VLAN aware Linux bridges


Looking for an explanation of what the 'VLAN aware' flag in Linux bridge configuration does and how it compares to a 'VLAN unaware' bridge. From what I can discern, theres some change in configuration and how STP works but I'm looking for specifics and/or examples.

7 replies

Sean Cavanaugh did a bang up article on this: https://support.cumulusnetworks.com/hc/en-us/articles/204909397-Comparing-Traditional-Bridge-Mode-to-VLAN-aware-Bridge-Mode
Userlevel 4
There is actually more I want to document.... working on another KB right now. (hence why I asked to open a community post so it would force me to go and follow up ! 🙂 The Linux bridge in traditional mode is actually capable of more than 9600 interfaces. So you are probably thinking, what is the point of the vlan-aware mode except for syntax? And why does syntax matter if we can automate around it with Ansible, mako or puppet?

The math equation is like this->
(Physical ports * VLANS) + VLANS + VXLANs= Total Number of Configured Ports

So if I had 1 port, 1 VLAN and 1 VXLAN the math and config look like this->
(1*1) + 1 + 1 = 3 Configured Ports

#VLAN 10 (just 1 random VLAN I chose)
auto swp1.10
iface swp1.10
auto VXLAN10
iface VXLAN10
vxlan-id 30 vxlan-local-tunnelip 10.2.1.1
auto bridge_10
iface bridge_10
bridge_ports swp1.10 VXLAN10

The math would be like this for 30 ports with 30 VLANS->
(30*30) + 30 + 30 = 960, so this is possible (even if adding back eth0, lo) = 962

But if you increase this to 1000 VLANs per 52ports (52 is more than normal for our HCL) and lets say 1000 VXLANs. The math is now->

(52*1000) + 1000 + 1000= 54,000 (which is way more than 9600).

The Linux bridge in VLAN aware mode uses a single bridge with VLANs configured into the bridge meaning this only counts towards 1 configured interface (toward that 9600 maximum). So now you can configure thousands of VLANs and only use 1/9600. This is much more scalable if you are using 200+ VLANs. This is also easy to configure with our ifupdown2.

The other question talked about

Is some of this specific to Cumulus? Or are these differences relevant to Linux in general?

Great question. This is 'not' unique to Cumulus Linux. I said that in my response on twitter but I did not go into details. Linux often refers to a bridge that is capable of seeing VLANs as 'vlan-filtering' rather than VLAN-aware. The Linux bridge command can see this (http://man7.org/linux/man-pages/man8/bridge.8.html) We actually use the bridge command on Linux to look at VLANs and troubleshoot (although you can use our upstreamed netshow as well).

However I am not aware of an easy way to configure vlan-filtering bridges in user-space on vanilla linux without our ifupdown2, and even the naming was confusing (filtering to me means ACLs/iptables filtering by VLAN). So since we were improving our ifupdown2 for our customers, we made this easy to configure in user-space. Even better is that we have ifupdown2 upstreamed to Debian and Ubuntu. So any changes, enhancements and bugs have been upstreamed and its up to the community to use them but our customers are really happy and I encourage others to try out ifupdown2.

I have ifupdown2 working on my Trusty Ubuntu and I need to document this as another KB as well. I love ifupdown2 if you can't tell.... 🙂
Thanks Sean - this helps a lot! That's an interesting math equation 🙂

To clarify you're example...

The math would be like this for 30 ports with 30 VLANS-> (30*30) + 30 + 30 = 960, so this is possible (even if adding back eth0, lo) = 962

So are you saying that you have 30 VLANs defined, across 30 ports? Or 30 VLANs per port? In either case, this doesnt appear to use VXLAN, so would it really be (30 * 30) + 30 + 0 = 930?

Thanks for all the clarification around this. I'll need to look at ifupdown2, Is there a guide out there on how to install it and use it? I'll start poking around too.

Thanks!

Userlevel 4
Jon Langemak wrote:

Thanks Sean - this helps a lot! That's an interesting math equation 🙂

To clarify you're exampl...

There is a guide that is coming on "Installing ifupdown2 on an Ubuntu host" it is in the final throws of review but I can't provide an immediate date for release. I can say that IFUPDOWN2 is in Ubuntu Xenial (16.04) though 🙂. I have been daily-driving with ifupdown2 on my ubuntu 12.04 laptop without any issues for a bit now.
Jon Langemak wrote:

Thanks Sean - this helps a lot! That's an interesting math equation 🙂

To clarify you're exampl...

Ah ok - I shall anxiously wait for the guide!
Userlevel 3
Jon Langemak wrote:

Thanks Sean - this helps a lot! That's an interesting math equation 🙂

To clarify you're exampl...

Hi Jon, I just published the guide on installing ifupdown2 on Ubuntu. You can find it here: https://support.cumulusnetworks.com/hc/en-us/articles/216130037

It needs one more piece about installing netshow https://support.cumulusnetworks.com/hc/en-us/articles/204075083-Installing-and-Using-the-cl-show-net... (use the steps for Cumulus Linux 2.5.0 - 2.5.4); pretty sure you need to put the Cumulus repo into sources.list on Ubuntu, but I'm waiting to hear about that).
Userlevel 4
Jon Langemak wrote:

Thanks Sean - this helps a lot! That's an interesting math equation 🙂

To clarify you're exampl...

Stanley (original creator of netshow) has done an excellent job of packaging the tool with PIP so rather than installing the cumulus repos we can just use PIP now... I updated the article for netshow install.

Reply