Comments on: Bridging domains to tagged VLANs in Xen http://renial.net/weblog/2007/02/27/xen-vlan/ Wed, 07 Jan 2009 03:29:07 +0000 http://wordpress.org/?v=2.2.3 By: Otto Jongerius http://renial.net/weblog/2007/02/27/xen-vlan/#comment-12 Otto Jongerius Thu, 26 Jul 2007 12:36:19 +0000 http://renial.net/weblog/2007/02/27/xen-vlan/#comment-12 Hi, Nice scripts, very useful! I'd just like to add that disabling Spanning Tree (STP) is not the wisest thing to do by default. I suggest enabling STP, and remarking the line "brctl setfd ${bridge} 0" en replace "off" by "on" on line "brctl stp ${bridge} off" Routing loops are nasty. from 'man brctl': brctl stp controls this bridge instance’s participa‐ tion in the spanning tree protocol. If is "on" or "yes" the STP will be turned on, otherwise it will be turned off. When turned off, the bridge will not send or receive BPDUs, and will thus not participate in the spanning tree protocol. If your bridge isn’t the only bridge on the LAN, or if there are loops in the LAN’s topology, DO NOT turn this option off. If you turn this option off, please know what you are doing. Patch: --- network-bridge-vlan.old 2007-07-26 13:32:40.145832732 -0400 network-bridge-vlan 2007-07-26 13:19:50.593479432 -0400 @@ -76,8 76,8 @@ # Don't create the bridge if it already exists. if ! brctl show | grep -q ${bridge} ; then brctl addbr ${bridge} - brctl stp ${bridge} off - brctl setfd ${bridge} 0 brctl stp ${bridge} on #brctl setfd ${bridge} 0 fi ip link set ${bridge} up } Cheers, Otto Hi,

Nice scripts, very useful!

I’d just like to add that disabling Spanning Tree (STP) is not the wisest thing to do by default.

I suggest enabling STP, and remarking the line “brctl setfd ${bridge} 0″ en replace “off” by “on” on line “brctl stp ${bridge} off” Routing loops are nasty.

from ‘man brctl’:

brctl stp controls this bridge instance’s participa‐
tion in the spanning tree protocol. If is “on” or “yes” the
STP will be turned on, otherwise it will be turned off. When turned
off, the bridge will not send or receive BPDUs, and will thus not
participate in the spanning tree protocol. If your bridge isn’t the
only bridge on the LAN, or if there are loops in the LAN’s topology,
DO NOT turn this option off. If you turn this option off, please know
what you are doing.

Patch:

— network-bridge-vlan.old 2007-07-26 13:32:40.145832732 -0400
network-bridge-vlan 2007-07-26 13:19:50.593479432 -0400

@@ -76,8 76,8 @@
# Don’t create the bridge if it already exists.
if ! brctl show | grep -q ${bridge} ; then
brctl addbr ${bridge}
- brctl stp ${bridge} off
- brctl setfd ${bridge} 0
brctl stp ${bridge} on
#brctl setfd ${bridge} 0
fi
ip link set ${bridge} up
}

Cheers,

Otto

]]> By: FirstServed Technical Documentation » Bridging VLAN interfaces in Xen http://renial.net/weblog/2007/02/27/xen-vlan/#comment-10 FirstServed Technical Documentation » Bridging VLAN interfaces in Xen Thu, 19 Jul 2007 10:04:54 +0000 http://renial.net/weblog/2007/02/27/xen-vlan/#comment-10 [...] In case the Dom0 doesn’t need active interfaces on the VLAN bridges, you can follow the solution outlined on this page: Bridging domains to tagged VLANs in Xen. [...] […] In case the Dom0 doesn’t need active interfaces on the VLAN bridges, you can follow the solution outlined on this page: Bridging domains to tagged VLANs in Xen. […]

]]> By: James http://renial.net/weblog/2007/02/27/xen-vlan/#comment-7 James Tue, 03 Apr 2007 23:31:37 +0000 http://renial.net/weblog/2007/02/27/xen-vlan/#comment-7 Hey. Thanks for that script. It appears to work happilly when netdev=bond0 too. Hey. Thanks for that script. It appears to work happilly when netdev=bond0 too.

]]> By: xDie http://renial.net/weblog/2007/02/27/xen-vlan/#comment-6 xDie Wed, 28 Mar 2007 16:20:22 +0000 http://renial.net/weblog/2007/02/27/xen-vlan/#comment-6 Hello very good !!! i needed this thanks, ! Hello very good !!! i needed this thanks, !

]]> By: Lou http://renial.net/weblog/2007/02/27/xen-vlan/#comment-5 Lou Fri, 23 Mar 2007 18:57:49 +0000 http://renial.net/weblog/2007/02/27/xen-vlan/#comment-5 Nice article, congrats!! I was wondering if you ever tried to make something similar, or if you know that this works: The DOMU's are firewalls with multiple VLAN interfaces on the inside, and one normal interface on the outside, like this: DOMu1 --- eth0 (external-if) --- xenbr0 --- eth0 (Dom0) --- eth2.2 (internal-if) --- eth2.3 (internal-if) --- eth2.4 (internal-if) DOMu2 --- eth0 (external-if) --- xenbr0 --- eth0 (Dom0) --- eth2.2 (internal-if) --- eth2.3 (internal-if) --- eth2.4 (internal-if) I've tried a series of bridges/setups that never worked when trying to ping DOMu2 eth2.2 from DOMu1 (thats why i didnt included any bridge information on the eth2.x interfaces of the DOMu's). Nothing that i've tried so far made those DOMu's vlan interfaces to communicate. Any toughts about that would b extremely valuable, Thanks a lot and keep up the good work! Nice article, congrats!!

I was wondering if you ever tried to make something similar, or if you know that this works:

The DOMU’s are firewalls with multiple VLAN interfaces on the inside, and one normal interface on the outside, like this:

DOMu1 — eth0 (external-if) — xenbr0 — eth0 (Dom0)
— eth2.2 (internal-if)
— eth2.3 (internal-if)
— eth2.4 (internal-if)

DOMu2 — eth0 (external-if) — xenbr0 — eth0 (Dom0)
— eth2.2 (internal-if)
— eth2.3 (internal-if)
— eth2.4 (internal-if)

I’ve tried a series of bridges/setups that never worked when trying to ping DOMu2 eth2.2 from DOMu1 (thats why i didnt included any bridge information on the eth2.x interfaces of the DOMu’s). Nothing that i’ve tried so far made those DOMu’s vlan interfaces to communicate.

Any toughts about that would b extremely valuable,

Thanks a lot and keep up the good work!

]]>