Discussion:
[fedora-virt] VLAN Bridging
Dan Mossor
2015-02-04 20:05:49 UTC
Permalink
How do I connect a VM to a tagged VLAN?

I am building a host machine that has a bonded interface (bond0) that is
in turn my bridge interface (bridge0). The bond is connected to a trunk
port on the switch containing tagged vlans. I want to be able to connect
the VMs I'm building to one (or more) of the VLANs on this trunk port.

All I can find in the documentation is an obscure reference to a 'type'
modifier for the API [0]

Does libvirt support this natively, or will I need to decipher the
arcane world of OVS to make it work as I desire?

[0] http://wiki.libvirt.org/page/Features/virSimple#Guest_Creation
--
Dan Mossor, RHCSA
Systems Engineer at Large
Fedora Plasma Product WG | Fedora QA Team | Fedora Server WG
Fedora Infrastructure Apprentice
FAS: dmossor IRC: danofsatx
San Antonio, Texas, USA
Chuck Anderson
2015-02-04 20:36:55 UTC
Permalink
Post by Dan Mossor
How do I connect a VM to a tagged VLAN?
I am building a host machine that has a bonded interface (bond0)
that is in turn my bridge interface (bridge0). The bond is connected
to a trunk port on the switch containing tagged vlans. I want to be
able to connect the VMs I'm building to one (or more) of the VLANs
on this trunk port.
All I can find in the documentation is an obscure reference to a
'type' modifier for the API [0]
Does libvirt support this natively, or will I need to decipher the
arcane world of OVS to make it work as I desire?
[0] http://wiki.libvirt.org/page/Features/virSimple#Guest_Creation
I do this outside of libvirt with plain sysconfig files. Create
multiple ifcfg-bond0.<vlanid#> files, one for each VLAN, and attach
each one to a separate bridge with multiple ifcfg-br<vlanid#> files.
Then when creating VMs, just specifiy --network=br1001
--network=br1002, etc. for each VLAN you need on that VM. Inside the
guest, they will show up as eth0, eth1, eth2, etc.

ifcfg-bond0:

DEVICE=bond0
ONBOOT=yes
NM_CONTROLLED=no
BONDING_OPTS='mode=active-backup miimon=100 primary=p4p1'
TYPE=Ethernet
BOOTPROTO=none

ifcfg-bond0.1001:

DEVICE=bond0.1001
ONBOOT=yes
NM_CONTROLLED=no
VLAN=yes
TYPE=Ethernet
BOOTPROTO=none
BRIDGE=br1001

ifcfg-bond0.1002:

DEVICE=bond0.1002
ONBOOT=yes
NM_CONTROLLED=no
VLAN=yes
TYPE=Ethernet
BOOTPROTO=none
BRIDGE=br1002

ifcfg-bond0.1003:

DEVICE=bond0.1003
ONBOOT=yes
NM_CONTROLLED=no
VLAN=yes
TYPE=Ethernet
BOOTPROTO=none
BRIDGE=br1003

ifcfg-br1001:

DEVICE=br1001
ONBOOT=yes
NM_CONTROLLED=no
TYPE=Bridge
STP=off
DELAY=0
BOOTPROTO=none
BRIDGING_OPTS='multicast_snooping=0'

ifcfg-br1002:

DEVICE=br1002
ONBOOT=yes
NM_CONTROLLED=no
TYPE=Bridge
STP=off
DELAY=0
BOOTPROTO=none
BRIDGING_OPTS='multicast_snooping=0'

ifcfg-br1003:

DEVICE=br1003
ONBOOT=yes
NM_CONTROLLED=no
TYPE=Bridge
STP=off
DELAY=0
BOOTPROTO=none
BRIDGING_OPTS='multicast_snooping=0'
Laine Stump
2015-02-04 20:38:25 UTC
Permalink
Post by Dan Mossor
How do I connect a VM to a tagged VLAN?
I am building a host machine that has a bonded interface (bond0) that
is in turn my bridge interface (bridge0). The bond is connected to a
trunk port on the switch containing tagged vlans. I want to be able to
connect the VMs I'm building to one (or more) of the VLANs on this
trunk port.
All I can find in the documentation is an obscure reference to a
'type' modifier for the API [0]
Does libvirt support this natively, or will I need to decipher the
arcane world of OVS to make it work as I desire?
You imply that your bridge is an OVS bridge. If that is the case, then
libvirt does support vlan tagging of traffic transparent to the guest.
Look at the documentation for the <vlan> tag in
https://www.libvirt.org/formatnetwork.html

You can set the vlan tag for all guests connecting to a particular
network by putting a <vlan> element in the toplevel of the network
definition, for different groups of guests by putting <vlan> in multiple
<portgroup>s and assigning the guests to a portgroup, or you can set it
individually for each guest by adding a <vlan> element to the guest's
<interface> in the domain definition.

If you aren't using an OVS bridge, but are instead using a standard
Linux host bridge, you can have the traffic of all guests on the bridge
tagged for a single vlan by creating a vlan interface off of your bond
on the host, and attaching that vlan interface to the bridge rather than
the bond interface itself.
Post by Dan Mossor
[0] http://wiki.libvirt.org/page/Features/virSimple#Guest_Creation
Loading...