yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #68309
[Bug 1716448] Re: Enable GVRP for vlan interfaces with linuxbridge agent option
Aside from the specific use case, I worry if enabling this option
globally may pose a security risk where two tenant networks get
accidentally cross-connected.
** Changed in: neutron
Status: New => Won't Fix
** Changed in: neutron
Status: Won't Fix => Confirmed
** Changed in: neutron
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1716448
Title:
Enable GVRP for vlan interfaces with linuxbridge agent option
Status in neutron:
Confirmed
Bug description:
GARP VLAN registration protocol (GVRP) exchanges network VLAN
information to allow switches to dynamically forward frames for one or
more VLANs. By enabling gvrp on vlan interfaces created by linuxbridge
agent operators will be able to dynamically create and destroy vlan
based tenant networks. No additional switch configuration or software
defined networking is required and brings the features of linuxbridge
more in line with openvswitch based clouds. This should be enabled
via an option in the linuxbridge agent config; however, there are no
serious consequences for having it wrongly enabled. The changes
required in the agent are checking the option, if true append 'gvrp
on' to the 'ip link add' command that creates the vlan interface. For
example 'ip link add link bond0 name bond0.365 type vlan id 365 gvrp
on' creates a sub interface for vlan 365 on interface bond0 with gvrp
enabled. Adding this capability greatly simplifies switch
configuration and deployment of linuxbridge based clouds with minimal
impact.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1716448/+subscriptions
References