OSA interface traffic forwarding
Before reviewing the various bridge choices, lets first discuss two OSA interface configuration modes that can affect how you choose to incorporate bridges in your network configurations.
OSA MAC address registration
only knows aboutdevices that are registered with the OSA device. For each registered device, the OSA cards maintains a MAC address entry in the
Forwarding Database(see man bridge) on the KVM host. To list the Forwarding Database entries for the KVM host, use the following command:
[root@kvmhost] # bridge fdb show
01:00:5e:00:00:01 dev 10gb2 self permanent
33:33:00:00:00:01 dev 10gb2 self permanent
33:33:ff:c4:11:fd dev 10gb2 self permanent
01:00:5e:00:00:01 dev 10gb1 self permanent
33:33:00:00:00:01 dev 10gb1 self permanent
33:33:ff:c4:11:fe dev 10gb1 self permanent
33:33:00:00:00:01 dev 1gb self permanent
01:00:5e:00:00:01 dev 1gb self permanent
33:33:ff:6b:00:39 dev 1gb self permanent
[root@kvmhost] # bridge fdb show dev <interface-name>
For
example:[root@kvmhost] # bridge fdb show 10gb1
01:00:5e:00:00:01 dev 10gb1 self permanent
33:33:00:00:00:01 dev 10gb1 self permanent
33:33:ff:c4:11:fe dev 10gb1 self permanent
Each bridge fdb entry contains two relevant pieces of information. The first is the registered MAC address of a device in the KVM host, and the second is to which KVM host interface that the MAC address is registered.
Before you can register a new device, you must know its MAC address. To list the available devices and their MAC addresses, use the ifconfig or ip link show command.
[root@kvmhost] # bridge fdb add <new-device-mac-address> dev <interface-name>
Once the MAC address of the target device is known to the OSA interface, the OSA will forward any
traffic it receives which is destined for the target device. Additionally, any other devices that
are attached to the target device need to be known to the OSA device as well. This includes network
interfaces of all KVM guests. Depending on
the KVM releases, the libvirt daemon (libvirtd
) might manage the MAC registration
(adds and deletes) for KVM guests using
MacVTap devices as they are started and stopped. However, if you decide to configure additional
devices between the KVM guests and the OSA
interfaces, manual registration on the OSA is required.
MAC address registration on OSA interfaces does not persist across reboots of the KVM host. It will be necessary to perform manual MAC registration each time the KVM host restarts. A better choice might be to create a script that is configured to run at system startup time.
OSA Bridgeport mode
As more complex network configurations are used, the requirement of MAC registration become more complex. For this reason, the firmware of newer OSA cards supports a new configuration option called Bridgeport. Bridgeport is an OSA specific feature that activates promiscuous mode on the OSA adapters. Bridgeport mode, when enabled, disables packet address inspection and filtering and causes the OSA interface to forward traffic with unknown destinations to all attached devices (e.g. traffic destined to other software bridges, switches or interfaces running in the KVM host).
Bridgeport essentially disables the requirement for OSA MAC address registration that was previously described.
[root@kvmhost] # lsqeth <interface-name>
For
example:
[root@kvmhost] # lsqeth 10gb1
Device name : private1
-------------------------------------------------------------------------
card_type : OSD_10GIG
cdev0 : 0.0.e000
cdev1 : 0.0.e001
cdev2 : 0.0.e002
chpid : 84
online : 1
portname : no portname required
portno : 0
state : UP (LAN ONLINE)
priority_queueing : always queue 2
buffer_count : 128
layer2 : 1
isolation : none
bridge_role : none
bridge_state : inactive
bridge_hostnotify : 0
bridge_reflect_promisc : none
switch_attrs : unknown
The value of the field bridge_reflect_promisc
reports the state of Bridgeport
mode.
bridge_reflect_promisc
is not present, then Bridgeport mode may
not be supported by either the:- OSA adapter in the system.
- version of KVM being used.
- Enable the OSA
bridge_reflect_promisc
on the OSA:[root@kvmhost] # echo “primary” > /sys/class/net/<interface-name>/device/bridge_reflect_promisc
- enable promiscuous mode in the Linux® Kernel-based:
[root@kvmhost] # ip link set dev <interface-name> promisc on