Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VLAN support in bridge network driver #1028

Open
ahinrichs opened this issue Jul 22, 2024 · 4 comments
Open

VLAN support in bridge network driver #1028

ahinrichs opened this issue Jul 22, 2024 · 4 comments

Comments

@ahinrichs
Copy link

ahinrichs commented Jul 22, 2024

Feature request description

With podman + netavark it is currently not possible to create veth links with VLAN tags.

I use the linux bridge in VLAN-aware mode to interconnect different container/VMs (podman, libvirt, lxc, systemd-nspawn). To connect podman container to a specific VLAN I use the CNI bridge plugin in L2-only vlan configuration.

Screenshot 2024-07-22 at 12-06-23 CNI

Suggest potential solution

It would need two changes:

  1. Support multiple networks with the same network_interface but different vlan option
  2. Set the vlan on the veth link:
    sudo bridge vlan add vid 20 pvid untagged dev veth1

1. network creation

Currently, the podman network create already allows to set a vlan option:

$ podman network create -o 'com.docker.network.bridge.name=brint' \
        -o vlan=20 --ipam-driver 'none' vlan20

gives /etc/containers/networks/vlan20.json

{
  "name": "vlan20",
  "driver": "bridge",
  "network_interface": "brint",
  "options": {
    "vlan": "20"   <--- 
  },
  "ipam_options": {
    "driver": "none"
  }
}

But it fails to create another network on the same bridge:

$ sudo podman network create -o 'com.docker.network.bridge.name=brint' \
        -o vlan=30 --ipam-driver 'none' vlan30
Error: bridge name brint already in use

2. container startup / link creation

When using a network, the vlan option currently is ignored:

$ sudo podman run --rm -dit --net vlan20 alpine sh
f10492164ec16b69a2216bdcfe9e78812ab5a90865937ca95ec6a6f32064cdaa
$ bridge vlan
port              vlan-id
[...]
veth1             1 PVID Egress Untagged

With CNI (or libvirt, lxc, ...) it works as expected:

$ bridge vlan
port              vlan-id
veth1             1 Egress Untagged
                  20 PVID Egress Untagged

Have you considered any alternatives?

I used to use CNI and custom shell based plugins. As CNI is considered deprecated I try to recreate my setup. Netavark and its support for multiple static interfaces is great but the lack of VLAN support in podman currently a stopper for me. So I need to stick with CNI for now.

Additional context

From the podman network create manpage:

--opt, -o=option

Set driver specific options.

Additionally the bridge driver supports the following options:

  • vlan: This option assign VLAN tag and enables vlan_filtering. Defaults to none.
  • com.docker.network.bridge.name: This option assigns the given name to the created Linux Bridge
@Luap99
Copy link
Member

Luap99 commented Jul 22, 2024

This has to be implemented netavark so I move the issue there.

@Luap99 Luap99 transferred this issue from containers/podman Jul 22, 2024
@ahinrichs
Copy link
Author

For 1. the code is in a different repo common, func createBridge, line 16

@Luap99
Copy link
Member

Luap99 commented Jul 23, 2024

yes but until it is implemented in netavark (PRs welcome) there is no point in allowing that in c/common/libnetwork

@chriss-de
Copy link

I have the same problem.
For me this looks like a new network driver - sth like "brat" as in bridge attach

I have a (and only one) bridge interface on my system with multiple VLANs. For me it would be perfect to have a podman network that just adds the vnet interface to my existing bridge and configure the VLANs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants