Bug 707522 - virt-manager generates ifcfg-br0 with the wrong value STP=on which causes restart of switches
Summary: virt-manager generates ifcfg-br0 with the wrong value STP=on which causes res...
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: virt-manager
Version: 6.3
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Cole Robinson
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-05-25 10:13 UTC by iliya.chalamov
Modified: 2011-09-27 15:13 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-09-27 15:13:01 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description iliya.chalamov 2011-05-25 10:13:18 UTC
Description of problem:
virt-manager generates ifcfg-br0 with the wrong value STP=on which causes restart of switches. When set to STP=off which is the default value the problem disappears.

Comment 2 Cole Robinson 2011-07-14 02:37:40 UTC
Hmm, libvirt defaults to stp=on for it's virtual network bridges, and man brctl strongly recommends always enabling stp. I can't say I know much about the motivation but I was taking the safe default. The UI does give the option of changing the value (though if the default is dangerous we should indeed change it).

Dan or Laine, any comment on this?

Comment 3 Daniel Berrangé 2011-07-14 09:26:07 UTC
I'd like a clarification of what is meant by  'causes restart of switches' ? It is expected that when you have STP=on, that there will be a period of time in which network traffic is blocked on that NIC, while the switch does the spanning tree algorithm to detect network loops. This delay can be controlled via the forward delay settin.

STP=on is intended to prevent accidental network loops. If a host has two network cards each in a bridge, and a guest is connected to both bridges, then the guest could potentially cause a network loop in the physical LAN. By choosing to have STP=on, we thus protect against a potential guest initiated denial of service attack.

Comment 4 Cole Robinson 2011-09-27 15:13:01 UTC
No response for a few months, closing as INSUFFICIENT_DATA. If this bug is still relevant, please reopen, providing the info requested in Comment #2 and Comment #3


Note You need to log in before you can comment on or make changes to this bug.