Re: [RFC PATCH v2 0/5] Add bridge VLAN support

[Leigh Brown <leigh@xxxxxxxxxxxxx>]

Hi Andrew,

On 2024-05-09 16:53, Andrew Cooper wrote:
> On 08/05/2024 10:38 pm, Leigh Brown wrote:
> > Hello all,
> >
> > I realised over the weekend that there is a valid use case for 
> > providing
> > a VIF to a domain that has access to multiple VLANs, e.g. a router. 
> > Yes,
> > you can create a VIF per VLAN, but if you start having several VLANs 
> > (as
> > I do), it would be nicer to create a single interface that has access 
> > to
> > all the relevant VLANs (e.g. enX0.10, enX0.20, etc.).
> >
> > So, version 2 changes the name and type of the parameter from an 
> > integer
> > called `vid' to a string called `vlan'. The vlan parameter is then
> > parsed by the vif-bridge script (actually, the functions called by it 
> > in
> > xen-network-common.sh).
> >
> > As it quite a common practice to allocate VLANs in round numbers, I 
> > also
> > implemented the ability to specify contiguous or non-contiguous 
> > ranges.
> > You can specify whether a VLAN is tagged or untagged, and which VLAN 
> > is
> > the PVID (only one PVID is allowed).  For example,
> >
> > vif = [ 'mac=xx:xx:xx:xx:xx:xx, bridge=br0, vlan=10p/20-29' ]
> >
> > will setup the VIF so that 10 is the PVID and VLAN IDs 20 through 29
> > are permitted with tags. Another example:
> >
> > vif = [ 'mac=xx:xx:xx:xx:xx:xx, bridge=br0, vlan=1p/10+10x9' ]
> >
> > will setup the bridge to set 1 as the PVID and permit access with
> > tags for VLAN IDs 10, 20, 30, 40, 50, 60, 70, 80 and 90.
> >
> > This patch set enables this capability as follows:
> >
> > 1. Adds `vlan' as a new member of the libxl_device_nic structure;
> > 2. Adds support to read and write the vlan parameter from the 
> > xenstore;
> > 3. Adds `vlan' as a new keyword for the vif configuration option;
> > 4. Adds support to assign the bridge VLANs in the Linux hotplug 
> > scripts;
> > 5. Updated xl-network-configuration(5) manpage and example configs.
> >
> > Original blurb below:
> >
> > For many years I have been configuring VLANs on my Linux Dom0 by
> > creating VLAN interfaces for each VLAN I wanted to connect a domain
> > to and then a corresponding bridge. So I would tend to have things
> > like:
> >
> > enp0s0    -> br0     -> vif1, vif2
> > enp0s0.10 -> br0vl10 -> vif3, vif4
> > enp0s0.20 -> br0vl20 -> vif5
> > dummy0    -> br1     -> vif6
> >
> > I recently discovered that iproute2 supports creating bridge VLANs 
> > that
> > allows you to assign a VLAN to each of the interfaces associated to a
> > bridge. This allows a greatly simplified configuration where a single
> > bridge can support all the domains, and the iproute2 bridge command 
> > can
> > assign each VIF to the required VLAN.  This looks like this:
> >
> > # bridge vlan
> > port              vlan-id
> > enp0s0            1 PVID Egress Untagged
> >                   10
> >                   20
> > br0               1 PVID Egress Untagged
> > vif1.0            1 PVID Egress Untagged
> > vif2.0            1 PVID Egress Untagged
> > vif3.0            10 PVID Egress Untagged
> > vif4.0            10 PVID Egress Untagged
> > vif5.0            20 PVID Egress Untagged
> > vif6.0            30 PVID Egress Untagged
> >
> > This patch set enables this capability as follows:
> >
> > 1. Adds `vid' as a new member of the libxl_device_nic structure;
> > 2. Adds support to read and write vid from the xenstore;
> > 3. Adds `vid' as a new keyword for the vif configuration option;
> > 4. Adds support for assign the bridge VLAN in the Linux hotplug 
> > scripts.
> > I don't believe NetBSD or FreeBSD support this capability, but if they
> > do please point me in the direction of some documentation and/or 
> > examples.
> > NB: I'm not very familiar with Xen code base so may have missed
> > something important, although I have tested it and it is working well
> > for me.
> >
> > Cheers,
> >
> > Leigh.
> >
> >
> > Leigh Brown (5):
> >   tools/libs/light: Add vlan field to libxl_device_nic
> >   tools/xl: add vlan keyword to vif option
> >   tools/hotplug/Linux: Add bridge VLAN support
> >   docs/man: document VIF vlan keyword
> >   tools/examples: Example Linux bridge VLAN config
> >
> >  docs/man/xl-network-configuration.5.pod.in    |  38 ++++++
> >  tools/examples/linux-bridge-vlan/README       |  68 +++++++++++
> >  tools/examples/linux-bridge-vlan/br0.netdev   |   7 ++
> >  tools/examples/linux-bridge-vlan/br0.network  |   8 ++
> >  .../examples/linux-bridge-vlan/enp0s0.network |  16 +++
> >  tools/hotplug/Linux/xen-network-common.sh     | 111 
> > ++++++++++++++++++
> >  tools/libs/light/libxl_nic.c                  |  10 ++
> >  tools/libs/light/libxl_types.idl              |   1 +
> >  tools/xl/xl_parse.c                           |   2 +
> >  9 files changed, 261 insertions(+)
> >  create mode 100644 tools/examples/linux-bridge-vlan/README
> >  create mode 100644 tools/examples/linux-bridge-vlan/br0.netdev
> >  create mode 100644 tools/examples/linux-bridge-vlan/br0.network
> >  create mode 100644 tools/examples/linux-bridge-vlan/enp0s0.network
> This is past the last-post date, so Oleksii will need to decide whether
> he's happy to make an exception for it.
From my own perspective, I know this is an enhancement and am more than
happy to maintain it locally for the time being, so no problem if it has
to wait.  Still happy for any feedback though :-)

> Anthony is OoO for a month now, so if this is to get in for 4.19, then
> it will need reviewing by others.  I've CC'd a few plausible 
> candidates...
> ~Andrew
Regards,

Leigh,