OSA interface traffic forwarding

Edit online

Before reviewing the various bridge choices, lets first discuss two OSA interface configuration modes that can affect how you choose to incorporate bridges in your network configurations.

OSA MAC address registration

By default, the OSA card only forwards network traffic destined to devices that the OSA device knows about. The OSA only knows about devices that are registered with the OSA device. For each registered device, the OSA cards maintains a MAC address entry in the Forwarding Database (see man bridge) on the KVM host. To list the Forwarding Database entries for the KVM host, use the following command:
[root@kvmhost] # bridge fdb show
01:00:5e:00:00:01 dev 10gb2 self permanent
33:33:00:00:00:01 dev 10gb2 self permanent
33:33:ff:c4:11:fd dev 10gb2 self permanent
01:00:5e:00:00:01 dev 10gb1 self permanent
33:33:00:00:00:01 dev 10gb1 self permanent
33:33:ff:c4:11:fe dev 10gb1 self permanent
33:33:00:00:00:01 dev 1gb self permanent
01:00:5e:00:00:01 dev 1gb self permanent
33:33:ff:6b:00:39 dev 1gb self permanent
To view the Forwarding Database entries associated to a specific OSA device, use the command:
[root@kvmhost] # bridge fdb show dev <interface-name>
For example:
[root@kvmhost] # bridge fdb show 10gb1
01:00:5e:00:00:01 dev 10gb1 self permanent
33:33:00:00:00:01 dev 10gb1 self permanent
33:33:ff:c4:11:fe dev 10gb1 self permanent

Each bridge fdb entry contains two relevant pieces of information. The first is the registered MAC address of a device in the KVM host, and the second is to which KVM host interface that the MAC address is registered.

Before you can register a new device, you must know its MAC address. To list the available devices and their MAC addresses, use the ifconfig or ip link show command.

To register a new device on the OSA card, use this command:
[root@kvmhost] # bridge fdb add <new-device-mac-address> dev <interface-name>

Once the MAC address of the target device is known to the OSA interface, the OSA will forward any traffic it receives which is destined for the target device. Additionally, any other devices that are attached to the target device need to be known to the OSA device as well. This includes network interfaces of all KVM guests. Depending on the KVM releases, the libvirt daemon (libvirtd) might manage the MAC registration (adds and deletes) for KVM guests using MacVTap devices as they are started and stopped. However, if you decide to configure additional devices between the KVM guests and the OSA interfaces, manual registration on the OSA is required.

MAC address registration on OSA interfaces does not persist across reboots of the KVM host. It will be necessary to perform manual MAC registration each time the KVM host restarts. A better choice might be to create a script that is configured to run at system startup time.

OSA Bridgeport mode

As more complex network configurations are used, the requirement of MAC registration become more complex. For this reason, the firmware of newer OSA cards supports a new configuration option called Bridgeport. Bridgeport is an OSA specific feature that activates promiscuous mode on the OSA adapters. Bridgeport mode, when enabled, disables packet address inspection and filtering and causes the OSA interface to forward traffic with unknown destinations to all attached devices (e.g. traffic destined to other software bridges, switches or interfaces running in the KVM host).

Bridgeport essentially disables the requirement for OSA MAC address registration that was previously described.

To view the configuration of an OSA interface, use this command:
[root@kvmhost] # lsqeth <interface-name>
For example:

[root@kvmhost] # lsqeth 10gb1
Device name : private1
-------------------------------------------------------------------------
card_type : OSD_10GIG
cdev0 : 0.0.e000
cdev1 : 0.0.e001
cdev2 : 0.0.e002
chpid : 84
online : 1
portname : no portname required
portno : 0
state : UP (LAN ONLINE)
priority_queueing : always queue 2
buffer_count : 128
layer2 : 1
isolation : none
bridge_role : none
bridge_state : inactive
bridge_hostnotify : 0
bridge_reflect_promisc : none
switch_attrs : unknown

The value of the field bridge_reflect_promisc reports the state of Bridgeport mode.

Note: If the field bridge_reflect_promisc is not present, then Bridgeport mode may not be supported by either the:
  • OSA adapter in the system.
  • version of KVM being used.
To enable Bridgeport mode, do the following:
  • Enable the OSA bridge_reflect_promisc on the OSA:
    [root@kvmhost] # echo “primary” > /sys/class/net/<interface-name>/device/bridge_reflect_promisc
  • enable promiscuous mode in the Linux® Kernel-based:
    [root@kvmhost] # ip link set dev <interface-name> promisc on
With Bridgeport active, device MAC address registration is no longer required.
Note: If an OSA adapter is shared across multiple LPARs on the same system, only a single LPAR can be configured for Bridgeport mode at any point in time. Separate LPARs being configured for promiscuous mode concurrently require separate OSA adapters.