[ovs-discuss] VLAN question

Gurucharan Shetty gshetty at nicira.com
Mon Aug 6 17:27:09 UTC 2012


On Mon, Aug 6, 2012 at 5:39 AM, kruskakli <kruskakli at gmail.com> wrote:

>
> Thanx for your reply!
>
> I've now been tearing my hair for a couple of hours trying to get trunking
> to work :-)
> I'm still not able to make both my host and vlan-guest to have external
> network access.
> I've done this:
>
> # Create a bridge and add the physical port/interface
> ovs-vsctl add-br br0
> ovs-vsctl add-port br0 eth0
>
> # Create a fake-bridge for VLAN 10
> ovs-vsctl add-br vlan10 br0 10
>
> # Add interface (vnet2) for VM to run on VLAN 10
> ovs-vsctl add-port vlan10 vnet2
>
>
> # ovs-vsctl show
> 412279fe-57da-42c5-a2d3-ead66689f6cb
>     Bridge "br0"
>         Port "br0"
>             Interface "br0"
>                 type: internal
>         Port "vlan10"
>             tag: 10
>             Interface "vlan10"
>                 type: internal
>
>         Port "vnet2"
>             tag: 10
>             Interface "vnet2"
>         Port "eth0"
>             Interface "eth0"
>
> If I add tag=10 to eth0 I'm able to get external access from within my VM,
> but then my host can't get out.
> I've been trying all sort of combinations, for example this one which
> to me looks somewhat sane, i.e eth0 should trunk VLAN 0 and 10:
>
> l# ovs-vsctl list port eth0
> _uuid               : fe14a941-7ed4-449c-a8e2-a4d618e3e770
> bond_downdelay      : 0
> bond_fake_iface     : false
> bond_mode           : []
> bond_updelay        : 0
> external_ids        : {}
> fake_bridge         : false
> interfaces          : [2dc88583-be15-4065-906c-e920948787b9]
> lacp                : []
> mac                 : []
> name                : "eth0"
> other_config        : {}
> qos                 : []
> statistics          : {}
> status              : {}
> tag                 : []
> trunks              : [0, 10]
> vlan_mode           : trunk
>
> When vlan 10 tagged traffic goes out of your eth0 (tcpdump should show
it), does the connected switch know what to do with it? Else, you probably
need to have it just as an access port of 10 (instead of trunk) and then
your hypervisor IP address should be on a VLAN 10 interface. Does doing
something like that work?





