diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
index 520443a35..347c14557 100644
--- a/doc/man/Makefile.am
+++ b/doc/man/Makefile.am
@@ -1,163 +1,165 @@
 #
 # doc: Linux-HA resource agents
 #
 # Copyright (C) 2009 Florian Haas
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
 # 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 # 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 #
 
 
 MAINTAINERCLEANFILES    = Makefile.in
 
 EXTRA_DIST 		= $(doc_DATA) $(REFENTRY_STYLESHEET) \
 			  mkappendix.sh ralist.sh
 
 CLEANFILES              = $(man_MANS) $(xmlfiles) metadata-*.xml
 
 STYLESHEET_PREFIX 	?= http://docbook.sourceforge.net/release/xsl/current
 MANPAGES_STYLESHEET 	?= $(STYLESHEET_PREFIX)/manpages/docbook.xsl
 HTML_STYLESHEET 	?= $(STYLESHEET_PREFIX)/xhtml/docbook.xsl
 FO_STYLESHEET 		?= $(STYLESHEET_PREFIX)/fo/docbook.xsl
 REFENTRY_STYLESHEET	?= ra2refentry.xsl
 
 XSLTPROC_OPTIONS 	?= --xinclude
 XSLTPROC_MANPAGES_OPTIONS ?= $(XSLTPROC_OPTIONS)
 XSLTPROC_HTML_OPTIONS 	?= $(XSLTPROC_OPTIONS)
 XSLTPROC_FO_OPTIONS 	?= $(XSLTPROC_OPTIONS)
 
 radir			= $(top_srcdir)/heartbeat
 
 # OCF_ROOT=. is necessary due to a sanity check in ocf-shellfuncs
 # (which tests whether $OCF_ROOT points to a directory
 metadata-%.xml: $(radir)/%
 	OCF_ROOT=. OCF_FUNCTIONS_DIR=$(radir) $< meta-data > $@
 
 metadata-IPv6addr.xml: ../../heartbeat/IPv6addr
 	OCF_ROOT=. OCF_FUNCTIONS_DIR=$(radir) $< meta-data > $@
 
 # Please note: we can't name the man pages
 # ocf:heartbeat:<name>. Believe me, I've tried. It looks like it
 # works, but then it doesn't. While make can deal correctly with
 # colons in target names (when properly escaped), it royally messes up
 # when it is deals with _dependencies_ that contain colons. See Bug
 # 12126 on savannah.gnu.org. But, maybe it gets fixed soon, it was
 # first reported in 1995 and added to Savannah in in 2005...
 if BUILD_DOC
 man_MANS	       = ocf_heartbeat_AoEtarget.7 \
                           ocf_heartbeat_AudibleAlarm.7 \
                           ocf_heartbeat_ClusterMon.7 \
                           ocf_heartbeat_CTDB.7 \
                           ocf_heartbeat_Delay.7 \
                           ocf_heartbeat_Dummy.7 \
                           ocf_heartbeat_EvmsSCC.7 \
                           ocf_heartbeat_Evmsd.7 \
                           ocf_heartbeat_Filesystem.7 \
                           ocf_heartbeat_ICP.7 \
                           ocf_heartbeat_IPaddr.7 \
                           ocf_heartbeat_IPaddr2.7 \
                           ocf_heartbeat_IPsrcaddr.7 \
                           ocf_heartbeat_LVM.7 \
                           ocf_heartbeat_LinuxSCSI.7 \
                           ocf_heartbeat_MailTo.7 \
                           ocf_heartbeat_ManageRAID.7 \
                           ocf_heartbeat_ManageVE.7 \
                           ocf_heartbeat_Pure-FTPd.7 \
                           ocf_heartbeat_Raid1.7 \
                           ocf_heartbeat_Route.7 \
                           ocf_heartbeat_SAPDatabase.7 \
                           ocf_heartbeat_SAPInstance.7 \
                           ocf_heartbeat_SendArp.7 \
                           ocf_heartbeat_ServeRAID.7 \
                           ocf_heartbeat_SphinxSearchDaemon.7 \
                           ocf_heartbeat_Squid.7 \
                           ocf_heartbeat_Stateful.7 \
                           ocf_heartbeat_SysInfo.7 \
                           ocf_heartbeat_VIPArip.7 \
                           ocf_heartbeat_VirtualDomain.7 \
                           ocf_heartbeat_WAS.7 \
                           ocf_heartbeat_WAS6.7 \
                           ocf_heartbeat_WinPopup.7 \
                           ocf_heartbeat_Xen.7 \
                           ocf_heartbeat_Xinetd.7 \
                           ocf_heartbeat_anything.7 \
                           ocf_heartbeat_apache.7 \
                           ocf_heartbeat_asterisk.7 \
                           ocf_heartbeat_conntrackd.7 \
                           ocf_heartbeat_db2.7 \
                           ocf_heartbeat_dhcpd.7 \
                           ocf_heartbeat_eDir88.7 \
                           ocf_heartbeat_ethmonitor.7 \
                           ocf_heartbeat_exportfs.7 \
                           ocf_heartbeat_fio.7 \
                           ocf_heartbeat_iSCSILogicalUnit.7 \
                           ocf_heartbeat_iSCSITarget.7 \
+                          ocf_heartbeat_iface-bridge.7 \
+                          ocf_heartbeat_iface-vlan.7 \
                           ocf_heartbeat_ids.7 \
                           ocf_heartbeat_iscsi.7 \
                           ocf_heartbeat_jboss.7 \
                           ocf_heartbeat_lxc.7 \
                           ocf_heartbeat_mysql.7 \
                           ocf_heartbeat_mysql-proxy.7 \
                           ocf_heartbeat_named.7 \
                           ocf_heartbeat_nfsserver.7 \
                           ocf_heartbeat_nginx.7 \
                           ocf_heartbeat_oracle.7 \
                           ocf_heartbeat_oralsnr.7 \
                           ocf_heartbeat_pgsql.7 \
                           ocf_heartbeat_pingd.7 \
                           ocf_heartbeat_portblock.7 \
                           ocf_heartbeat_postfix.7 \
                           ocf_heartbeat_pound.7 \
                           ocf_heartbeat_proftpd.7 \
                           ocf_heartbeat_rsyncd.7 \
                           ocf_heartbeat_rsyslog.7 \
                           ocf_heartbeat_scsi2reservation.7 \
                           ocf_heartbeat_sfex.7 \
                           ocf_heartbeat_slapd.7 \
                           ocf_heartbeat_symlink.7 \
                           ocf_heartbeat_syslog-ng.7 \
                           ocf_heartbeat_tomcat.7 \
                           ocf_heartbeat_varnish.7 \
                           ocf_heartbeat_vmware.7 \
                           ocf_heartbeat_zabbixserver.7
 
 if USE_IPV6ADDR
 man_MANS           	+= ocf_heartbeat_IPv6addr.7
 endif
 
 xmlfiles		= $(man_MANS:.7=.xml)
 
 %.1 %.5 %.7 %.8: %.xml
 	$(XSLTPROC) \
 	$(XSLTPROC_MANPAGES_OPTIONS) \
 	$(MANPAGES_STYLESHEET) $<
 
 ocf_heartbeat_%.xml: metadata-%.xml $(srcdir)/$(REFENTRY_STYLESHEET)
 	$(XSLTPROC) --novalid \
 	--stringparam package $(PACKAGE_NAME) \
 	--stringparam version $(VERSION) \
 	--output $@ \
 	$(srcdir)/$(REFENTRY_STYLESHEET) $<
 
 ocf_resource_agents.xml: $(xmlfiles) mkappendix.sh
 	./mkappendix.sh $(xmlfiles) > $@
 
