Skip to content

Commit 2945b67

Browse files
gobenjijulienfortin
authored andcommitted
bridge: Do not create untagged vlans on "external" vxlan ports
vxlan interfaces with the external flag get the vni for a frame based on its vlan tag. If a frame is marked as untagged, the vxlan interface drops the frame because there's no way to transmit a vxlan frame without a vni. ifupdown2 configures the bridge pvid as an untagged vlan on single vxlan interfaces. (Note that bridge-pvid is inherited from bridge to port and it has a default value of 1.) This leads to the traffic being dropped for traffic on that vlan. Avoid that problem by not configuring any vlans as untagged on single vxlan interfaces.
1 parent 74d286d commit 2945b67

2 files changed

Lines changed: 17 additions & 2 deletions

File tree

debian/changelog

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
ifupdown2 (3.2.1) unstable; urgency=medium
22

33
* New: performance improvement: replace glob.glob with os.listdir
4+
* New: bridge: Do not create untagged vlans on "external" vxlan ports
45
* New: Attribute: "disable-ipv6" to control ipv6 on an interface
56
* New: Policy: "default_loopback_scope" control loopback ip scope
67
* Fix: keep link down after mac change if 'link-down yes' is specified

ifupdown2/addons/bridge.py

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -897,7 +897,8 @@ def syntax_check(self, ifaceobj, ifaceobj_getfunc):
897897
c3 = self.syntax_check_learning_l2_vni_evpn(ifaceobj)
898898
c4 = self.syntax_check_bridge_arp_vni_vlan(ifaceobj, ifaceobj_getfunc)
899899
c5 = self.syntax_check_bridge_vni_svi_limit(ifaceobj, ifaceobj_getfunc)
900-
return retval and c1 and c2 and c3 and c4 and c5
900+
c6 = self.check_bridge_single_vxlan(ifaceobj)
901+
return retval and c1 and c2 and c3 and c4 and c5 and c6
901902

902903
def syntax_check_bridge_vni_svi_limit(self, ifaceobj, ifaceobj_getfunc):
903904
if self.bridge_vni_per_svi_limit > 0 and ifaceobj.link_kind & ifaceLinkKind.VXLAN:
@@ -1024,6 +1025,14 @@ def check_bridge_port_vid_attrs(self, ifaceobj):
10241025
return False
10251026
return True
10261027

1028+
def check_bridge_single_vxlan(self, ifaceobj):
1029+
if (ifaceobj.link_privflags &
1030+
(ifaceLinkPrivFlags.SINGLE_VXLAN | ifaceLinkPrivFlags.L3VXI) and
1031+
ifaceobj.get_attr_value_first('bridge-pvid')):
1032+
self.logger.warning("%s: bridge-pvid conflicts with single-vxlan device, bridge-pvid will be ignored" % ifaceobj.name)
1033+
return False
1034+
return True
1035+
10271036
def check_bridge_vlan_aware_port(self, ifaceobj, ifaceobj_getfunc):
10281037
if ifaceobj.link_privflags & ifaceLinkPrivFlags.BRIDGE_VLAN_AWARE:
10291038
ports = self._get_bridge_port_list(ifaceobj)
@@ -1904,7 +1913,12 @@ def _apply_bridge_vlan_aware_port_settings_all(self, bportifaceobj, ifaceobj_get
19041913
elif bridge_vids:
19051914
vids_final = bridge_vids
19061915

1907-
if allow_untagged == 'yes':
1916+
self.check_bridge_single_vxlan(bportifaceobj)
1917+
1918+
vxlan_in_collect_metadata_mode = (
1919+
bportifaceobj.link_privflags &
1920+
(ifaceLinkPrivFlags.SINGLE_VXLAN | ifaceLinkPrivFlags.L3VXI))
1921+
if allow_untagged == 'yes' and not vxlan_in_collect_metadata_mode:
19081922
if pvids:
19091923
pvid_final = pvids[0]
19101924
elif bridge_pvid:

0 commit comments

Comments
 (0)