Netplan

support vlan-aware bridges (vlan-filtering)

Bug #1793128 reported by Dmitrii Shcherbakov
90
This bug affects 17 people
Affects Status Importance Assigned to Milestone
Netplan
Triaged
Wishlist
Unassigned

Bug Description

It would be useful for netplan to support vlan-aware bridge configuration. In this configuration a single bridge can forward tagged frames without the need to create per-vlan bridges and interfaces plugged into it.

An example on why this is needed:

4000 VLANs 1-4000 on 32 ports

1) no vlan filtering

total_interfaces = total_physical_ports + total_physical_ports * num_vlans + total_vlan_bridges = 32 + 32 * 4000 + 4000 = 132032 interfaces

2) vlan filtering:

total_interfaces = total_physical_ports + bridge_device + total_bridge_vlan_interfaces = 32 + 1 + 4000 = 4033 interfaces

NOTE: total_bridge_vlan_interfaces is only needed for "switch virtual interfaces" (SVIs) which allow the host/switch itself to communicate on those VLANs.

ifupdown did not support this while ifupdown2 written by cumulus does:
http://manpages.ubuntu.com/manpages/bionic/man5/ifupdown-addons-interfaces.5.html
bridge-vlan-aware

networkd supports this:
https://www.freedesktop.org/software/systemd/man/systemd.netdev.html#VLANFiltering=
VLANFiltering=
A boolean. This setting controls the IFLA_BR_VLAN_FILTERING option in the kernel. If enabled, the bridge will be started in VLAN-filtering mode. When unset, the kernel's default setting applies.

Examples with systemd-networkd:

https://github.com/Mellanox/mlxsw/wiki/Persistent-Configuration#network-configuration
https://github.com/systemd/systemd/issues/8087#issuecomment-378714138

Revision history for this message
Florian Obradovic (florian-obradovic) wrote :

I need this as well to connect lxd containers to a vlan:

sudo lxc profile device set netprofile-vlan2 eth0 vlan 2

lxc start new-vlan-container
Error: Common start logic: Failed to start device "eth0": VLAN filtering is not enabled in parent bridge "br0"
Try `lxc info --show-log new-vlan-container` for more info

sudo ip link set br0 type bridge vlan_filtering 1

Revision history for this message
Jeremy Lowery (jslowery) wrote :

This is a much cleaner solution than having to make a different bridge for every VLAN.

Revision history for this message
Simon Déziel (sdeziel) wrote :

We'd like to see this implemented and we've heard about potential customers that would benefit from it too.

Lukas Märdian (slyon)
tags: added: fr-2489
Changed in netplan:
status: New → Triaged
importance: Undecided → Wishlist
Revision history for this message
Brian Candler (b-candler) wrote :

Workaround here:
https://discuss.linuxcontainers.org/t/incus-networking-for-network-engineers/18405/2

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.