VLAN support for bridge networks (multiple networks on the same bridge with different VLAN tags)

[ahinrichs]

We use the linux bridge in VLAN-aware mode to interconnect different container/VMs (podman, libvirt, lxc, systemd-nspawn). To connect podman containers to a specific VLAN I use the CNI bridge plugin in L2-only vlan configuration.

We try to do the same w/o CNI. There are two things missing currently:

1. Support multiple networks with the same network_interface but different vlan setting
2. Set the vlan on the veth link like:
   sudo bridge vlan add vid 20 pvid untagged dev ...

I opened an issue for netavark but first part belongs to common/libnetwork:

1. podman create network

Currently, the podman network create already allows to set a vlan option:

$ podman network create -o 'com.docker.network.bridge.name=brint' \
        -o vlan=20 --ipam-driver 'none' vlan20

results in /etc/containers/networks/vlan20.json

{
  "name": "vlan20",
  "driver": "bridge",
  "network_interface": "brint",
  "options": {
    "vlan": "20"   <---
  },
  "ipam_options": {
    "driver": "none"
  }
}

But it fails to create another network on the same bridge with different vlan tag:

$ podman network create -o 'com.docker.network.bridge.name=brint' \
        -o vlan=30 --ipam-driver 'none' vlan30
Error: bridge name brint already in use

Relevant code is in libnetwork/internal/util/bridge.go#L16

[chriss-de]

HI

Is anyone working on this?

I have the same problem and for me this looks like a new network driver - sth like "brat" as in bridge attach

Background: I have a (and only one) bridge interface on my system with multiple VLANs. For me it would be perfect to have a podman network that just adds the vnet interface to my existing bridge and configures the VLANs.

There are multiple solutions to this problem - any hint on how this should be solved?
Before I start a PR in the complete wrong direction.