 %.html: %.xml
 	$(XSLTPROC) \
 	$(XSLTPROC_HTML_OPTIONS) \
 	--output $@ \
 	$(HTML_STYLESHEET) $<
 
 xml: ocf_resource_agents.xml
 endif
diff --git a/heartbeat/Makefile.am b/heartbeat/Makefile.am
index 777c6b184..0ce1c1399 100644
--- a/heartbeat/Makefile.am
+++ b/heartbeat/Makefile.am
@@ -1,141 +1,143 @@
 # Makefile.am for OCF RAs
 #
 # Author: Sun Jing Dong
 # Copyright (C) 2004 IBM
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
 # 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 # 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 #
 MAINTAINERCLEANFILES = Makefile.in
 
 EXTRA_DIST		= $(ocf_SCRIPTS) $(ocfcommon_DATA) \
 			  $(common_DATA) $(hb_DATA) $(dtd_DATA) \
 			  README
 
 INCLUDES		= -I$(top_srcdir)/include -I$(top_srcdir)/linux-ha
 
 halibdir		= $(libexecdir)/heartbeat
 
 ocfdir		        = $(OCF_RA_DIR_PREFIX)/heartbeat
 
 dtddir			= $(datadir)/$(PACKAGE_NAME)
 dtd_DATA		= ra-api-1.dtd
 
 if USE_IPV6ADDR
 ocf_PROGRAMS           = IPv6addr
 halib_PROGRAMS         = send_ua
 else
 ocf_PROGRAMS           =
 halib_PROGRAMS         =
 endif
 
 IPv6addr_SOURCES        = IPv6addr.c
 send_ua_SOURCES         = IPv6addr.c
 
 IPv6addr_LDADD          = -lplumb $(LIBNETLIBS)
 send_ua_LDADD           = -lplumb $(LIBNETLIBS)
 
 ocf_SCRIPTS	     =  ClusterMon		\
 			CTDB			\
 			Dummy			\
 		        IPaddr			\
 		        IPaddr2			\
 			anything		\
 			AoEtarget		\
 			apache			\
 			asterisk		\
 			nginx			\
 			AudibleAlarm		\
 			conntrackd		\
 			db2			\
 			dhcpd		\
 			Delay			\
 			eDir88			\
 			EvmsSCC			\
 			Evmsd			\
 			ethmonitor		\
 			exportfs		\
 			Filesystem		\
 			fio			\
 			ids			\
 			iscsi			\
 			ICP			\
 			IPsrcaddr		\
 			iSCSITarget		\
 			iSCSILogicalUnit	\
+			iface-bridge		\
+			iface-vlan		\
 			jboss			\
 			LinuxSCSI		\
 			LVM			\
 			lxc			\
 			MailTo			\
 			ManageRAID		\
 			ManageVE		\
 			mysql			\
 			mysql-proxy		\
 			named			\
 			nfsserver		\
 			oracle			\
 			oralsnr			\
 			pingd			\
 			portblock		\
 			postfix			\
 			pound			\
 			pgsql			\
 			proftpd			\
 			Pure-FTPd		\
 			Raid1			\
 			Route			\
 			rsyncd			\
 			rsyslog			\
 			SAPDatabase		\
 			SAPInstance		\
 			SendArp			\
 			ServeRAID		\
 			slapd			\
 			SphinxSearchDaemon	\
 			Squid			\
 			Stateful		\
 			SysInfo			\
 			scsi2reservation	\
 			sfex			\
 			symlink			\
 			syslog-ng		\
 			tomcat			\
 			VIPArip			\
 			VirtualDomain		\
 			varnish			\
 			vmware			\
 			WAS			\
 			WAS6			\
 			WinPopup		\
 			Xen			\
 			Xinetd			\
 			zabbixserver
 
 ocfcommondir		= $(OCF_LIB_DIR_PREFIX)/heartbeat
 ocfcommon_DATA		= ocf-shellfuncs 	\
 			  ocf-binaries	 	\
 			  ocf-directories 	\
 			  ocf-returncodes 	\
  			  ocf-rarun		\
 			  apache-conf.sh 	\
 			  http-mon.sh    	\
 			  sapdb-nosha.sh	\
 			  sapdb.sh		\
 			  ora-common.sh		\
 			  findif.sh
 
 # Legacy locations
 hbdir			= $(sysconfdir)/ha.d
 hb_DATA			= shellfuncs
diff --git a/heartbeat/iface-bridge b/heartbeat/iface-bridge
new file mode 100755
index 000000000..e1dfecbff
--- /dev/null
+++ b/heartbeat/iface-bridge
@@ -0,0 +1,843 @@
+#!/bin/sh
+#
+#       OCF Resource Agent compliant iface-bridge script.
+#
+#       Implements network Bridge interface management
+#
+# Copyright (C) 2013 Red Hat, Inc.  All rights reserved.
+# Author: Fabio M. Di Nitto <fdinitto@redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of version 2 of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Further, this software is distributed without any warranty that it is
+# free of the rightful claim of any third person regarding infringement
+# or the like.  Any license provided herein, whether implied or
+# otherwise, applies only to this software file.  Patent licenses, if
+# any, provided herein do not apply to combinations of this program with
+# other software, or any other product whatsoever.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 59 Temple Place - Suite 330, Boston MA 02111-1307, USA.
+#
+#
+
+# TODO:
+#       * Eventually improve bridge_check to verify all runtime
+#         parameters. Is it really necessary?
+#       * consider add support for advanced multicast timers tuning
+#         sethashel       <bridge> <int>   set hash elasticity                   default 4
+#         sethashmax      <bridge> <int>   set hash max                          default 512
+#         setmclmc        <bridge> <int>   set multicast last member count       default 2, ?
+#         setmcsqc        <bridge> <int>   set multicast startup query count     default 2, ?
+#         setmclmi        <bridge> <time>  set multicast last member interval    default HZ
+#         setmcmi         <bridge> <time>  set multicast membership interval     default 260 * HZ
+#         setmcqpi        <bridge> <time>  set multicast querier interval        default 255 * HZ
+#         setmcqi         <bridge> <time>  set multicast query interval          detault 125 * HZ
+#         setmcqri        <bridge> <time>  set multicast query response interval default 10 * HZ
+#         setmcqri        <bridge> <time>  set multicast startup query interval  default 125 * hZ / 4
+#
+#
+#	OCF parameters are as below
+#	OCF_RESKEY_bridge_name
+#       OCF_RESKEY_bridge_slaves
+#       OCF_RESKEY_bridge_ageing
+#       OCF_RESKEY_port_hairpin
+#       OCF_RESKEY_stp
+#       OCF_RESKEY_stp_bridgeprio
+#       OCF_RESKEY_stp_fd
+#       OCF_RESKEY_stp_maxage
+#       OCF_RESKEY_stp_hello
+#       OCF_RESKEY_stp_pathcost
+#       OCF_RESKEY_stp_portprio
+#       OCF_RESKEY_multicast_router
+#       OCF_RESKEY_multicast_snooping
+#       OCF_RESKEY_multicast_querier
+#       OCF_RESKEY_multicast_port_router
+#
+
+#######################################################################
+# Initialization:
+
+: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
+. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
+
+# Defaults
+OCF_RESKEY_stp_default=false
+OCF_RESKEY_stp_fd_default=0
+OCF_RESKEY_multicast_router_default=1
+OCF_RESKEY_multicast_snooping_default=1
+OCF_RESKEY_multicast_querier_default=0
+
+: ${OCF_RESKEY_stp=${OCF_RESKEY_stp_default}}
+: ${OCF_RESKEY_stp_fd=${OCF_RESKEY_stp_fd_default}}
+: ${OCF_RESKEY_multicast_router=${OCF_RESKEY_multicast_router_default}}
+: ${OCF_RESKEY_multicast_snooping=${OCF_RESKEY_multicast_snooping_default}}
+: ${OCF_RESKEY_multicast_querier=${OCF_RESKEY_multicast_querier_default}}
+
+# binaries
+: ${BRCTL:=brctl}
+
+#######################################################################
+
+bridge_usage() {
+	cat <<END
+usage: $0 {start|stop|status|monitor|validate-all|meta-data}
+
+Expects to have a fully populated OCF RA-compliant environment set.
+END
+}
+
+bridge_meta_data() {
+	cat <<END
+<?xml version="1.0"?>
+<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
+<resource-agent name="iface-bridge">
+  <version>1.0</version>
+
+  <longdesc lang="en">
+    This resource manages Bridge network interfaces.
+    It can add, remove, configure bridges and spanning-tree.
+  </longdesc>
+
+  <shortdesc lang="en">
+    Manages Bridge network interfaces.
+  </shortdesc>
+
+  <parameters>
+    <parameter name="bridge_name" unique="1" required="1">
+      <longdesc lang="en">
+        Define the name of the bridge (max 15 charaters).
+      </longdesc>
+      <shortdesc lang="en">
+        Name of the bridge
+      </shortdesc>
+      <content type="string"/>
+    </parameter>
+
+    <parameter name="bridge_slaves" unique="1">
+      <longdesc lang="en">
+        Define the list of interfaces, space separated, to add to the bridge.
+        The list can be empty.
+      </longdesc>
+      <shortdesc lang="en">
+        Network interface
+      </shortdesc>
+      <content type="string"/>
+    </parameter>
+
+    <parameter name="bridge_ageing" unique="0">
+      <longdesc lang="en">
+        Set the ethernet (MAC) address ageing time in seconds.
+      </longdesc>
+      <shortdesc lang="en">
+        MAC ageing in seconds.
+      </shortdesc>
+      <content type="integer"/>
+    </parameter>
+
+    <parameter name="port_hairpin" unique="0">
+      <longdesc lang="en">
+        Set hairpin forwarding mode.
+        A list of ports that should have hairpin enabled
+        can be specified using the following
+        Example: eth0 eth1
+      </longdesc>
+      <shortdesc lang="en">
+        Set hairpin forwarding mode.
+      </shortdesc>
+      <content type="string"/>
+    </parameter>
+
+    <parameter name="stp" unique="0">
+      <longdesc lang="en">
+        Enable or disable Spanning Tree Protocol on the bridge.
+      </longdesc>
+      <shortdesc lang="en">
+        Spanning Tree Protocol
+      </shortdesc>
+      <content type="boolean" default="${OCF_RESKEY_stp_default}"/>
+    </parameter>
+
+    <parameter name="stp_bridgeprio" unique="0">
+      <longdesc lang="en">
+        Set the bridge's priority to defined value. The priority value is a
+        number between  0  and 65535), and has no dimension. Lower priority values are
+        preferred. The bridge with the lowest priority will be elected as root bridge.
+      </longdesc>
+      <shortdesc lang="en">
+        Set the bridge's priority.
+      </shortdesc>
+      <content type="integer"/>
+    </parameter>
+
+    <parameter name="stp_fd" unique="0">
+      <longdesc lang="en">
+        Set the bridge forward delay (in seconds).
+      </longdesc>
+      <shortdesc lang="en">
+        Set the bridge forward delay.
+      </shortdesc>
+      <content type="integer" default="${OCF_RESKEY_stp_fd_default}"/>
+    </parameter>
+
+    <parameter name="stp_maxage" unique="0">
+      <longdesc lang="en">
