Skip to content

vm to vm (v2v) links

Ryan Goodfellow requested to merge v2v into master

When users model a link in raven, raven turns that link into a libvirt network specification and asks libvirt to create it. Libvirt does this by creating tap devices for each of the VMs on the link and connecting them together through a bridge. However, links in raven are really just point to point (with the exception of the test network). And for point to point links, going over a linux bridge under the hood can cause issues.

The first issue we've come across is for link level native protocols such as LLDP and LACP. We've come up with workarounds in the past that allows these protocols to work (some involving a requirement for a custom host kernel.).

However, now we've run across a new situation in which the underlying connecting bridge is causing issues. When we have vlan tagged traffic transiting a bridge that is not vlan aware, and there is request/reply traffic transiting a 'bridged' p2p link - the bridge sees all the traffic independent of the vlan tagging and thus get's very confused about what MACs belong where. The simple answer is why not turn on vlan filtering, but this leads to a very bad place where the requirements of the host underlay plumbing depend on the guest overlay e.g., if i create vlans in my raven topology, the underlying bridge (if vlan aware) must detect and support these vlans. And while there probably could be kernel support for the vlan aware bridge to do such a thing this commit takes a simpler approach, skips the bridge all together.

When a user specifies v2v = true on a link, raven will setup an eBPF program that bypasses the interconnecting bridge on a p2p link using bpf_redirect and simply forward the ethernet frames between the peer tap interfaces. This avoids any bridge logic all together, which is precisely what we want for p2p links.

Note that one nifty thing linux bridges appear to do, is correct checksums. So if the guest operating system is setup for tx checksum offloading, but the virtual driver does not do this correctly (i'm looking at you virtio) then the packets will have a bad checksum and get dropped on the floor. So if your'e using v2v, make sure you have checksum offloading disabled, or are using a virtual NIC that calculates the checksum correctly.

Merge request reports