> Without any success however...
> Gee, if anyone could shed any light on what I'm doing wrong I would be
> most happy.
>
> Cheers, Toby
> (Some more info follows:
>
> # ip a ls
>
> 2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast state UP qlen 1000
>     link/ether d4:be:d9:98:59:7c brd ff:ff:ff:ff:ff:ff
> 19: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP qlen 500
>     link/ether da:72:1a:ed:bf:a7 brd ff:ff:ff:ff:ff:ff
>     inet6 fe80::d872:1aff:feed:bfa7/64 scope link
>        valid_lft forever preferred_lft forever
> 27: br0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UNKNOWN
>     link/ether d4:be:d9:98:59:7c brd ff:ff:ff:ff:ff:ff
>     inet 192.168.1.175/24 brd 192.168.1.255 scope global br0
>     inet 192.168.1.115/24 brd 192.168.1.255 scope global secondary br0
>     inet6 fe80::c0f:bcff:febd:3741/64 scope link
>        valid_lft forever preferred_lft forever
> 28: vlan10: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
>     link/ether 22:11:ec:bc:d3:85 brd ff:ff:ff:ff:ff:ff
>
> # route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 br0
> 169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 br0
> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
>
> )
>
>
>
>
>
> On 08/03/2012 05:32 PM, Gurucharan Shetty wrote:
>
> On Fri, Aug 3, 2012 at 7:10 AM, kruskakli <kruskakli at gmail.com> wrote:
>
>> Hi,
>>
>> I wanted to play around with VLAN so I created 3 VM's
>> (running kvm on Ubuntu 12.04 with the openvswitch 1.7.0).
>>
>> Two of them was in VLAN 10. It worked nice. They could talk to
>> each other but not to the third VM which was in (the default?) VLAN 0.
>>
>> However, to make external IP traffic possible I had to add my (only)
>> pyshical device (eth0) to VLAN 10. Fine, now external access worked
>> from the two VM's.
>>
>> But, now I couldn't access the outside from within my host machine.
>> (I was able to restore it by removing eth0 from VLAN 10 and
>> attach it to VLAN0 again...)
>>
>> So, my question is, how I could solve this so that it works for
>> both my host machine as well as those VLAN-guest VMs?
>>
>
>  "man ovs-vswitchd.conf.db" has a lot of details about VLANs.
>
>  There is a section on VLANs here:
> http://openvswitch.org/faq/
>
>  It looks like you need to configure eth0 as a trunk port to carry VLAN 0
> and VLAN 10.
>
>  Thanks,
> Guru
>
>
>
>>
>> I attach some info below in case that would be helpful.
>>
>> Cheers, Tobbe
>>
>> # ovs-vsctl show
>> 412279fe-57da-42c5-a2d3-ead66689f6cb
>>     Bridge "br0"
>>         Port "vnet0"
>>             Interface "vnet0"
>>         Port "vnet2"
>>             tag: 10
>>             Interface "vnet2"
>>         Port "vnet1"
>>             tag: 10
>>             Interface "vnet1"
>>         Port "br0"
>>             Interface "br0"
>>                 type: internal
>>         Port "eth0"
>>             tag: 0
>>             Interface "eth0"
>>
>> # ip a ls
>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
>>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>     inet 127.0.0.1/8 scope host lo
>>     inet 169.254.169.254/32 scope link lo
>>     inet6 ::1/128 scope host
>>        valid_lft forever preferred_lft forever
>> 2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc
>> pfifo_fast state UP qlen 1000
>>     link/ether d4:be:d9:98:59:7c brd ff:ff:ff:ff:ff:ff
>> 10: br0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue
>> state UNKNOWN
>>     link/ether d4:be:d9:98:59:7c brd ff:ff:ff:ff:ff:ff
>>     inet 192.168.1.115/24 brd 192.168.1.255 scope global br0
>>     inet6 fe80::a444:1ff:fe24:fd46/64 scope link
>>        valid_lft forever preferred_lft forever
>> 16: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> state UP qlen 500
>>     link/ether 4a:d9:f8:ed:e5:28 brd ff:ff:ff:ff:ff:ff
>>     inet6 fe80::48d9:f8ff:feed:e528/64 scope link
>>        valid_lft forever preferred_lft forever
>> 18: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> state UP qlen 500
>>     link/ether ce:3b:44:0d:db:e3 brd ff:ff:ff:ff:ff:ff
>>     inet6 fe80::cc3b:44ff:fe0d:dbe3/64 scope link
>>        valid_lft forever preferred_lft forever
>> 19: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> state UP qlen 500
>>     link/ether da:72:1a:ed:bf:a7 brd ff:ff:ff:ff:ff:ff
>>     inet6 fe80::d872:1aff:feed:bfa7/64 scope link
>>        valid_lft forever preferred_lft forever
>>
>> Example, on how I started kvm:
>>
>> kvm -m 2048 -net nic,vlan=10,model=virtio,macaddr=00:00:00:00:cc:12 -net
>> tap,vlan=10,ifname=vnet2,script=/etc/ovs-ifup,downscript=/etc/ovs-ifdown
>> -boot c -hda /var/lib/libvirt/images/debian-6.0.5_boot2-c3.img
>>
>>
>> _______________________________________________
>> discuss mailing list
>> discuss at openvswitch.org
>> http://openvswitch.org/mailman/listinfo/discuss
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20120806/1497c729/attachment.html>


More information about the discuss mailing list