+        Set the bridge maximum message age (in seconds).
+      </longdesc>
+      <shortdesc lang="en">
+        Set the bridge maximum message age.
+      </shortdesc>
+      <content type="integer"/>
+    </parameter>
+
+    <parameter name="stp_hello" unique="0">
+      <longdesc lang="en">
+        Set the bridge hello time (in seconds).
+      </longdesc>
+      <shortdesc lang="en">
+        Set the bridge hello time.
+      </shortdesc>
+      <content type="integer"/>
+    </parameter>
+
+    <parameter name="stp_pathcost" unique="0">
+      <longdesc lang="en">
+        Set the port cost. This is a dimensionless metric.
+        A list of port/cost can be specified using the following
+        format: slave cost slave cost.
+        Example: eth0 100 eth1 1000
+      </longdesc>
+      <shortdesc lang="en">
+        Set the port cost.
+      </shortdesc>
+      <content type="string"/>
+    </parameter>
+
+    <parameter name="stp_portprio" unique="0">
+      <longdesc lang="en">
+        Set the port priority. This is a number between 0 and 63.
+        $BRCTL man page reports a value between 0 and 255, but
+        tests show a limit of 63 on a live system.
+        This metric is used in the designated port and root port
+        selection algorithms.
+        A list of port/priority can be specified using the following
+        format: slave cost slave cost.
+        Example: eth0 10 eth1 60
+      </longdesc>
+      <shortdesc lang="en">
+        Set the port priority.
+      </shortdesc>
+      <content type="string"/>
+    </parameter>
+
+    <parameter name="multicast_router" unique="0">
+      <longdesc lang="en">
+        Enable or disable multicast routing on the bridge.
+      </longdesc>
+      <shortdesc lang="en">
+        Enable or disable multicast routing.
+      </shortdesc>
+      <content type="boolean" default="${OCF_RESKEY_multicast_router_default}"/>
+    </parameter>
+
+    <parameter name="multicast_snooping" unique="0">
+      <longdesc lang="en">
+        Enable or disable multicast snooping on the bridge.
+      </longdesc>
+      <shortdesc lang="en">
+        Enable or disable multicast snooping.
+      </shortdesc>
+      <content type="boolean" default="${OCF_RESKEY_multicast_snooping_default}"/>
+    </parameter>
+
+    <parameter name="multicast_port_router" unique="0">
+      <longdesc lang="en">
+        Enable or disable a port from the multicast router.
+        Kernel enables all port by default.
+        A list of port can be specified using the following
+        format: slave 0|1 slave 0|1.
+        Example: eth0 1 eth1 0
+      </longdesc>
+      <shortdesc lang="en">
+        Enable or disable a port from the multicast router.
+      </shortdesc>
+      <content type="string"/>
+    </parameter>
+  </parameters>
+
+  <actions>
+    <action name="start"        timeout="30s" />
+    <action name="stop"         timeout="20s" />
+    <action name="status"       timeout="20s" depth="0" interval="10s" />
+    <action name="monitor"      timeout="20s" depth="0" interval="10s" />
+    <action name="meta-data"    timeout="5s" />
+    <action name="validate-all" timeout="20s" />
+  </actions>
+</resource-agent>
+END
+}
+
+# commodity function
+# split_string eth0 100 eth1 1000 eth2 100
+# eth0 100
+# eth1 1000
+# eth2 100
+
+split_string() {
+	while [ -n "$1" ]; do
+		echo $1 $2
+		shift && shift
+	done
+}
+
+# check if the interface is admin up/down
+
+iface_is_up() {
+	if ! $IP2UTIL -o link show $1 | \
+	    sed -e 's#.*<##g' -e 's#>.*##' -e 's#LOWER_UP##g' | \
+	    grep -q UP; then
+		return 1
+	fi
+	return 0
+}
+
+# check if the slaves have link layer up/down
+# see kernel network documentation on meaning of LOWER_UP flag
+# for more in depth explanation on how it works
+# NOTE: this check is not reliable in virt environment
+# since interfaces are always LOWER_UP. There is no way
+# from the guest to know if the host has disconnected somehow
+
+iface_lower_is_up() {
+	if ! $IP2UTIL -o link show $1 | \
+	    grep -q LOWER_UP; then
+		return 1
+	fi
+	return 0
+}
+
+# wrapup function to check if any interface defined in
+# option lists is a slave
+
+iface_is_slave() {
+	for slave in $OCF_RESKEY_bridge_slaves; do
+		if [ "$1" = "$slave" ]; then
+			return 0
+		fi	
+	done
+	return 1
+}
+
+bridge_validate() {
+	check_binary $BRCTL
+	check_binary $IP2UTIL
+
+	if [ -z "$OCF_RESKEY_bridge_name" ]; then
+		ocf_log err "Invalid OCF_RESKEY_bridge_name: value cannot be empty"
+		return 1
+	fi
+
+	# the echo .. is the equivalent of strlen in bash
+	#
+	# /usr/include/linux/if.h:#define IFNAMSIZ        16
+	# needs to include 0 byte end string
+
+	if [ "${#OCF_RESKEY_bridge_name}" -gt 15 ]; then
+		ocf_log err "Invalid OCF_RESKEY_bridge_name: name is too long"
+		return 1
+	fi
+
+	if [ ! -d "/sys/class/net" ]; then
+		ocf_log err "Unable to find sysfs network class in /sys"
+		return 1
+	fi
+
+	for slave in $OCF_RESKEY_bridge_slaves; do
+		if [ ! -e "/sys/class/net/$slave" ]; then
+			ocf_log err "Invalid OCF_RESKEY_bridge_slaves: $slave does not exists"
+			return 1
+		fi
+	done
+
+	# check if declared harpin ports are slaves
+	for hairpin in $OCF_RESKEY_port_hairpin; do
+		if ! iface_is_slave $hairpin; then
+			ocf_log err "Invalid OCF_RESKEY_port_hairpin: $hairpin is not listed in OCF_RESKEY_bridge_slaves"
+			return 1
+		fi
+	done
+
+	if [ -n "$OCF_RESKEY_bridge_ageing" ]; then
+		if ! ocf_is_decimal "$OCF_RESKEY_bridge_ageing"; then
+			ocf_log err "Invalid OCF_RESKEY_bridge_ageing: must be a decimal value (0 or greater)"
+			return 1
+		fi
+	fi
+
+	# OCF_RESKEY_stp_fd needs special handling as it can be 0 or greater
+	# but only when configured before OCF_RESKEY_stp.
+	# if enabled after OCF_RESKEY_stp with stp=true the value range is
+	# different. It is not clear from the man page or brctl documentation
+	# what the range is ahead of time.
+	if [ -n "$OCF_RESKEY_stp_fd" ]; then
+		if ! ocf_is_decimal "$OCF_RESKEY_stp_fd" || \
+		   [ "$OCF_RESKEY_stp_fd" -lt 0 ]; then
+			ocf_log err "Invalid OCF_RESKEY_stp_fd: must be a decimal value (0 or greater)"
+			return 1
+		fi
+	fi
+
+	if ocf_is_true "$OCF_RESKEY_stp"; then
+
+		if [ -n "$OCF_RESKEY_stp_bridgeprio" ]; then
+			if ! ocf_is_decimal "$OCF_RESKEY_stp_bridgeprio" || \
+			   [ "$OCF_RESKEY_stp_bridgeprio" -gt 65535 ]; then
+				ocf_log err "Invalid OCF_RESKEY_stp_bridgeprio: must be a decimal value between 0 and 65535 included"
+				return 1
+			fi
+		fi
+
+		if [ -n "$OCF_RESKEY_stp_hello" ]; then
+			if ! ocf_is_decimal "$OCF_RESKEY_stp_hello"; then
+				ocf_log err "Invalid OCF_RESKEY_stp_hello: must be a decimal value (0 or greater)"
+				return 1
+			fi
+		fi
+
+		if [ -n "$OCF_RESKEY_stp_maxage" ]; then
+			if ! ocf_is_decimal "$OCF_RESKEY_stp_maxage"; then
