VLAN for virtual machines: Unterschied zwischen den Versionen
Ingo (Diskussion | Beiträge) (describe oldstyle linux bridge as hub) |
Ingo (Diskussion | Beiträge) (describe oldstyle linux bridge as hub) |
||
Zeile 7: | Zeile 7: | ||
In gerneral I will look at four methods: | In gerneral I will look at four methods: | ||
− | # [[#oldstyle linux bridge as | + | # [[#oldstyle linux bridge as hub|oldstyle linux bridge as hub]] |
− | # [[#linux bridge as | + | # [[#linux bridge as hub|linux bridge as hub]] |
# [[#linux bridge with libvirt hook scripts|linux bridge with libvirt hook scripts]] | # [[#linux bridge with libvirt hook scripts|linux bridge with libvirt hook scripts]] | ||
# [[#Open vSwitch|Open vSwitch]] | # [[#Open vSwitch|Open vSwitch]] | ||
Zeile 15: | Zeile 15: | ||
I have Debian GNU/Linux 9.1 (stretch) on the host and on virtual machines for testing as described here: [[Setup KVM with console]]. I'm sitting on harley as host, my all day workstation. | I have Debian GNU/Linux 9.1 (stretch) on the host and on virtual machines for testing as described here: [[Setup KVM with console]]. I'm sitting on harley as host, my all day workstation. | ||
Now I start the virtual machine, login and show its interface setting: | Now I start the virtual machine, login and show its interface setting: | ||
− | harley$ virsh start --console deb9-test | + | '''harley$''' virsh start --console deb9-test |
login | login | ||
− | deb9-test$ cat /etc/systemd/network/08-vlan10.netdev | + | '''deb9-test$''' cat /etc/systemd/network/08-vlan10.netdev |
[NetDev] | [NetDev] | ||
Name=vlan10 | Name=vlan10 | ||
Zeile 23: | Zeile 23: | ||
[VLAN] | [VLAN] | ||
Id=10 | Id=10 | ||
− | deb9-test$ cat /etc/systemd/network/12-vlan10_attach-to-if.network | + | '''deb9-test$''' cat /etc/systemd/network/12-vlan10_attach-to-if.network |
[Match] | [Match] | ||
Name=ens2 | Name=ens2 | ||
[Network] | [Network] | ||
VLAN=vlan10 | VLAN=vlan10 | ||
− | deb9-test$ cat /etc/systemd/network/16-vlan10_up.network | + | '''deb9-test$''' cat /etc/systemd/network/16-vlan10_up.network |
[Match] | [Match] | ||
Name=vlan10 | Name=vlan10 | ||
Zeile 35: | Zeile 35: | ||
Gateway=192.168.10.1 | Gateway=192.168.10.1 | ||
To test if we have connection direct after startup I append this to .bashrc: | To test if we have connection direct after startup I append this to .bashrc: | ||
− | deb9-test$ echo ping -c3 192.168.10.1 >> .bashrc | + | '''deb9-test$''' echo ping -c3 192.168.10.1 >> .bashrc |
Because I have to start the test virtual machine many times I setup autologin. It's no problem. There is nothing on the guest. | Because I have to start the test virtual machine many times I setup autologin. It's no problem. There is nothing on the guest. | ||
− | deb9-test$ grep ^ExecStart= /lib/systemd/system/serial-getty@.service | + | '''deb9-test$''' grep ^ExecStart= /lib/systemd/system/serial-getty@.service |
ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM | ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM | ||
modify to | modify to | ||
ExecStart=-/sbin/agetty --autologin ''yourloginname'' --keep-baud 115200,38400,9600 %I $TERM | ExecStart=-/sbin/agetty --autologin ''yourloginname'' --keep-baud 115200,38400,9600 %I $TERM | ||
− | == oldstyle linux bridge as | + | == oldstyle linux bridge as hub == |
This works always with the old linux bridge that do not know anything about VLAN. The trick is to set it to a complete transparent state for all connected interfaces like a hub. But you have to know that the bridge will then forward all packets to all interfaces simultanously. You can do it by setting the ageing time to 0. | This works always with the old linux bridge that do not know anything about VLAN. The trick is to set it to a complete transparent state for all connected interfaces like a hub. But you have to know that the bridge will then forward all packets to all interfaces simultanously. You can do it by setting the ageing time to 0. | ||
Disable systemd-networkd and start networking with ifupdown: | Disable systemd-networkd and start networking with ifupdown: | ||
− | harley$ sudo systemctl stop systemd-networkd | + | '''harley$''' sudo systemctl stop systemd-networkd |
Warning: Stopping systemd-networkd.service, but it can still be activated by: | Warning: Stopping systemd-networkd.service, but it can still be activated by: | ||
systemd-networkd.socket | systemd-networkd.socket | ||
− | harley$ sudo systemctl disable systemd-networkd | + | '''harley$''' sudo systemctl disable systemd-networkd |
Removed /etc/systemd/system/multi-user.target.wants/systemd-networkd.service. | Removed /etc/systemd/system/multi-user.target.wants/systemd-networkd.service. | ||
Removed /etc/systemd/system/sockets.target.wants/systemd-networkd.socket. | Removed /etc/systemd/system/sockets.target.wants/systemd-networkd.socket. | ||
− | harley$ sudo systemctl enable networking.service | + | '''harley$''' sudo ip link set dev br0 down && sudo ip link del dev br0 |
+ | '''harley$''' sudo systemctl enable networking.service | ||
Synchronizing state of networking.service with SysV service script with /lib/systemd/systemd-sysv-install. | Synchronizing state of networking.service with SysV service script with /lib/systemd/systemd-sysv-install. | ||
