP=on, we thus protect against a potential guest initiated denial of service attack.
Comment 4 Cole Robinson 2011-09-27 15:13:01 UTC 
No response for a few months, closing as INSUFFICIENT_DATA. If this bug is still relevant, please reopen, providing the info requested in Comment #2 and Comment #3