From: "Michael S. Tsirkin" <mst@redhat.com>
To: Vlad Yasevich <vyasevic@redhat.com>
Cc: Stephen Hemminger <stephen@networkplumber.org>,
"Oleg A. Arkhangelsky" <sysoleg@yandex.ru>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"bridge@lists.linux-foundation.org"
<bridge@lists.linux-foundation.org>
Subject: Re: [PATCH net-next 0/4] Allow bridge to function in non-promisc mode
Date: Wed, 13 Mar 2013 22:08:07 +0200 [thread overview]
Message-ID: <20130313200807.GA9821@redhat.com> (raw)
In-Reply-To: <5140B1B3.2070205@redhat.com>
On Wed, Mar 13, 2013 at 01:04:51PM -0400, Vlad Yasevich wrote:
> On 03/13/2013 12:09 PM, Stephen Hemminger wrote:
> >On Wed, 13 Mar 2013 11:45:40 -0400
> >Vlad Yasevich <vyasevic@redhat.com> wrote:
> >
> >>On 03/13/2013 11:39 AM, Stephen Hemminger wrote:
> >>>On Wed, 13 Mar 2013 08:12:29 -0400
> >>>Vlad Yasevich <vyasevic@redhat.com> wrote:
> >>>
> >>>>On 03/13/2013 02:22 AM, "Oleg A. Arkhangelsky" wrote:
> >>>>>
> >>>>>
> >>>>>13.03.2013, 05:45, "Vlad Yasevich" <vyasevic@redhat.com>:
> >>>>>
> >>>>>>The series adds an ability for the bridge to function in non-promiscuous mode.
> >>>>>
> >>>>>What is the practical applications for such setup? In other words,
> >>>>>in which cases I would want to put bridge into non-promiscuous
> >>>>>mode and specify some uplink ports?
> >>>>>
> >>>>
> >>>>On of the applications would be when bridge is an edge device servicing
> >>>>a VM deployment. Each of the VMs knows the mac address that the guest
> >>>>has and may program that mac onto the uplinks.
> >>>
> >>>Why wouldn't that environment just use macvlan?
> >>>Is it because changing libvirt is harder than changing the kernel?
> >>>
> >>
> >>No, because macvlan has a drawback that it doesn't easily let guests
> >>talk to the host. Bridge is still most commonly used for just that reason.
> >>
> >>-vlad
> >
> >Maybe fixing that with a flag to macvlan would be easier?
> >
>
> Not really. macvlan to physical device could be made simple enough.
> However, physical to macvlan is non-trivial at all.
>
> We get around this right now by crating a macvlan on the host and
> have macvlan to macvlan communication essentially turning it into
> bridge. But that doesn't work in all scenarios either.
>
> -vlad
Yea macvlan bridged mode is a strange beast. It almost wants to be a
bridge, but does not dare, for example it punts on all the issues we
have fixed in the bridge like multicast snooping, and just floods
packets.
Another issue is that different VMs have different needs. You might want
to run VMs that simply use a single MAC, so no need for promisc mode,
then want to start another VM that does bridging so we need to enable
promisc mode dynamically. I guess we could switch from macvtap to
tap and back, but it's pretty nasty.
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2013-03-13 20:07 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-13 1:45 [PATCH net-next 0/4] Allow bridge to function in non-promisc mode Vlad Yasevich
2013-03-13 1:45 ` [PATCH net-next 1/4] bridge: Add sysfs interface to control promisc mode Vlad Yasevich
2013-03-13 15:38 ` Stephen Hemminger
2013-03-13 15:44 ` Vlad Yasevich
2013-03-13 1:45 ` [PATCH net-next 2/4] bridge: Allow an ability to designate an uplink port Vlad Yasevich
2013-03-13 20:33 ` Michael S. Tsirkin
2013-03-13 22:54 ` Stephen Hemminger
2013-03-13 23:43 ` Vlad Yasevich
2013-03-14 14:53 ` Dan Williams
2013-03-13 1:45 ` [PATCH net-next 3/4] bridge: Implement IFF_UNICAST_FLT Vlad Yasevich
2013-03-13 1:45 ` [PATCH net-next 4/4] bridge: sync device list when a new uplink is designated Vlad Yasevich
2013-03-13 6:22 ` [PATCH net-next 0/4] Allow bridge to function in non-promisc mode "Oleg A. Arkhangelsky"
2013-03-13 12:12 ` Vlad Yasevich
2013-03-13 15:39 ` Stephen Hemminger
2013-03-13 15:45 ` Vlad Yasevich
2013-03-13 16:09 ` Stephen Hemminger
2013-03-13 17:04 ` Vlad Yasevich
2013-03-13 18:56 ` [Bridge] " Joel Wirāmu Pauling
2013-03-13 20:08 ` Michael S. Tsirkin [this message]
2013-03-13 20:31 ` Michael S. Tsirkin
2013-03-14 15:10 ` Vlad Yasevich
2013-03-14 17:46 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130313200807.GA9821@redhat.com \
--to=mst@redhat.com \
--cc=bridge@lists.linux-foundation.org \
--cc=netdev@vger.kernel.org \
--cc=stephen@networkplumber.org \
--cc=sysoleg@yandex.ru \
--cc=vyasevic@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).