Executing: /lib/systemd/systemd-sysv-install enable networking | Executing: /lib/systemd/systemd-sysv-install enable networking | ||
− | harley$ sudo systemctl start networking.service | + | '''harley$''' sudo systemctl start networking.service |
− | harley$ | + | '''harley$''' |
+ | Setup the bridge and start it: | ||
+ | '''harley$''' cat /etc/network/interfaces | ||
+ | auto br0 | ||
+ | iface br0 inet manual | ||
+ | bridge_ports enp1s0 | ||
+ | bridge_ageing 0 | ||
+ | bridge_stp off | ||
+ | '''harley$''' sudo ifup br0 | ||
+ | Waiting for br0 to get ready (MAXWAIT is 32 seconds). | ||
+ | '''harley$''' | ||
+ | It's all in place now: | ||
+ | '''harley$''' cat /sys/class/net/br0/bridge/ageing_time | ||
+ | 0 | ||
+ | '''harley$''' cat /sys/class/net/br0/bridge/stp_state | ||
+ | 0 | ||
+ | '''harley$''' cat /sys/class/net/br0/bridge/vlan_filtering | ||
+ | 0 | ||
+ | Yes, there is no VLAN filtering, means VLAN on the bridge is disabled but the guest sees the VLAN-tagged packets. | ||
+ | To list all settings of the bridge you can use: | ||
+ | harley$ find /sys/class/net/br0/bridge/ -type f -readable -printf '%f = ' -exec cat {} \; | sort | ||
− | == linux bridge as | + | === References === |
+ | * https://wiki.debian.org/NetworkConfiguration#Bridging_without_Switching | ||
+ | |||
+ | == linux bridge as hub == | ||
=== References === | === References === | ||
* https://www.freedesktop.org/software/systemd/man/systemd.netdev.html | * https://www.freedesktop.org/software/systemd/man/systemd.netdev.html |
Version vom 22. September 2017, 16:13 Uhr
Inhaltsverzeichnis
Introduction
I wanted to update VLAN connections for virtual machines to newer technologies and put a question on unix.stackexchange. But I do not get any answer. It seems there is very little knowledge for this out there. So I decided to work on it by myself and document it here.
In gerneral I will look at four methods:
- oldstyle linux bridge as hub
- linux bridge as hub
- linux bridge with libvirt hook scripts
- Open vSwitch
Preparation
I have Debian GNU/Linux 9.1 (stretch) on the host and on virtual machines for testing as described here: Setup KVM with console. I'm sitting on harley as host, my all day workstation. Now I start the virtual machine, login and show its interface setting:
harley$ virsh start --console deb9-test
login
deb9-test$ cat /etc/systemd/network/08-vlan10.netdev [NetDev] Name=vlan10 Kind=vlan [VLAN] Id=10 deb9-test$ cat /etc/systemd/network/12-vlan10_attach-to-if.network [Match] Name=ens2 [Network] VLAN=vlan10 deb9-test$ cat /etc/systemd/network/16-vlan10_up.network [Match] Name=vlan10 [Network] Address=192.168.10.57/24 Gateway=192.168.10.1
To test if we have connection direct after startup I append this to .bashrc:
deb9-test$ echo ping -c3 192.168.10.1 >> .bashrc
Because I have to start the test virtual machine many times I setup autologin. It's no problem. There is nothing on the guest.
deb9-test$ grep ^ExecStart= /lib/systemd/system/serial-getty@.service ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM
modify to
ExecStart=-/sbin/agetty --autologin yourloginname --keep-baud 115200,38400,9600 %I $TERM
oldstyle linux bridge as hub
This works always with the old linux bridge that do not know anything about VLAN. The trick is to set it to a complete transparent state for all connected interfaces like a hub. But you have to know that the bridge will then forward all packets to all interfaces simultanously. You can do it by setting the ageing time to 0.
Disable systemd-networkd and start networking with ifupdown:
harley$ sudo systemctl stop systemd-networkd Warning: Stopping systemd-networkd.service, but it can still be activated by: systemd-networkd.socket harley$ sudo systemctl disable systemd-networkd Removed /etc/systemd/system/multi-user.target.wants/systemd-networkd.service. Removed /etc/systemd/system/sockets.target.wants/systemd-networkd.socket. harley$ sudo ip link set dev br0 down && sudo ip link del dev br0 harley$ sudo systemctl enable networking.service Synchronizing state of networking.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable networking harley$ sudo systemctl start networking.service harley$
Setup the bridge and start it:
harley$ cat /etc/network/interfaces auto br0 iface br0 inet manual bridge_ports enp1s0 bridge_ageing 0 bridge_stp off harley$ sudo ifup br0 Waiting for br0 to get ready (MAXWAIT is 32 seconds). harley$
It's all in place now:
harley$ cat /sys/class/net/br0/bridge/ageing_time 0 harley$ cat /sys/class/net/br0/bridge/stp_state 0 harley$ cat /sys/class/net/br0/bridge/vlan_filtering 0
Yes, there is no VLAN filtering, means VLAN on the bridge is disabled but the guest sees the VLAN-tagged packets. To list all settings of the bridge you can use:
harley$ find /sys/class/net/br0/bridge/ -type f -readable -printf '%f = ' -exec cat {} \; | sort
References
linux bridge as hub
References
- https://www.freedesktop.org/software/systemd/man/systemd.netdev.html
- https://www.freedesktop.org/software/systemd/man/systemd.network.html
linux bridge with libvirt hook scripts
References
- https://www.libvirt.org/hooks.html
- https://serverfault.com/questions/696011/libvirt-hook-qemu-suse12