-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VLAN support in bridge network driver #1028
Comments
This has to be implemented netavark so I move the issue there. |
For 1. the code is in a different repo common, func createBridge, line 16 |
yes but until it is implemented in netavark (PRs welcome) there is no point in allowing that in c/common/libnetwork |
I have the same problem. I have a (and only one) bridge interface on my system with multiple VLANs. For me it would be perfect to have a podman network that just adds the vnet interface to my existing bridge and configure the VLANs |
I don't think we need a new driver, with the latest code we have So all netavark would have to do then is to enable vlan filtering on the bridge if not already? And then assign the vlan number to the host side veth when attaching it to the bridge, correct? |
yes - pretty much what I would need for my use case. the less changes on the existing bridge the better. |
Would solve my use case to. Leave the bridge as it is and add the host veth with vlan tag to it. |
This ’mode=unmanaged’ - is it available in a version or is it just in main? |
Just in main, it will be part of the next version 1.14 |
Thanks |
So I have written code locally to enable the vlan, it was much less than I thought. The one open question is by default the interface stays connected to vlan 1. Looking at cni they seem to have an option called |
Well in my current setup it probably would not break as I don't use vlan1. Does your code allow multiple vlans? |
The code currently only allows one vlan which AFAICT matches the cni The goal with the original report here at least would to have one bridge but then several networks that use the same bridge and different vlan ids. Then you just connect the container two the two networks and they would have access two both vlans via two different veth pairs. If we were to allow more than one vlan on a interface we cannot use an untagged container interface. |
Yes all good. I was just curious what will be possible. Thank you for your code and work |
I think the default vlan comes down to the |
Implement a new vlan option that turn the bridge vlan_filtering mode on and then assign the host side veth to the given vlan id. With that a users should be able to have multiple networks with the same bridge but different vlan ids (we need to change network create logic fo this). Fixes containers#1028 Signed-off-by: Paul Holzinger <[email protected]>
Implement a new vlan option that turn the bridge vlan_filtering mode on and then assign the host side veth to the given vlan id. With that a users should be able to have multiple networks with the same bridge but different vlan ids (we need to change network create logic fo this). Fixes containers#1028 Signed-off-by: Paul Holzinger <[email protected]>
PR #1161, testers welcome. You can manually edit the network config files to add Once the stuff is merged here I will fixup podman network create to allow such configs to be created via the cli. |
I will try to test. If one set |
I have tested it. Works as advertised. Good work. Thanks again. |
Feature request description
With
podman
+netavark
it is currently not possible to create veth links with VLAN tags.I use the linux bridge in VLAN-aware mode to interconnect different container/VMs (podman, libvirt, lxc, systemd-nspawn). To connect podman container to a specific VLAN I use the CNI bridge plugin in L2-only vlan configuration.
Suggest potential solution
It would need two changes:
network_interface
but differentvlan
optionsudo bridge vlan add vid 20 pvid untagged dev veth1
1. network creation
Currently, the
podman network create
already allows to set a vlan option:gives
/etc/containers/networks/vlan20.json
But it fails to create another network on the same bridge:
2. container startup / link creation
When using a network, the vlan option currently is ignored:
With CNI (or libvirt, lxc, ...) it works as expected:
Have you considered any alternatives?
I used to use CNI and custom shell based plugins. As CNI is considered deprecated I try to recreate my setup. Netavark and its support for multiple static interfaces is great but the lack of VLAN support in podman currently a stopper for me. So I need to stick with CNI for now.
Additional context
From the
podman network create
manpage:--opt, -o=option
Set driver specific options.
Additionally the bridge driver supports the following options:
vlan
: This option assign VLAN tag and enables vlan_filtering. Defaults to none.com.docker.network.bridge.name
: This option assigns the given name to the created Linux BridgeThe text was updated successfully, but these errors were encountered: