VLAN for virtual machines: Unterschied zwischen den Versionen

Aus Ingos Wiki
Wechseln zu: Navigation, Suche
(describe oldstyle linux bridge as hub)
(describe oldstyle linux bridge as hub)
Zeile 7: Zeile 7:
  
 
In gerneral I will look at four methods:
 
In gerneral I will look at four methods:
# [[#oldstyle linux bridge as a hub|oldstyle linux bridge as a hub]]
+
# [[#oldstyle linux bridge as hub|oldstyle linux bridge as hub]]
# [[#linux bridge as a hub|linux bridge as a hub]]
+
# [[#linux bridge as hub|linux bridge as hub]]
 
# [[#linux bridge with libvirt hook scripts|linux bridge with libvirt hook scripts]]
 
# [[#linux bridge with libvirt hook scripts|linux bridge with libvirt hook scripts]]
 
# [[#Open vSwitch|Open vSwitch]]
 
# [[#Open vSwitch|Open vSwitch]]
Zeile 15: Zeile 15:
 
I have Debian GNU/Linux 9.1 (stretch) on the host and on virtual machines for testing as described here: [[Setup KVM with console]]. I'm sitting on harley as host, my all day workstation.
 
I have Debian GNU/Linux 9.1 (stretch) on the host and on virtual machines for testing as described here: [[Setup KVM with console]]. I'm sitting on harley as host, my all day workstation.
 
Now I start the virtual machine, login and show its interface setting:
 
Now I start the virtual machine, login and show its interface setting:
  harley$ virsh start --console deb9-test
+
  '''harley$''' virsh start --console deb9-test
 
login
 
login
  deb9-test$ cat /etc/systemd/network/08-vlan10.netdev
+
  '''deb9-test$''' cat /etc/systemd/network/08-vlan10.netdev
 
  [NetDev]
 
  [NetDev]
 
  Name=vlan10
 
  Name=vlan10
Zeile 23: Zeile 23:
 
  [VLAN]
 
  [VLAN]
 
  Id=10
 
  Id=10
  deb9-test$ cat /etc/systemd/network/12-vlan10_attach-to-if.network
+
  '''deb9-test$''' cat /etc/systemd/network/12-vlan10_attach-to-if.network
 
  [Match]
 
  [Match]
 
  Name=ens2
 
  Name=ens2
 
  [Network]
 
  [Network]
 
  VLAN=vlan10
 
  VLAN=vlan10
  deb9-test$ cat /etc/systemd/network/16-vlan10_up.network
+
  '''deb9-test$''' cat /etc/systemd/network/16-vlan10_up.network
 
  [Match]
 
  [Match]
 
  Name=vlan10
 
  Name=vlan10
Zeile 35: Zeile 35:
 
  Gateway=192.168.10.1
 
  Gateway=192.168.10.1
 
To test if we have connection direct after startup I append this to .bashrc:
 
To test if we have connection direct after startup I append this to .bashrc:
  deb9-test$ echo ping -c3 192.168.10.1 >> .bashrc
+
  '''deb9-test$''' echo ping -c3 192.168.10.1 >> .bashrc
 
Because I have to start the test virtual machine many times I setup autologin. It's no problem. There is nothing on the guest.
 
Because I have to start the test virtual machine many times I setup autologin. It's no problem. There is nothing on the guest.
  deb9-test$ grep ^ExecStart= /lib/systemd/system/serial-getty@.service
+
  '''deb9-test$''' grep ^ExecStart= /lib/systemd/system/serial-getty@.service
 
  ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM
 
  ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM
 
modify to
 
modify to
 
  ExecStart=-/sbin/agetty --autologin ''yourloginname'' --keep-baud 115200,38400,9600 %I $TERM
 
  ExecStart=-/sbin/agetty --autologin ''yourloginname'' --keep-baud 115200,38400,9600 %I $TERM
  
== oldstyle linux bridge as a hub ==
+
== oldstyle linux bridge as hub ==
 
This works always with the old linux bridge that do not know anything about VLAN. The trick is to set it to a complete transparent state for all connected interfaces like a hub. But you have to know that the bridge will then forward all packets to all interfaces simultanously. You can do it by setting the ageing time to 0.
 
This works always with the old linux bridge that do not know anything about VLAN. The trick is to set it to a complete transparent state for all connected interfaces like a hub. But you have to know that the bridge will then forward all packets to all interfaces simultanously. You can do it by setting the ageing time to 0.
  
 
Disable systemd-networkd and start networking with ifupdown:
 
Disable systemd-networkd and start networking with ifupdown:
  harley$ sudo systemctl stop systemd-networkd
+
  '''harley$''' sudo systemctl stop systemd-networkd
 
  Warning: Stopping systemd-networkd.service, but it can still be activated by:
 
  Warning: Stopping systemd-networkd.service, but it can still be activated by:
 
   systemd-networkd.socket
 
   systemd-networkd.socket
  harley$ sudo systemctl disable systemd-networkd
+
  '''harley$''' sudo systemctl disable systemd-networkd
 
  Removed /etc/systemd/system/multi-user.target.wants/systemd-networkd.service.
 
  Removed /etc/systemd/system/multi-user.target.wants/systemd-networkd.service.
 
  Removed /etc/systemd/system/sockets.target.wants/systemd-networkd.socket.
 
  Removed /etc/systemd/system/sockets.target.wants/systemd-networkd.socket.
  harley$ sudo systemctl enable networking.service
+
  '''harley$''' sudo ip link set dev br0 down && sudo ip link del dev br0
 +
'''harley$''' sudo systemctl enable networking.service
 
  Synchronizing state of networking.service with SysV service script with /lib/systemd/systemd-sysv-install.
 