+				ocf_log err "Invalid OCF_RESKEY_stp_maxage: must be a decimal value (0 or greater)"
+				return 1
+			fi
+		fi
+
+		if [ -n "$OCF_RESKEY_stp_pathcost" ]; then
+			split_string $OCF_RESKEY_stp_pathcost | { while read iface cost; do
+					if ! iface_is_slave $iface; then
+						ocf_log err "Invalid OCF_RESKEY_stp_pathcost: $iface is not listed in OCF_RESKEY_bridge_slaves"
+						return 1
+					fi
+
+					if ! ocf_is_decimal $cost; then
+						ocf_log err "Invalid OCF_RESKEY_stp_pathcost: cost must be a decimal value (0 or great)"
+						return 1
+					fi
+				done
+			}
+		fi
+
+		if [ -n "$OCF_RESKEY_stp_portprio" ]; then
+			split_string $OCF_RESKEY_stp_portprio | { while read iface prio; do
+					if ! iface_is_slave $iface; then
+						ocf_log err "Invalid OCF_RESKEY_stp_portprio: $iface is not listed in OCF_RESKEY_bridge_slaves"
+						return 1
+					fi
+
+					if ! ocf_is_decimal $prio || \
+					   [ "$prio" -gt "63" ]; then
+						ocf_log err "Invalid OCF_RESKEY_stp_portprio: priority must be a decimal value between 0 and 63 included"
+						return 1
+					fi
+				done
+			}
+		fi
+
+	fi
+
+	if [ -n "$OCF_RESKEY_multicast_port_router" ]; then
+		split_string $OCF_RESKEY_multicast_port_router | { while read iface mcport; do
+				if ! iface_is_slave $iface; then
+					ocf_log err "Invalid OCF_RESKEY_multicast_port_router: $iface is not listed in OCF_RESKEY_bridge_slaves"
+					return 1
+				fi
+
+				if ! ocf_is_decimal $mcport || \
+				   [ "$mcport" -gt "1" ]; then
+					ocf_log err "Invalid OCF_RESKEY_multicast_port_router: valuer must be 0 (disabled) or 1 (enabled)"
+					return 1
+				fi
+			done
+		}
+	fi
+
+	return 0
+}
+
+bridge_check() {
+	if [ -e "/sys/class/net/$OCF_RESKEY_bridge_name" ]; then
+		if [ ! -e "$HA_RSCTMP/iface-bridge.$OCF_RESKEY_bridge_name" ]; then
+			return $OCF_ERR_GENERIC
+		fi
+	else
+		if [ -e "$HA_RSCTMP/iface-bridge.$OCF_RESKEY_bridge_name" ]; then
+			error="$(rm -f "$HA_RSCTMP/iface-bridge.$OCF_RESKEY_bridge_name" 2>&1)"
+			if [ "$?" != "0" ]; then
+				ocf_log err "Unable to remove stale lock file for bridge $OCF_RESKEY_bridge_name: $error"
+				return $OCF_ERR_GENERIC
+			fi
+		fi
+		return $OCF_NOT_RUNNING
+	fi
+
+	# we check if all slaves are still part of the bridge
+	for slave in $OCF_RESKEY_bridge_slaves; do
+		if [ ! -e "/sys/class/net/$OCF_RESKEY_bridge_name/brif/$slave" ]; then
+			ocf_log err "Interface $slave is not part of the bridge $OCF_RESKEY_bridge_name"
+			return $OCF_ERR_GENERIC
+		fi
+		if ! iface_is_up $slave; then
+			ocf_log err "Interface $slave of the bridge $OCF_RESKEY_bridge_name is administratively down"
+			return $OCF_ERR_GENERIC
+		fi
+	done
+
+	# check if bridge is still "UP"
+	# is there a cleaner way?
+
+	if ! iface_is_up $OCF_RESKEY_bridge_name; then
+		ocf_log err "Bridge $OCF_RESKEY_bridge_name is administratively down"
+		return $OCF_ERR_GENERIC
+	fi
+
+	if ! iface_lower_is_up $OCF_RESKEY_bridge_name; then
+		ocf_log err "Bridge $OCF_RESKEY_bridge_name has no active link-layer slaves"
+		return $OCF_ERR_GENERIC
+	fi
+
+	return $OCF_SUCCESS
+}
+
+# we need a simpler stop version to clean after us if start fails
+# without involving any error checking
+# rolling back in case of failure is otherwise complex
+
+bridge_force_stop() {
+	$IP2UTIL link set dev "$OCF_RESKEY_bridge_name" down 2>&1
+	for slave in $OCF_RESKEY_bridge_slaves; do
+		$IP2UTIL link set dev "$slave" down 2>&1
+	done
+	$BRCTL delbr "$OCF_RESKEY_bridge_name" 2>&1
+	rm -f "$HA_RSCTMP/iface-bridge.$OCF_RESKEY_bridge_name" 2>&1
+}
+
+bridge_start() {
+	# check if the bridge already exists
+	bridge_check
+	ret=$?
+	if [ "$ret" != "$OCF_NOT_RUNNING" ]; then
+		return $ret
+	fi
+
+	# create the bridge
+	error="$($BRCTL addbr "$OCF_RESKEY_bridge_name" 2>&1)"
+	if [ "$?" != "0" ]; then
+		ocf_log err "Unable to create bridge $OCF_RESKEY_bridge_name: $error"
+		return $OCF_ERR_GENERIC
+	fi
+
+	# add slaves if configured
+	for slave in $OCF_RESKEY_bridge_slaves; do
+		error="$($BRCTL addif "$OCF_RESKEY_bridge_name" "$slave" 2>&1)"
+		if [ "$?" != "0" ]; then
+			ocf_log err "Unable to add interface $slave to bridge $OCF_RESKEY_bridge_name: $error"
+			return $OCF_ERR_GENERIC
+		fi
+	done
+
+	# set haripin forward mode
+	for hairpin in $OCF_RESKEY_port_hairpin; do
+		error="$($BRCTL hairpin "$OCF_RESKEY_bridge_name" "$hairpin" on 2>&1)"
+		if [ "$?" != "0" ]; then
+			ocf_log err "Unable to set hairpin on for interface $hairpin to bridge $OCF_RESKEY_bridge_name: $error"
+			return $OCF_ERR_GENERIC
+		fi
+	done
+
+	# set bridge ageing
+	if [ -n "$OCF_RESKEY_bridge_ageing" ]; then
+		error="$($BRCTL setageing "$OCF_RESKEY_bridge_name" "$OCF_RESKEY_bridge_ageing" 2>&1)"
+		if [ "$?" != "0" ]; then
+			ocf_log err "Unable to set bridge $OCF_RESKEY_bridge_name ageing to $OCF_RESKEY_bridge_ageing: $error"
+			return $OCF_ERR_GENERIC
+		fi
+	fi
+
+	# OCF_RESKEY_stp_fd needs special handling as it can be 0 or greater
+	# but only when configured before OCF_RESKEY_stp.
+	# if enabled after OCF_RESKEY_stp with stp=true the value range is
+	# different. It is not clear from the man page or brctl documentation
+	# what the range is ahead of time.
+	if [ -n "$OCF_RESKEY_stp_fd" ]; then
+		error="$($BRCTL setfd "$OCF_RESKEY_bridge_name" "$OCF_RESKEY_stp_fd" 2>&1)"
+		if [ "$?" != "0" ]; then
+			ocf_log err "Unable to set bridge forward delay $OCF_RESKEY_stp_fd on bridge $OCF_RESKEY_bridge_name : $error"
+			return $OCF_ERR_GENERIC
+		fi
+	fi
+
+	# enable/disable spanning tree protocol
+	if ocf_is_true "$OCF_RESKEY_stp"; then
+		error="$($BRCTL stp "$OCF_RESKEY_bridge_name" on 2>&1)"
+		if [ "$?" != "0" ]; then
+			ocf_log err "Unable to enable STP on bridge $OCF_RESKEY_bridge_name : $error"
+			return $OCF_ERR_GENERIC
+		fi
+
+		# set bridge priority
+		if [ -n "$OCF_RESKEY_stp_bridgeprio" ]; then
+			error="$($BRCTL setbridgeprio "$OCF_RESKEY_bridge_name" "$OCF_RESKEY_stp_bridgeprio" 2>&1)"
+			if [ "$?" != "0" ]; then
+				ocf_log err "Unable to set bridge priority $OCF_RESKEY_stp_bridgeprio on bridge $OCF_RESKEY_bridge_name : $error"
+				return $OCF_ERR_GENERIC
+			fi
+		fi
+
+		# set hello timer
+		if [ -n "$OCF_RESKEY_stp_hello" ]; then
+			error="$($BRCTL sethello "$OCF_RESKEY_bridge_name" "$OCF_RESKEY_stp_hello" 2>&1)"
+			if [ "$?" != "0" ]; then
+				ocf_log err "Unable to set bridge hello timer $OCF_RESKEY_stp_hello on bridge $OCF_RESKEY_bridge_name : $error"
+				return $OCF_ERR_GENERIC
+			fi
+		fi
+
+
+		# set max age
+		if [ -n "$OCF_RESKEY_stp_maxage" ]; then
+			error="$($BRCTL setmaxage "$OCF_RESKEY_bridge_name" "$OCF_RESKEY_stp_maxage" 2>&1)"
+			if [ "$?" != "0" ]; then
+				ocf_log err "Unable to set bridge max age $OCF_RESKEY_stp_maxage on bridge $OCF_RESKEY_bridge_name : $error"
+				return $OCF_ERR_GENERIC
+			fi
+		fi
+
+		# set path cost per port
