On 08/23/2012 03:41 PM, Stephen Hemminger wrote:

On Thu, 23 Aug 2012 15:29:50 -0400
Vlad Yasevich [off-list ref] wrote:

quoted

This series of patches provides an ability to add VLAN IDs to the bridge
ports.  This is similar to what can be found in most switches.  The bridge
port may have any number of VLANs added to it including vlan 0 for untagged
traffic.  When vlans are added to the port, only traffic tagged with particular
vlan will forwarded over this port.  Additionally, vlan ids are added to FDB
entries and become part of the lookup.  This way we correctly identify the FDB
entry.

There are still pieces missing.  I don't yet support adding a static fdb entry
with a particular vlan.  There is no netlink support for carrying a vlan id.

I'd like to hear thoughts of whether this is usufull and something we should
persue.

The default behavior ofthe bridge is unchanged if no vlans have been
configured.

Initial reaction is that this is a useful. You can already do the same thing
with ebtables, and ebtables allows more flexibility. But ebtables does slow
things down, and is harder to configure.

Slowness of ebtables is exactly why I thought of doing this.  This code 
works pretty well when you have guests running on different vlans.  It 
makes sure that there is no traffic leakage.

I'll write up the netlink pieces and repost.

Thanks
-vlad