  Synchronizing state of networking.service with SysV service script with /lib/systemd/systemd-sysv-install.
 
  Executing: /lib/systemd/systemd-sysv-install enable networking
 
  Executing: /lib/systemd/systemd-sysv-install enable networking
  harley$ sudo systemctl start networking.service
+
  '''harley$''' sudo systemctl start networking.service
  harley$
+
  '''harley$'''
 +
Setup the bridge and start it:
 +
'''harley$''' cat /etc/network/interfaces
 +
auto br0
 +
iface br0 inet manual
 +
    bridge_ports enp1s0
 +
    bridge_ageing 0
 +
    bridge_stp off
 +
'''harley$''' sudo ifup br0
 +
Waiting for br0 to get ready (MAXWAIT is 32 seconds).
 +
'''harley$'''
 +
It's all in place now:
 +
'''harley$''' cat /sys/class/net/br0/bridge/ageing_time
 +
0
 +
'''harley$''' cat /sys/class/net/br0/bridge/stp_state
 +
0
 +
'''harley$''' cat /sys/class/net/br0/bridge/vlan_filtering
 +
0
 +
Yes, there is no VLAN filtering, means VLAN on the bridge is disabled but the guest sees the VLAN-tagged packets.
 +
To list all settings of the bridge you can use:
 +
harley$ find /sys/class/net/br0/bridge/ -type f -readable -printf '%f = ' -exec cat {} \; | sort
  
== linux bridge as a hub ==
+
=== References ===
 +
* https://wiki.debian.org/NetworkConfiguration#Bridging_without_Switching
 +
 
 +
== linux bridge as hub ==
 
=== References ===
 
=== References ===
 
* https://www.freedesktop.org/software/systemd/man/systemd.netdev.html
 
* https://www.freedesktop.org/software/systemd/man/systemd.netdev.html

Version vom 22. September 2017, 15:13 Uhr

Introduction

I wanted to update VLAN connections for virtual machines to newer technologies and put a question on unix.stackexchange. But I do not get any answer. It seems there is very little knowledge for this out there. So I decided to work on it by myself and document it here.

In gerneral I will look at four methods:

  1. oldstyle linux bridge as hub
  2. linux bridge as hub
  3. linux bridge with libvirt hook scripts
  4. Open vSwitch

Preparation

I have Debian GNU/Linux 9.1 (stretch) on the host and on virtual machines for testing as described here: Setup KVM with console. I'm sitting on harley as host, my all day workstation. Now I start the virtual machine, login and show its interface setting:

harley$ virsh start --console deb9-test

login

deb9-test$ cat /etc/systemd/network/08-vlan10.netdev
[NetDev]
Name=vlan10
Kind=vlan
[VLAN]
Id=10
deb9-test$ cat /etc/systemd/network/12-vlan10_attach-to-if.network
[Match]
Name=ens2
[Network]
VLAN=vlan10
deb9-test$ cat /etc/systemd/network/16-vlan10_up.network
[Match]
Name=vlan10
[Network]
Address=192.168.10.57/24
Gateway=192.168.10.1

To test if we have connection direct after startup I append this to .bashrc:

deb9-test$ echo ping -c3 192.168.10.1 >> .bashrc

Because I have to start the test virtual machine many times I setup autologin. It's no problem. There is nothing on the guest.

deb9-test$ grep ^ExecStart= /lib/systemd/system/serial-getty@.service
ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM

modify to

ExecStart=-/sbin/agetty --autologin yourloginname --keep-baud 115200,38400,9600 %I $TERM

oldstyle linux bridge as hub

This works always with the old linux bridge that do not know anything about VLAN. The trick is to set it to a complete transparent state for all connected interfaces like a hub. But you have to know that the bridge will then forward all packets to all interfaces simultanously. You can do it by setting the ageing time to 0.

Disable systemd-networkd and start networking with ifupdown:

harley$ sudo systemctl stop systemd-networkd
Warning: Stopping systemd-networkd.service, but it can still be activated by:
  systemd-networkd.socket
harley$ sudo systemctl disable systemd-networkd
Removed /etc/systemd/system/multi-user.target.wants/systemd-networkd.service.
Removed /etc/systemd/system/sockets.target.wants/systemd-networkd.socket.
harley$ sudo ip link set dev br0 down && sudo ip link del dev br0
harley$ sudo systemctl enable networking.service
Synchronizing state of networking.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable networking
harley$ sudo systemctl start networking.service
harley$

Setup the bridge and start it:

harley$ cat /etc/network/interfaces
auto br0
iface br0 inet manual
    bridge_ports enp1s0
    bridge_ageing 0
    bridge_stp off
harley$ sudo ifup br0
Waiting for br0 to get ready (MAXWAIT is 32 seconds).
harley$

It's all in place now:

harley$ cat /sys/class/net/br0/bridge/ageing_time 
0
harley$ cat /sys/class/net/br0/bridge/stp_state 
0
harley$ cat /sys/class/net/br0/bridge/vlan_filtering 
0

Yes, there is no VLAN filtering, means VLAN on the bridge is disabled but the guest sees the VLAN-tagged packets. To list all settings of the bridge you can use:

harley$ find /sys/class/net/br0/bridge/ -type f -readable -printf '%f = ' -exec cat {} \; | sort

References

linux bridge as hub

References

linux bridge with libvirt hook scripts

References

Open vSwitch

References