+		if [ -n "$OCF_RESKEY_stp_pathcost" ]; then
+			split_string $OCF_RESKEY_stp_pathcost | { while read iface cost; do
+				error="$($BRCTL setpathcost "$OCF_RESKEY_bridge_name" "$iface" "$cost" 2>&1)"
+				if [ "$?" != "0" ]; then
+					ocf_log err "Unable to set pathcost $cost for interface $iface on bridge $OCF_RESKEY_bridge_name : $error"
+					return $OCF_ERR_GENERIC
+				fi
+				done
+			}
+		fi
+
+		# set port priority per port
+		if [ -n "$OCF_RESKEY_stp_portprio" ]; then
+			split_string $OCF_RESKEY_stp_portprio | { while read iface prio; do
+				error="$($BRCTL setportprio "$OCF_RESKEY_bridge_name" "$iface" "$prio" 2>&1)"
+				if [ "$?" != "0" ]; then
+					ocf_log err "Unable to set portprio $prio for interface $iface on bridge $OCF_RESKEY_bridge_name : $error"
+					return $OCF_ERR_GENERIC
+				fi
+				done
+			}
+		fi
+	else
+		# stp off is default via brctl/kernel interface but it
+		# is best to force it since we don't know if default
+		# has changed across kernel releases
+		error="$($BRCTL stp "$OCF_RESKEY_bridge_name" off 2>&1)"
+		if [ "$?" != "0" ]; then
+			ocf_log err "Unable to disable STP on bridge $OCF_RESKEY_bridge_name : $error"
+			return $OCF_ERR_GENERIC
+		fi
+	fi
+
+	# set slaves up
+	for slave in $OCF_RESKEY_bridge_slaves; do
+		error="$($IP2UTIL link set dev "$slave" up 2>&1)"
+		if [ "$?" != "0" ]; then
+			ocf_log err "Unable to set slave $slave for bridge $OCF_RESKEY_bridge_name up: $error"
+			return $OCF_ERR_GENERIC
+		fi
+	done
+
+	# set the bridge up
+	error="$($IP2UTIL link set dev "$OCF_RESKEY_bridge_name" up 2>&1)"
+	if [ "$?" != "0" ]; then
+		ocf_log err "Unable to set bridge $OCF_RESKEY_bridge_name up: $error"
+		return $OCF_ERR_GENERIC
+	fi
+
+	# multicast operations can only be executed after the bridge is up
+	# and configured.
+
+	# enable/disable multicast router
+	if ocf_is_true "$OCF_RESKEY_multicast_router"; then
+		mcrouter=1
+	else
+		mcrouter=0
+	fi
+	if [ -e "/sys/class/net/$OCF_RESKEY_bridge_name/bridge/multicast_router" ]; then
+		error="$(echo $mcrouter > /sys/class/net/$OCF_RESKEY_bridge_name/bridge/multicast_router 2>&1)"
+		if [ "$?" != "0" ]; then
+			ocf_log err "Unable to set OCF_RESKEY_multicast_router for bridge $OCF_RESKEY_bridge_name: $error"
+			return $OCF_ERR_GENERIC
+		fi
+	else
+		ocf_log warn "Unable to set multicast router on bridge $OCF_RESKEY_bridge_name because kernel does not support it"
+	fi
+
+	# enable/disable multicast snoopint
+	if ocf_is_true "$OCF_RESKEY_multicast_snooping"; then
+		mcsnooping=1
+	else
+		mcsnooping=0
+	fi
+	if [ -e "/sys/class/net/$OCF_RESKEY_bridge_name/bridge/multicast_snooping" ]; then
+		error="$(echo $mcsnooping > /sys/class/net/$OCF_RESKEY_bridge_name/bridge/multicast_snooping 2>&1)"
+		if [ "$?" != "0" ]; then
+			ocf_log err "Unable to set OCF_RESKEY_multicast_snooping for bridge $OCF_RESKEY_bridge_name: $error"
+			return $OCF_ERR_GENERIC
+		fi
+	else
+		ocf_log warn "Unable to set multicast snooping on bridge $OCF_RESKEY_bridge_name because kernel does not support it"
+	fi
+
+	# enable/disable multicast querier
+	if ocf_is_true "$OCF_RESKEY_multicast_querier"; then
+		mcquerier=1
+	else
+		mcquerier=0
+	fi
+	if [ -e "/sys/class/net/$OCF_RESKEY_bridge_name/bridge/multicast_querier" ]; then
+		error="$(echo $mcquerier > /sys/class/net/$OCF_RESKEY_bridge_name/bridge/multicast_querier 2>&1)"
+		if [ "$?" != "0" ]; then
+			ocf_log err "Unable to set OCF_RESKEY_multicast_querier for bridge $OCF_RESKEY_bridge_name: $error"
+			return $OCF_ERR_GENERIC
+		fi
+	else
+		ocf_log warn "Unable to set multicast querier on bridge $OCF_RESKEY_bridge_name because kernel does not support it"
+	fi
+
+	# set multicast router per port
+	if [ -n "$OCF_RESKEY_multicast_port_router" ]; then
+		split_string $OCF_RESKEY_multicast_port_router | { while read iface mcport; do
+			if [ -e "/sys/class/net/$iface/brport/multicast_router" ]; then
+				error="$(echo $mcport > /sys/class/net/$iface/brport/multicast_router 2>&1)"
+				if [ "$?" != "0" ]; then
+					ocf_log err "Unable to set OCF_RESKEY_multicast_port_router $mcport for interface $iface on bridge $OCF_RESKEY_bridge_name : $error"
+					return $OCF_ERR_GENERIC
+				fi
+			else
+				ocf_log warn "Unable to set multicast port router on bridge $OCF_RESKEY_bridge_name because kernel does not support it"
+			fi
+			done
+		}
+	fi
+
+	error="$(touch "$HA_RSCTMP/iface-bridge.$OCF_RESKEY_bridge_name")"
+	if [ "$?" != "0" ]; then
+		ocf_log err "Unable to write lock file for bridge $OCF_RESKEY_bridge_name: $error"
+		return $OCF_ERR_GENERIC
+	fi
+
+	return $OCF_SUCCESS
+}
+
+bridge_stop() {
+	bridge_check
+	ret=$?
+	if [ "$ret" = "$OCF_NOT_RUNNING" ]; then
+		return $OCF_SUCCESS
+	fi
+	if [ "$ret" != "$OCF_SUCCESS" ]; then
+		return $ret
+	fi
+
+	# set bridge down
+	error="$($IP2UTIL link set dev "$OCF_RESKEY_bridge_name" down 2>&1)"
+	if [ "$?" != "0" ]; then
+		ocf_log err "Unable to set bridge $OCF_RESKEY_bridge_name down: $error"
+		return $OCF_ERR_GENERIC
+	fi
+
+	# set slaves down
+	for slave in $OCF_RESKEY_bridge_slaves; do
+		error="$($IP2UTIL link set dev "$slave" down 2>&1)"
+		if [ "$?" != "0" ]; then
+			ocf_log err "Unable to set slave $slave for bridge $OCF_RESKEY_bridge_name down: $error"
+			return $OCF_ERR_GENERIC
+		fi
+	done
+
+	# delete bridge
+	error="$($BRCTL delbr "$OCF_RESKEY_bridge_name" 2>&1)"
+	if [ "$?" != "0" ]; then
+		ocf_log err "Unable to delete bridge $OCF_RESKEY_bridge_name: $error"
+		return $OCF_ERR_GENERIC
+	fi
+
+	error="$(rm -f "$HA_RSCTMP/iface-bridge.$OCF_RESKEY_bridge_name" 2>&1)"
+	if [ "$?" != "0" ]; then
+		ocf_log err "Unable to remove lock file for bridge $OCF_RESKEY_bridge_name: $error"
+		return $OCF_ERR_GENERIC
+	fi
+
+	return $OCF_SUCCESS
+}
+
+case $__OCF_ACTION in
+	meta-data)
+		bridge_meta_data
+		exit $OCF_SUCCESS
+	;;
+	usage|help)
+		bridge_usage
+		exit $OCF_SUCCESS
+	;;
+esac
+
+if [ ! -d "$HA_RSCTMP" ]; then
+	ocf_log debug "$HA_RSCTMP not found, we are probably being executed manually"
+	mkdir -p "$HA_RSCTMP"
+fi
+
+if [ -n "$__OCF_ACTION" ] && ! bridge_validate; then
+	exit $OCF_ERR_CONFIGURED
+fi
+
+case $__OCF_ACTION in
+	start|stop)
+		if ! ocf_is_root; then
+			ocf_log err "You must be root for $__OCF_ACTION operation."
+			exit $OCF_ERR_PERM
+		fi
+	;;
+esac
+
+case $__OCF_ACTION in
+	start)
+		bridge_start
+		ret=$?
+		if [ "$ret" != "$OCF_SUCCESS" ]; then
+			bridge_force_stop
+		fi
+		exit $ret
+	;;
+	stop)
+		bridge_stop
+		exit $?
+	;;
+	status|monitor)
+		bridge_check
+		exit $?
+	;;
+	validate-all)
+		# bridge_validate above does the trick
+	;;
+	*)
+		bridge_usage
+		exit $OCF_ERR_UNIMPLEMENTED
+	;;
+esac
+# vi:sw=4:ts=8:
diff --git a/heartbeat/iface-vlan b/heartbeat/iface-vlan
new file mode 100755
index 000000000..bc8583cd4
--- /dev/null
+++ b/heartbeat/iface-vlan
