Bug 847112 - Can't mix tagged and untagged VLANs on a host interface
Can't mix tagged and untagged VLANs on a host interface
Status: CLOSED CURRENTRELEASE
Product: oVirt
Classification: Community
Component: ovirt-engine-core (Show other bugs)
3.1 GA
x86_64 Linux
medium Severity medium
: ---
: 3.2
Assigned To: lpeer
network
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-09 14:16 EDT by David Black
Modified: 2014-01-12 13:05 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Fedora 17 x86_64 ovirt-engine, 2.5.0-1.0 node
Last Closed: 2013-02-15 01:47:51 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Black 2012-08-09 14:16:16 EDT
Description of problem:

Unable to add a host interface with a combination of an untagged VLAN and tagged VLANs.

Version-Release number of selected component (if applicable):

3.1GA

How reproducible:

In the cluster, create an untagged logical network and create a tagged logical network.   Try and add both to an otherwise unused host interface.
  
Actual results:

In engine log:

2012-08-09 13:50:01,977 ERROR [org.ovirt.engine.core.vdsbroker.VDSCommandBase] (ajp--0.0.0.0-8009-11) [78121232] Command SetupNetworksVDS execution failed. Exception: RuntimeException: org.ovirt.engine.core.vdsbroker.vdsbroker.VDSErrorException: VDSGenericException: VDSErrorException: Failed to SetupNetworksVDS, error = Setup attached more than one network to nic eth1, some of which aren't vlans

Expected results:

Both one untagged plus multiple tagged VLANs on an interface is a common network configuration and AFAIK should be workable.  It's possible this is a Linux limitation but I don't know for certain.
Comment 1 Itamar Heim 2012-08-09 17:46:04 EDT
livnat - I remember something around this post 3.1?
Comment 2 lpeer 2012-08-11 13:22:22 EDT
Is the untagged network defined as a VM network?

Only non-vm (untagged) network can co-exist with other tagged networks on a single nic (in ovirt).
The reason for that is that the non tagged network is exposed to the traffic of the tagged networks and having guests on that network is considered a security breach.
Comment 3 David Black 2012-08-13 13:06:56 EDT
Understood on the security implications.  I don't recall if I made it a VM network or not the first time, but just tried it again with a non-VM network.  The oVirt UI said 'ovirt-engine internal error'.  These appear to be the pertinent log entries:

2012-08-13 13:02:26,143 ERROR [org.ovirt.engine.core.vdsbroker.vdsbroker.BrokerCommandBase] (ajp--0.0.0.0-8009-13) [7b87c829] Error code ERR_USED_NIC and error message VDSGenericException: VDSErrorException: Failed to SetupNetworksVDS, error = Setup attached more than one network to nic eth1, some of which aren't vlans
2012-08-13 13:02:26,144 ERROR [org.ovirt.engine.core.vdsbroker.vdsbroker.BrokerCommandBase] (ajp--0.0.0.0-8009-13) [7b87c829] org.ovirt.engine.core.vdsbroker.vdsbroker.VDSErrorException: VDSGenericException: VDSErrorException: Failed to SetupNetworksVDS, error = Setup attached more than one network to nic eth1, some of which aren't vlans
2012-08-13 13:02:26,145 ERROR [org.ovirt.engine.core.vdsbroker.VDSCommandBase] (ajp--0.0.0.0-8009-13) [7b87c829] Command SetupNetworksVDS execution failed. Exception: RuntimeException: org.ovirt.engine.core.vdsbroker.vdsbroker.VDSErrorException: VDSGenericException: VDSErrorException: Failed to SetupNetworksVDS, error = Setup attached more than one network to nic eth1, some of which aren't vlans
Comment 4 lpeer 2012-08-14 02:42:29 EDT
Igor - did the fix for VLAN and non-VLAN networks make it to 3.1 formal release?
Comment 5 Igor Lvovsky 2012-08-14 07:29:09 EDT
(In reply to comment #4)
> Igor - did the fix for VLAN and non-VLAN networks make it to 3.1 formal
> release?

No, it's not a part of 3.1 release.
We have it in upstream and we can push it for next release
Comment 6 lpeer 2012-08-15 07:33:43 EDT
patches for fixing the issue were merged -
http://gerrit.ovirt.org/#/c/6384/

They will be available in the next oVirt release (3.2)
Comment 7 Itamar Heim 2013-01-16 11:10:24 EST
3.2 beta built, moving to ON_QA status to allow testing
Comment 8 Juan Pablo Lorier 2014-01-07 08:36:14 EST
I'm using 3.2 and I still can't mix tagged and untagged LN.
Did it make it into 3.2?
Regards,
Comment 9 Juan Pablo Lorier 2014-01-07 10:31:02 EST
(In reply to Juan Pablo Lorier from comment #8)
> I'm using 3.2 and I still can't mix tagged and untagged LN.
> Did it make it into 3.2?
> Regards,

I correct myself, I'm using 3.3.1 and still no mixing modes allowed.
Regards,
Comment 10 Itamar Heim 2014-01-12 04:06:18 EST
is your untagged one a VM network? we only allow mixing if the untagged is not a vm network.
Comment 11 David Black 2014-01-12 08:30:12 EST
No. See comment #3 for more info.
Comment 12 Juan Pablo Lorier 2014-01-12 13:05:42 EST
In may case yes. I have services on VMs that are consumed from tagged vlans and untagged ones.

Note You need to log in before you can comment on or make changes to this bug.