Add example to Bridges and VLANs section

Change-Id: I45c64dfe6a28f73b3c4f7ac4444e49b8488e55f7
2019-12-10 16:41:25 +01:00 · 2019-12-10 16:41:25 +01:00 · 5d6de8fc8b
commit 5d6de8fc8b
parent 30cedca968
1 changed files with 28 additions and 1 deletions
--- a/doc/source/configuration/network.rst
+++ b/doc/source/configuration/network.rst
@ -420,6 +420,33 @@ VLAN to be forwarded by the bridge, whereas adding a VLAN interface to an
 Ethernet or bond interface that is a bridge member port will prevent tagged
 traffic for that VLAN being forwarded by the bridge.

+For example, if you are bridging ``eth1`` to ``breth1`` and want to access VLAN
+1234 as a tagged VLAN from the host, while still allowing Neutron to access
+traffic for that VLAN via Open vSwitch, your setup should look like this:
+
+.. code-block:: console
+
+   $ sudo brctl show
+   bridge name     bridge id               STP enabled     interfaces
+   breth1          8000.56e6b95b4178       no              p-breth1-phy
+                                                           eth1
+   $ sudo ip addr show | grep 1234 | head -1
+   10: breth1.1234@breth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
+
+It should **not** look like this:
+
+.. code-block:: console
+
+   $ sudo brctl show
+   bridge name     bridge id               STP enabled     interfaces
+   breth1          8000.56e6b95b4178       no              p-breth1-phy
+                                                           eth1
+   $ sudo ip addr show | grep 1234 | head -1
+   10: eth1.1234@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
+
+This second configuration may be desirable to prevent specific traffic, e.g. of
+the internal API network, from reaching Neutron.
+
 Domain Name Service (DNS) Resolver Configuration
 ================================================