@@ -0,0 +1,475 @@
+#!/bin/sh
+#
+#       OCF Resource Agent compliant iface-vlan script.
+#
+#       Implements network VLAN interface management
+#
+# Copyright (C) 2013 Red Hat, Inc.  All rights reserved.
+# Author: Fabio M. Di Nitto <fdinitto@redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of version 2 of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Further, this software is distributed without any warranty that it is
+# free of the rightful claim of any third person regarding infringement
+# or the like.  Any license provided herein, whether implied or
+# otherwise, applies only to this software file.  Patent licenses, if
+# any, provided herein do not apply to combinations of this program with
+# other software, or any other product whatsoever.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 59 Temple Place - Suite 330, Boston MA 02111-1307, USA.
+#
+#
+
+# TODO:
+#
+#	OCF parameters are as below
+#       OCF_RESKEY_vlan_interface
+#       OCF_RESKEY_vlan_id
+#	OCF_RESKEY_vlan_name
+#       OCF_RESKEY_vlan_reorder_hdr
+#       OCF_RESKEY_vlan_gvrp
+#       OCF_RESKEY_vlan_mvrp
+#       OCF_RESKEY_vlan_loose_binding
+#
+
+#######################################################################
+# Initialization:
+
+: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
+. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
+
+# Defaults
+OCF_RESKEY_vlan_reorder_hdr_default=1
+OCF_RESKEY_vlan_gvrp_default=0
+OCF_RESKEY_vlan_mvrp_default=0
+OCF_RESKEY_vlan_loose_binding_default=0
+OCF_RESKEY_vlan_name_default=${OCF_RESKEY_vlan_interface}.${OCF_RESKEY_vlan_id}
+
+: ${OCF_RESKEY_vlan_name=${OCF_RESKEY_vlan_name_default}}
+: ${OCF_RESKEY_vlan_reorder_hdr=${OCF_RESKEY_vlan_reorder_hdr_default}}
+: ${OCF_RESKEY_vlan_gvrp=${OCF_RESKEY_vlan_gvrp_default}}
+
+# don't set defaults for mvrp or loose binding since both
+# are rather new kernel features and they might not be supported
+#: ${OCF_RESKEY_vlan_mvrp=${OCF_RESKEY_vlan_mvrp_default}}
+#: ${OCF_RESKEY_vlan_loose_binding=${OCF_RESKEY_vlan_loose_binding_default}}
+
+#######################################################################
+
+vlan_usage() {
+	cat <<END
+usage: $0 {start|stop|status|monitor|validate-all|meta-data}
+
+Expects to have a fully populated OCF RA-compliant environment set.
+END
+}
+
+vlan_meta_data() {
+	cat <<END
+<?xml version="1.0"?>
+<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
+<resource-agent name="iface-vlan">
+  <version>1.0</version>
+
+  <longdesc lang="en">
+    This resource manages VLAN network interfaces.
+    It can add, remove, configure VLANs.
+  </longdesc>
+
+  <shortdesc lang="en">
+    Manages VLAN network interfaces.
+  </shortdesc>
+
+  <parameters>
+    <parameter name="vlan_interface" unique="1" required="1">
+      <longdesc lang="en">
+        Define the interface where VLAN should be attached.
+      </longdesc>
+      <shortdesc lang="en">
+        Network interface.
+      </shortdesc>
+      <content type="string"/>
+    </parameter>
+
+    <parameter name="vlan_id" unique="1" required="1">
+      <longdesc lang="en">
+        Define the VLAN ID. It has to be a value between 0 and 4094.
+      </longdesc>
+      <shortdesc lang="en">
+        Define the VLAN ID.
+      </shortdesc>
+      <content type="integer"/>
+    </parameter>
+
+    <parameter name="vlan_name" unique="1">
+      <longdesc lang="en">
+        Define the name of the VLAN interface (max 15 charaters).
+      </longdesc>
+      <shortdesc lang="en">
+        Name of the VLAN.
+      </shortdesc>
+      <content type="string" default="vlan_interface.vlan.id" />
+    </parameter>
+
+    <parameter name="vlan_reorder_hdr" unique="0">
+      <longdesc lang="en">
+        Enable or disable header reordering.
+      </longdesc>
+      <shortdesc lang="en">
+        Enable or disable header reordering.
+      </shortdesc>
+      <content type="boolean" default="${OCF_RESKEY_vlan_reorder_hdr_default}"/>
+    </parameter>
+
+    <parameter name="vlan_gvrp" unique="0">
+      <longdesc lang="en">
+        Enable or disable GARP VLAN registration protocol.
+      </longdesc>
+      <shortdesc lang="en">
+        Enable or disable gvrp.
+      </shortdesc>
+      <content type="boolean" default="${OCF_RESKEY_vlan_gvrp_default}"/>
+    </parameter>
+
+    <parameter name="vlan_mvrp" unique="0">
+      <longdesc lang="en">
+        Enable or disable Multiple VLAN Registration Protocol.
+        Please note that most distributions do not ship a version of iproute2
+        that supports mvrp yet, even if the kernel has support for it.
+        Check output of $IPADDR2 link add type vlan --help in the FLAG
+        section to verify if mvrp support is available.
+      </longdesc>
+      <shortdesc lang="en">
+        Enable or disable mvrp.
+      </shortdesc>
+      <content type="boolean" default="${OCF_RESKEY_vlan_mvrp_default}"/>
+    </parameter>
+
+    <parameter name="vlan_loose_binding" unique="0">
+      <longdesc lang="en">
+        Enable or disable VLAN loose bind. By default the VLAN interface
+        admin status (UP/DOWN) follows the underneath inteface status.
+        Enabling loose bind allows the VLAN to disconnect from the
+        interface status. Be very careful that enabling loose binding
+        could invalidate this agent monitor operations.
+        Please note that most distributions do not ship a version of iproute2
+        that supports loose_binding yet, even if the kernel has support for it.
+        Check output of $IPADDR2 link add type vlan --help in the FLAG
+        section to verify if loose_binding support is available.
+      </longdesc>
+      <shortdesc lang="en">
+        Enable or disable loose binding.
+      </shortdesc>
+      <content type="boolean" default="${OCF_RESKEY_vlan_loose_binding_default}"/>
+    </parameter>
+  </parameters>
+
+  <actions>
+    <action name="start"        timeout="30s" />
+    <action name="stop"         timeout="20s" />
+    <action name="status"       timeout="20s" depth="0" interval="10s" />
+    <action name="monitor"      timeout="20s" depth="0" interval="10s" />
+    <action name="meta-data"    timeout="5s" />
+    <action name="validate-all" timeout="20s" />
+  </actions>
+</resource-agent>
+END
+}
+
+# check if the interface is admin up/down
+
+iface_is_up() {
+	if ! $IP2UTIL -o link show $1 | \
+	    sed -e 's#.*<##g' -e 's#>.*##' -e 's#LOWER_UP##g' | \
+	    grep -q UP; then
+		return 1
+	fi
+	return 0
+}
+
+# check if the slaves have link layer up/down
+# see kernel network documentation on meaning of LOWER_UP flag
+# for more in depth explanation on how it works
+# NOTE: this check is not reliable in virt environment
+# since interfaces are always LOWER_UP. There is no way
