← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1716448] Re: Enable GVRP for vlan interfaces with linuxbridge agent option

 

Aside from the specific use case, I worry if enabling this option
globally may pose a security risk where two tenant networks get
accidentally cross-connected.

** Changed in: neutron
       Status: New => Won't Fix

** Changed in: neutron
       Status: Won't Fix => Confirmed

** Changed in: neutron
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1716448

Title:
  Enable GVRP for vlan interfaces with linuxbridge agent option

Status in neutron:
  Confirmed

Bug description:
  GARP VLAN registration protocol (GVRP) exchanges network VLAN
  information to allow switches to dynamically forward frames for one or
  more VLANs. By enabling gvrp on vlan interfaces created by linuxbridge
  agent operators will be able to dynamically create and destroy vlan
  based tenant networks.  No additional switch configuration or software
  defined networking is required and brings the features of linuxbridge
  more in line with openvswitch based clouds.  This should be enabled
  via an option in the linuxbridge agent config; however, there are no
  serious consequences for having it wrongly enabled.  The changes
  required in the agent are checking the option, if true append 'gvrp
  on' to the 'ip link add' command that creates the vlan interface. For
  example 'ip link add link bond0 name bond0.365 type vlan id 365 gvrp
  on' creates a sub interface for vlan 365 on interface bond0 with gvrp
  enabled.  Adding this capability greatly simplifies switch
  configuration and deployment of linuxbridge based clouds with minimal
  impact.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1716448/+subscriptions


References