<pre>
...
- <bridge name="virbr0" stp="on" delay="5"/>
+ <bridge name="virbr0" stp="on" delay="5" macTableManager="libvirt"/>
<domain name="example.com"/>
<forward mode="nat" dev="eth0"/>
...</pre>
defines the name of a bridge device which will be used to construct
the virtual network. The virtual machines will be connected to this
bridge device allowing them to talk to each other. The bridge device
- may also be connected to the LAN. It is recommended that bridge
- device names started with the prefix <code>vir</code>, but the name
- <code>virbr0</code> is reserved for the "default" virtual
- network. This element should always be provided when defining
+ may also be connected to the LAN. When defining
a new network with a <code><forward></code> mode of
+
"nat" or "route" (or an isolated network with
- no <code><forward></code> element).
+ no <code><forward></code> element), libvirt will
+ automatically generate a unique name for the bridge device if
+ none is given, and this name will be permanently stored in the
+ network configuration so that that the same name will be used
+ every time the network is started. For these types of networks
+ (nat, routed, and isolated), a bridge name beginning with the
+ prefix "virbr" is recommended (and that is what is
+ auto-generated), but not enforced.
Attribute <code>stp</code> specifies if Spanning Tree Protocol
is 'on' or 'off' (default is
'on'). Attribute <code>delay</code> sets the bridge's forward
delay value in seconds (default is 0).
<span class="since">Since 0.3.0</span>
+
+ <p>
+ The <code>macTableManager</code> attribute of the bridge
+ element is used to tell libvirt how the bridge's MAC address
+ table (used to determine the correct egress port for packets
+ based on destination MAC address) will be managed. In the
+ default <code>kernel</code> setting, the kernel
+ automatically adds and removes entries, typically using
+ learning, flooding, and promiscuous mode on the bridge's
+ ports in order to determine the proper egress port for
+ packets. When <code>macTableManager</code> is set
+ to <code>libvirt</code>, libvirt disables kernel management
+ of the MAC table (in the case of the Linux host bridge, this
+ means enabling vlan_filtering on the bridge, and disabling
+ learning and unicast_filter for all bridge ports), and
+ explicitly adds/removes entries to the table according to
+ the MAC addresses in the domain interface configurations.
+ Allowing libvirt to manage the MAC table can improve
+ performance - with a Linux host bridge, for example, turning
+ off learning and unicast_flood on ports has its own
+ performance advantage, and can also lead to an additional
+ boost by permitting the kernel to automatically turn off
+ promiscuous mode on some ports of the bridge (in particular,
+ the port attaching the bridge to the physical
+ network). However, it can also cause some networking setups
+ to stop working (e.g. vlan tagging, multicast,
+ guest-initiated changes to MAC address) and is not supported
+ by older kernels.
+ <span class="since">Since 1.2.11, requires kernel 3.17 or
+ newer</span>
+ </p>
+
+
</dd>
<dt><code>domain</code></dt>
<dd>
</attribute>
</optional>
+ <optional>
+ <attribute name="macTableManager">
+ <choice>
+ <value>kernel</value>
+ <value>libvirt</value>
+ </choice>
+ </attribute>
+ </optional>
+
</element>
</optional>
VIR_NETWORK_FORWARD_LAST,
"none", "nat", "route", "bridge", "private", "vepa", "passthrough", "hostdev")
+VIR_ENUM_IMPL(virNetworkBridgeMACTableManager,
+ VIR_NETWORK_BRIDGE_MAC_TABLE_MANAGER_LAST,
+ "default", "kernel", "libvirt")
+
VIR_ENUM_DECL(virNetworkForwardHostdevDevice)
VIR_ENUM_IMPL(virNetworkForwardHostdevDevice,
VIR_NETWORK_FORWARD_HOSTDEV_DEVICE_LAST,
}
VIR_FREE(tmp);
+ tmp = virXPathString("string(./bridge[1]/@macTableManager)", ctxt);
+ if (tmp) {
+ if ((def->macTableManager
+ = virNetworkBridgeMACTableManagerTypeFromString(tmp)) <= 0) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("Invalid macTableManager setting '%s' "
+ "in network '%s'"), tmp, def->name);
+ goto error;
+ }
+ VIR_FREE(tmp);
+ }
+
tmp = virXPathString("string(./mac[1]/@address)", ctxt);
if (tmp) {
if (virMacAddrParse(tmp, &def->mac) < 0) {
def->name);
goto error;
}
+ if (def->macTableManager) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("bridge macTableManager setting not allowed "
+ "in %s mode (network '%s')"),
+ virNetworkForwardTypeToString(def->forward.type),
+ def->name);
+ goto error;
+ }
/* fall through to next case */
case VIR_NETWORK_FORWARD_BRIDGE:
if (def->delay || stp) {
virBufferAddLit(buf, "</forward>\n");
}
+
if (def->forward.type == VIR_NETWORK_FORWARD_NONE ||
- def->forward.type == VIR_NETWORK_FORWARD_NAT ||
- def->forward.type == VIR_NETWORK_FORWARD_ROUTE) {
+ def->forward.type == VIR_NETWORK_FORWARD_NAT ||
+ def->forward.type == VIR_NETWORK_FORWARD_ROUTE ||
+ def->bridge || def->macTableManager) {
virBufferAddLit(buf, "<bridge");
- if (def->bridge)
- virBufferEscapeString(buf, " name='%s'", def->bridge);
- virBufferAsprintf(buf, " stp='%s' delay='%ld'/>\n",
- def->stp ? "on" : "off",
- def->delay);
- } else if (def->forward.type == VIR_NETWORK_FORWARD_BRIDGE &&
- def->bridge) {
- virBufferEscapeString(buf, "<bridge name='%s'/>\n", def->bridge);
+ virBufferEscapeString(buf, " name='%s'", def->bridge);
+ if (def->forward.type == VIR_NETWORK_FORWARD_NONE ||
+ def->forward.type == VIR_NETWORK_FORWARD_NAT ||
+ def->forward.type == VIR_NETWORK_FORWARD_ROUTE) {
+ virBufferAsprintf(buf, " stp='%s' delay='%ld'",
+ def->stp ? "on" : "off", def->delay);
+ }
+ if (def->macTableManager) {
+ virBufferAsprintf(buf, " macTableManager='%s'",
+ virNetworkBridgeMACTableManagerTypeToString(def->macTableManager));
+ }
+ virBufferAddLit(buf, "/>\n");
}
-
if (def->mac_specified) {
char macaddr[VIR_MAC_STRING_BUFLEN];
virMacAddrFormat(&def->mac, macaddr);
VIR_NETWORK_FORWARD_LAST,
} virNetworkForwardType;
+typedef enum {
+ VIR_NETWORK_BRIDGE_MAC_TABLE_MANAGER_DEFAULT = 0,
+ VIR_NETWORK_BRIDGE_MAC_TABLE_MANAGER_KERNEL,
+ VIR_NETWORK_BRIDGE_MAC_TABLE_MANAGER_LIBVIRT,
+
+ VIR_NETWORK_BRIDGE_MAC_TABLE_MANAGER_LAST,
+} virNetworkBridgeMACTableManagerType;
+
+VIR_ENUM_DECL(virNetworkBridgeMACTableManager)
+
typedef enum {
VIR_NETWORK_FORWARD_HOSTDEV_DEVICE_NONE = 0,
VIR_NETWORK_FORWARD_HOSTDEV_DEVICE_PCI,
int connections; /* # of guest interfaces connected to this network */
char *bridge; /* Name of bridge device */
+ int macTableManager; /* enum virNetworkBridgeMACTableManager */
char *domain;
unsigned long delay; /* Bridge forward delay (ms) */
bool stp; /* Spanning tree protocol */
# conf/network_conf.h
virNetworkAssignDef;
+virNetworkBridgeMACTableManagerTypeFromString;
+virNetworkBridgeMACTableManagerTypeToString;
virNetworkConfigChangeSetup;
virNetworkConfigFile;
virNetworkDefCopy;
--- /dev/null
+<network>
+ <name>host-bridge-net</name>
+ <uuid>81ff0d90-c91e-6742-64da-4a736edb9a8e</uuid>
+ <forward mode="bridge"/>
+ <bridge name="br0" macTableManager="libvirt"/>
+</network>
--- /dev/null
+<network>
+ <name>default</name>
+ <uuid>81ff0d90-c91e-6742-64da-4a736edb9a9b</uuid>
+ <bridge name="virbr0" macTableManager="kernel"/>
+ <forward mode="nat" dev="eth1"/>
+ <ip address="192.168.122.1" netmask="255.255.255.0">
+ <dhcp>
+ <range start="192.168.122.2" end="192.168.122.254"/>
+ <host mac="00:16:3e:77:e2:ed" name="a.example.com" ip="192.168.122.10"/>
+ <host mac="00:16:3e:3e:a9:1a" name="b.example.com" ip="192.168.122.11"/>
+ </dhcp>
+ </ip>
+ <ip family="ipv4" address="192.168.123.1" netmask="255.255.255.0">
+ </ip>
+ <ip family="ipv6" address="2001:db8:ac10:fe01::1" prefix="64">
+ </ip>
+ <ip family="ipv6" address="2001:db8:ac10:fd01::1" prefix="64">
+ </ip>
+ <ip family="ipv4" address="10.24.10.1">
+ </ip>
+</network>
--- /dev/null
+<network>
+ <name>host-bridge-net</name>
+ <uuid>81ff0d90-c91e-6742-64da-4a736edb9a8e</uuid>
+ <forward mode='bridge'/>
+ <bridge name='br0' macTableManager='libvirt'/>
+</network>
--- /dev/null
+<network>
+ <name>default</name>
+ <uuid>81ff0d90-c91e-6742-64da-4a736edb9a9b</uuid>
+ <forward dev='eth1' mode='nat'>
+ <interface dev='eth1'/>
+ </forward>
+ <bridge name='virbr0' stp='on' delay='0' macTableManager='kernel'/>
+ <ip address='192.168.122.1' netmask='255.255.255.0'>
+ <dhcp>
+ <range start='192.168.122.2' end='192.168.122.254'/>
+ <host mac='00:16:3e:77:e2:ed' name='a.example.com' ip='192.168.122.10'/>
+ <host mac='00:16:3e:3e:a9:1a' name='b.example.com' ip='192.168.122.11'/>
+ </dhcp>
+ </ip>
+ <ip family='ipv4' address='192.168.123.1' netmask='255.255.255.0'>
+ </ip>
+ <ip family='ipv6' address='2001:db8:ac10:fe01::1' prefix='64'>
+ </ip>
+ <ip family='ipv6' address='2001:db8:ac10:fd01::1' prefix='64'>
+ </ip>
+ <ip family='ipv4' address='10.24.10.1'>
+ </ip>
+</network>
DO_TEST("hostdev");
DO_TEST_FULL("hostdev-pf", VIR_NETWORK_XML_INACTIVE);
DO_TEST("passthrough-address-crash");
+ DO_TEST("nat-network-explicit-flood");
+ DO_TEST("host-bridge-no-flood");
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
projects / libvirt.git / commitdiff