+# from the guest to know if the host has disconnected somehow
+
+iface_lower_is_up() {
+	if ! $IP2UTIL -o link show $1 | \
+	    grep -q LOWER_UP; then
+		return 1
+	fi
+	return 0
+}
+
+vlan_validate() {
+	check_binary $IP2UTIL
+
+	if [ -z "$OCF_RESKEY_vlan_interface" ]; then
+		ocf_log err "Invalid OCF_RESKEY_vlan_interface: value cannot be empty"
+		return 1
+	fi
+
+	# the echo .. is the equivalent of strlen in bash
+	#
+	# /usr/include/linux/if.h:#define IFNAMSIZ        16
+	# needs to include 0 byte end string
+
+	if [ "${#OCF_RESKEY_vlan_interface}" -gt 15 ]; then
+		ocf_log err "Invalid OCF_RESKEY_vlan_interface: name is too long"
+		return 1
+	fi
+
+	if [ ! -d "/sys/class/net" ]; then
+		ocf_log err "Unable to find sysfs network class in /sys"
+		return 1
+	fi
+
+	if [ ! -e "/sys/class/net/$OCF_RESKEY_vlan_interface" ]; then
+		ocf_log err "Invalid OCF_RESKEY_vlan_interface: $OCF_RESKEY_vlan_interface does not exists"
+		return 1
+	fi
+
+	if [ -z "$OCF_RESKEY_vlan_id" ]; then
+		ocf_log err "Invalid OCF_RESKEY_vlan_id: value cannot be empty"
+		return 1
+	fi
+	if ! ocf_is_decimal "$OCF_RESKEY_vlan_id" || \
+	   [ "$OCF_RESKEY_vlan_id" -gt "4094" ]; then
+		ocf_log err "Invalid OCF_RESKEY_vlan_id: must be a decimal value (0 to 4094 included)"
+		return 1
+	fi
+
+	if [ "${#OCF_RESKEY_vlan_name}" -gt 15 ]; then
+		ocf_log err "Invalid OCF_RESKEY_vlan_name: name is too long"
+		return 1
+	fi
+
+	return 0
+}
+
+vlan_check() {
+	if [ -e "/sys/class/net/$OCF_RESKEY_vlan_name" ]; then
+		if [ ! -e "$HA_RSCTMP/iface-vlan.$OCF_RESKEY_vlan_name" ]; then
+			return $OCF_ERR_GENERIC
+		fi
+	else
+		if [ -e "$HA_RSCTMP/iface-vlan.$OCF_RESKEY_vlan_name" ]; then
+			error="$(rm -f "$HA_RSCTMP/iface-vlan.$OCF_RESKEY_vlan_name" 2>&1)"
+			if [ "$?" != "0" ]; then
+				ocf_log err "Unable to remove stale lock file for vlan $OCF_RESKEY_vlan_name: $error"
+				return $OCF_ERR_GENERIC
+			fi
+		fi
+		return $OCF_NOT_RUNNING
+	fi
+
+	if ! iface_is_up $OCF_RESKEY_vlan_interface; then
+		if ocf_is_true "$OCF_RESKEY_vlan_loose_binding"; then
+			ocf_log warn "Interface $OCF_RESKEY_vlan_interface is administratively down"
+		else
+			ocf_log err "Interface $OCF_RESKEY_vlan_interface is administratively down"
+			return $OCF_ERR_GENERIC
+		fi
+	fi
+
+	if ! iface_is_up $OCF_RESKEY_vlan_name; then
+		ocf_log err "VLAN $OCF_RESKEY_vlan_name is administratively down"
+		return $OCF_ERR_GENERIC
+	fi
+
+	if ! iface_lower_is_up $OCF_RESKEY_vlan_name; then
+		ocf_log err "VLAN $OCF_RESKEY_vlan_name has no active link-layer"
+		return $OCF_ERR_GENERIC
+	fi
+
+	return $OCF_SUCCESS
+}
+
+# we need a simpler stop version to clean after us if start fails
+# without involving any error checking
+# rolling back in case of failure is otherwise complex
+
+vlan_force_stop() {
+	$IP2UTIL link delete "$OCF_RESKEY_vlan_name" >/dev/null 2>&1
+	rm -f "$HA_RSCTMP/iface-vlan.$OCF_RESKEY_vlan_name" 2>&1
+}
+
+vlan_start() {
+	# check if the vlan already exists
+	vlan_check
+	ret=$?
+	if [ "$ret" != "$OCF_NOT_RUNNING" ]; then
+		return $ret
+	fi
+
+	# make sure kernel module is loaded
+	if [ ! -e /proc/net/vlan ]; then
+		error="$(modprobe 8021q 2>&1)"
+		if [ "$?" != "0" ]; then
+			ocf_log err "Unable to load kernel 8021q driver: $error"
+			return $OCF_ERR_GENERIC
+		fi
+	fi
+
+	# generate options
+	VLANOPTS=""
+
+	if [ -n "$OCF_RESKEY_vlan_reorder_hdr" ]; then
+		if ocf_is_true "$OCF_RESKEY_vlan_reorder_hdr"; then
+			VLANOPTS="reorder_hdr on"
+		else
+			VLANOPTS="reorder_hdr off"
+		fi
+	fi
+
+	if [ -n "$OCF_RESKEY_vlan_gvrp" ]; then
+		if ocf_is_true "$OCF_RESKEY_vlan_gvrp"; then
+			VLANOPTS="$VLANOPTS gvrp on"
+		else
+			VLANOPTS="$VLANOPTS gvrp off"
+		fi
+	fi
+
+	if [ -n "$OCF_RESKEY_vlan_mvrp" ]; then
+		if ocf_is_true "$OCF_RESKEY_vlan_mvrp"; then
+			VLANOPTS="$VLANOPTS mvrp on"
+		else
+			VLANOPTS="$VLANOPTS mvrp off"
+		fi
+	fi
+
+	if [ -n "$OCF_RESKEY_vlan_loose_binding" ]; then
+		if ocf_is_true "$OCF_RESKEY_vlan_loose_binding"; then
+			VLANOPTS="$VLANOPTS loose_binding on"
+		else
+			VLANOPTS="$VLANOPTS loose_binding off"
+		fi
+	fi
+
+	# create the VLAN
+	error="$($IP2UTIL link add link "$OCF_RESKEY_vlan_interface" name "$OCF_RESKEY_vlan_name" type vlan id "$OCF_RESKEY_vlan_id" $VLANOPTS 2>&1)"
+	if [ "$?" != "0" ]; then
+		ocf_log err "Unable to create VLAN $OCF_RESKEY_vlan_name: $error"
+		return $OCF_ERR_GENERIC
+	fi
+
+	# set the interface up
+	error="$($IP2UTIL link set dev "$OCF_RESKEY_vlan_interface" up 2>&1)"
+	if [ "$?" != "0" ]; then
+		ocf_log err "Unable to set VLAN $OCF_RESKEY_vlan_interface up: $error"
+		return $OCF_ERR_GENERIC
+	fi
+
+	# set the vlan up
+	error="$($IP2UTIL link set dev "$OCF_RESKEY_vlan_name" up 2>&1)"
+	if [ "$?" != "0" ]; then
+		ocf_log err "Unable to set VLAN $OCF_RESKEY_vlan_name up: $error"
+		return $OCF_ERR_GENERIC
+	fi
+
+	error="$(touch "$HA_RSCTMP/iface-vlan.$OCF_RESKEY_vlan_name" 2>&1)"
+	if [ "$?" != "0" ]; then
+		ocf_log err "Unable to create lock file for VLAN $OCF_RESKEY_vlan_name: $error"
+		return $OCF_ERR_GENERIC
+	fi
+
+	return $OCF_SUCCESS
+}
+
+vlan_stop() {
+	vlan_check
+	ret=$?
+	if [ "$ret" = "$OCF_NOT_RUNNING" ]; then
+		return $OCF_SUCCESS
+	fi
+	if [ "$ret" != "$OCF_SUCCESS" ]; then
+		return $ret
+	fi
+
+	# set vlan down
+	error="$($IP2UTIL link set dev "$OCF_RESKEY_vlan_name" down 2>&1)"
+	if [ "$?" != "0" ]; then
+		ocf_log err "Unable to set VLAN $OCF_RESKEY_vlan_name down: $error"
+		return $OCF_ERR_GENERIC
+	fi
+
+	# delete vlan
+	error="$($IP2UTIL link delete "$OCF_RESKEY_vlan_name" 2>&1)"
+	if [ "$?" != "0" ]; then
+		ocf_log err "Unable to delete VLAN $OCF_RESKEY_vlan_name: $error"
+		return $OCF_ERR_GENERIC
+	fi
+
+	error="$(rm -f "$HA_RSCTMP/iface-vlan.$OCF_RESKEY_vlan_name" 2>&1)"
+	if [ "$?" != "0" ]; then
+		ocf_log err "Unable to remove lock file for VLAN $OCF_RESKEY_vlan_name: $error"
+		return $OCF_ERR_GENERIC
+	fi
+
+	return $OCF_SUCCESS
+}
+
+case $__OCF_ACTION in
+	meta-data)
+		vlan_meta_data
+		exit $OCF_SUCCESS
+	;;
+	usage|help)
+		vlan_usage
+		exit $OCF_SUCCESS
+	;;
+esac
+
+if [ ! -d "$HA_RSCTMP" ]; then
+	ocf_log debug "$HA_RSCTMP not found, we are probably being executed manually"
+	mkdir -p "$HA_RSCTMP"
+fi
+
+if [ -n "$__OCF_ACTION" ] && ! vlan_validate; then
+	exit $OCF_ERR_CONFIGURED
+fi
+
+case $__OCF_ACTION in
+	start|stop)
+		if ! ocf_is_root; then
+			ocf_log err "You must be root for $__OCF_ACTION operation."
+			exit $OCF_ERR_PERM
+		fi
+	;;
+esac
+
+case $__OCF_ACTION in
+	start)
+		vlan_start
+		ret=$?
+		if [ "$ret" != "$OCF_SUCCESS" ]; then
+			vlan_force_stop
+		fi
+		exit $ret
+	;;
+	stop)
+		vlan_stop
+		exit $?
+	;;
+	status|monitor)
+		vlan_check
+		exit $?
+	;;
+	validate-all)
+		# vlan_validate above does the trick
+	;;
+	*)
+		vlan_usage
+		exit $OCF_ERR_UNIMPLEMENTED
+	;;
+esac
+# vi:sw=4:ts=8: