Bug 847112 - Can't mix tagged and untagged VLANs on a host interface
Summary: Can't mix tagged and untagged VLANs on a host interface
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: oVirt
Classification: Retired
Component: ovirt-engine-core
Version: 3.1 GA
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
: 3.2
Assignee: lpeer
QA Contact:
URL:
Whiteboard: network
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-08-09 18:16 UTC by David Black
Modified: 2014-01-12 18:05 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Fedora 17 x86_64 ovirt-engine, 2.5.0-1.0 node
Last Closed: 2013-02-15 06:47:51 UTC
oVirt Team: ---
Embargoed:


Attachments (Terms of Use)

Description David Black 2012-08-09 18:16:16 UTC
Description of problem:

Unable to add a host interface with a combination of an untagged VLAN and tagged VLANs.

Version-Release number of selected component (if applicable):

3.1GA

How reproducible:

In the cluster, create an untagged logical network and create a tagged logical network.   Try and add both to an otherwise unused host interface.
  
Actual results:

In engine log:

2012-08-09 13:50:01,977 ERROR [org.ovirt.engine.core.vdsbroker.VDSCommandBase] (ajp--0.0.0.0-8009-11) [78121232] Command SetupNetworksVDS execution failed. Exception: RuntimeException: org.ovirt.engine.core.vdsbroker.vdsbroker.VDSErrorException: VDSGenericException: VDSErrorException: Failed to SetupNetworksVDS, error = Setup attached more than one network to nic eth1, some of which aren't vlans

Expected results:

Both one untagged plus multiple tagged VLANs on an interface is a common network configuration and AFAIK should be workable.  It's possible this is a Linux limitation but I don't know for certain.

Comment 1 Itamar Heim 2012-08-09 21:46:04 UTC
livnat - I remember something around this post 3.1?

Comment 2 lpeer 2012-08-11 17:22:22 UTC
Is the untagged network defined as a VM network?

Only non-vm (untagged) network can co-exist with other tagged networks on a single nic (in ovirt).
The reason for that is that the non tagged network is exposed to the traffic of the tagged networks and having guests on that network is considered a security breach.

Comment 3 David Black 2012-08-13 17:06:56 UTC
Understood on the security implications.  I don't recall if I made it a VM network or not the first time, but just tried it again with a non-VM network.  The oVirt UI said 'ovirt-engine internal error'.  These appear to be the pertinent log entries:

2012-08-13 13:02:26,143 ERROR [org.ovirt.engine.core.vdsbroker.vdsbroker.BrokerCommandBase] (ajp--0.0.0.0-8009-13) [7b87c829] Error code ERR_USED_NIC and error message VDSGenericException: VDSErrorException: Failed to SetupNetworksVDS, error = Setup attached more than one network to nic eth1, some of which aren't vlans
2012-08-13 13:02:26,144 ERROR [org.ovirt.engine.core.vdsbroker.vdsbroker.BrokerCommandBase] (ajp--0.0.0.0-8009-13) [7b87c829] org.ovirt.engine.core.vdsbroker.vdsbroker.VDSErrorException: VDSGenericException: VDSErrorException: Failed to SetupNetworksVDS, error = Setup attached more than one network to nic eth1, some of which aren't vlans
2012-08-13 13:02:26,145 ERROR [org.ovirt.engine.core.vdsbroker.VDSCommandBase] (ajp--0.0.0.0-8009-13) [7b87c829] Command SetupNetworksVDS execution failed. Exception: RuntimeException: org.ovirt.engine.core.vdsbroker.vdsbroker.VDSErrorException: VDSGenericException: VDSErrorException: Failed to SetupNetworksVDS, error = Setup attached more than one network to nic eth1, some of which aren't vlans

Comment 4 lpeer 2012-08-14 06:42:29 UTC
Igor - did the fix for VLAN and non-VLAN networks make it to 3.1 formal release?

Comment 5 Igor Lvovsky 2012-08-14 11:29:09 UTC
(In reply to comment #4)
> Igor - did the fix for VLAN and non-VLAN networks make it to 3.1 formal
> release?

No, it's not a part of 3.1 release.
We have it in upstream and we can push it for next release

Comment 6 lpeer 2012-08-15 11:33:43 UTC
patches for fixing the issue were merged -
http://gerrit.ovirt.org/#/c/6384/

They will be available in the next oVirt release (3.2)

Comment 7 Itamar Heim 2013-01-16 16:10:24 UTC
3.2 beta built, moving to ON_QA status to allow testing

Comment 8 Juan Pablo Lorier 2014-01-07 13:36:14 UTC
I'm using 3.2 and I still can't mix tagged and untagged LN.
Did it make it into 3.2?
Regards,

Comment 9 Juan Pablo Lorier 2014-01-07 15:31:02 UTC
(In reply to Juan Pablo Lorier from comment #8)
> I'm using 3.2 and I still can't mix tagged and untagged LN.
> Did it make it into 3.2?
> Regards,

I correct myself, I'm using 3.3.1 and still no mixing modes allowed.
Regards,

Comment 10 Itamar Heim 2014-01-12 09:06:18 UTC
is your untagged one a VM network? we only allow mixing if the untagged is not a vm network.

Comment 11 David Black 2014-01-12 13:30:12 UTC
No. See comment #3 for more info.

Comment 12 Juan Pablo Lorier 2014-01-12 18:05:42 UTC
In may case yes. I have services on VMs that are consumed from tagged vlans and untagged ones.


Note You need to log in before you can comment on or make changes to this bug.