[libvirt-users] What's the best way to make use of VLAN interfaces with VMs?
Richard Achmatowicz
rachmato at redhat.com
Wed Nov 27 04:07:28 UTC 2019
Hello
I have a problem with attaching VMs to a VLAN interface.
Here is my setup: I have several physical hosts connected by a physical
switch. Each host has two NICs leading to the switch, which have been
combined into a team, team0. Each host a has a bridge br1, which has
team0 as a slave. So communication between hosts is based on the IP
address of bridge br1 on each host.
Up until recently, using libvirt and KVM, I was creating VMs which had
one interface attached the default virtual network and one interface
attached to the bridge:
virt-install ... --network network=default --network bridge=br1 ...
I would then statically assign an IP address to the bridge interface on
the guest when installing the OS.
A few days ago, a VLAN was introduced to split up the network. I created
a new VLAN interface br1.600 on each of the hosts. My initial attempt
was to do try this:
virt-install ... --network network=default --network bridge=br1.600 ...
which did not work. It then dawned on me that a VLAN interface and a
bridge aren't treated the same. So I started to look for ways to allow
my VMs to bind to this new interface.
This would seem to be a common situation. What is the best way to work
around this?
Both the host bridge and the host VLAN interface already have their
assigned IP addresses and appear like this in libvirt:
[root at clusterdev01 ]# ifconfig
br1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.110 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::1e98:ecff:fe1b:276d prefixlen 64 scopeid 0x20<link>
ether 1c:98:ec:1b:27:6d txqueuelen 1000 (Ethernet)
RX packets 833772 bytes 2976958254 (2.7 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 331237 bytes 23335124 (22.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br1.600: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.110 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::1e98:ecff:fe1b:276d prefixlen 64 scopeid 0x20<link>
ether 1c:98:ec:1b:27:6d txqueuelen 1000 (Ethernet)
RX packets 189315 bytes 9465744 (9.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 302 bytes 30522 (29.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root at clusterdev01]# virsh iface-list --all
Name State MAC Address
---------------------------------------------------
br1 active 1c:98:ec:1b:27:6d
br1.600 active 1c:98:ec:1b:27:6d
[root at clusterdev01 sysadmin]# virsh iface-dumpxml br1.600
<interface type='vlan' name='br1.600'>
<protocol family='ipv4'>
<ip address='192.168.1.110' prefix='24'/>
</protocol>
<protocol family='ipv6'>
<ip address='fe80::1e98:ecff:fe1b:276d' prefix='64'/>
</protocol>
<link state='up'/>
<vlan tag='600'>
<interface name='br1'/>
</vlan>
</interface>
I tried following some suggestions which wrapped the vlan interface in a
bridge interface, but in ended up trashing the br1.600 interface which
was originally defined on the host.
Is there a failsafe way to deal with such a situation? Am I doing
something completely wrong here? In would like br1.600 to behave like
br1 .....
Any suggestions or advice greatly appreciated.
Richard
More information about the libvirt-users
mailing list