Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VLAN support for bridge networks (multiple networks on the same bridge with different VLAN tags) #2095

Closed
ahinrichs opened this issue Jul 23, 2024 · 2 comments · Fixed by #2308
Closed

VLAN support for bridge networks (multiple networks on the same bridge with different VLAN tags) #2095

ahinrichs opened this issue Jul 23, 2024 · 2 comments · Fixed by #2308
Assignees
@Luap99

Comments

@ahinrichs
Copy link

We use the linux bridge in VLAN-aware mode to interconnect different container/VMs (podman, libvirt, lxc, systemd-nspawn). To connect podman containers to a specific VLAN I use the CNI bridge plugin in L2-only vlan configuration.

Screenshot 2024-07-22 at 12-06-23 CNI

We try to do the same w/o CNI. There are two things missing currently:

  1. Support multiple networks with the same network_interface but different vlan setting
  2. Set the vlan on the veth link like:
    sudo bridge vlan add vid 20 pvid untagged dev ...

I opened an issue for netavark but first part belongs to common/libnetwork:

1. podman create network

Currently, the podman network create already allows to set a vlan option:

$ podman network create -o 'com.docker.network.bridge.name=brint' \
        -o vlan=20 --ipam-driver 'none' vlan20

results in /etc/containers/networks/vlan20.json

{
  "name": "vlan20",
  "driver": "bridge",
  "network_interface": "brint",
  "options": {
    "vlan": "20"   <---
  },
  "ipam_options": {
    "driver": "none"
  }
}

But it fails to create another network on the same bridge with different vlan tag:

$ podman network create -o 'com.docker.network.bridge.name=brint' \
        -o vlan=30 --ipam-driver 'none' vlan30
Error: bridge name brint already in use

Relevant code is in libnetwork/internal/util/bridge.go#L16
@chriss-de
Copy link

HI

Is anyone working on this?

I have the same problem and for me this looks like a new network driver - sth like "brat" as in bridge attach

Background: I have a (and only one) bridge interface on my system with multiple VLANs. For me it would be perfect to have a podman network that just adds the vnet interface to my existing bridge and configures the VLANs.

There are multiple solutions to this problem - any hint on how this should be solved?
Before I start a PR in the complete wrong direction.

@Luap99 Luap99 self-assigned this Jan 30, 2025
Luap99 added a commit to Luap99/common that referenced this issue Jan 30, 2025
@Luap99
libnetwork/netavark: allow same bridge name with different vlan
462c022 
When a vlan is used there should be no bridge name conflict check. It is
totally valid to have the same bridge with different vlans in two
configs and that is the intended use case.

Fixes containers#2095

Signed-off-by: Paul Holzinger <[email protected]>
Luap99 added a commit to Luap99/common that referenced this issue Jan 30, 2025
@Luap99
libnetwork/netavark: allow same bridge name with different vlan
4da12d7 
When a vlan is used there should be no bridge name conflict check. It is
totally valid to have the same bridge with different vlans in two
configs and that is the intended use case.

Fixes containers#2095

Signed-off-by: Paul Holzinger <[email protected]>
@Luap99 Luap99 mentioned this issue Jan 30, 2025
Merged
@ahinrichs
Copy link
Author

Thank you, I'm looking forward using it. With the upcoming release of podman/netavark I can retire all my custom bash cni plugins (except the nft one) . Great work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Luap99 Luap99

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

libnetwork/netavark: allow same bridge name with different vlan Luap99/common
3 participants
@ahinrichs @Luap99 @chriss-de