[ovs-discuss] openvswitch vlan tagging error
Ben Pfaff
blp at nicira.com
Thu Aug 30 04:18:25 UTC 2012
Possibly you are being sarcastic. It is difficult to read tone in plain
text media.
I am not sure that you understand how VLANs work. Here is some
information from the FAQ, if you do not:
Q: What's a VLAN?
A: At the simplest level, a VLAN (short for "virtual LAN") is a way to
partition a single switch into multiple switches. Suppose, for
example, that you have two groups of machines, group A and group B.
You want the machines in group A to be able to talk to each other,
and you want the machine in group B to be able to talk to each
other, but you don't want the machines in group A to be able to
talk to the machines in group B. You can do this with two
switches, by plugging the machines in group A into one switch and
the machines in group B into the other switch.
If you only have one switch, then you can use VLANs to do the same
thing, by configuring the ports for machines in group A as VLAN
"access ports" for one VLAN and the ports for group B as "access
ports" for a different VLAN. The switch will only forward packets
between ports that are assigned to the same VLAN, so this
effectively subdivides your single switch into two independent
switches, one for each group of machines.
So far we haven't said anything about VLAN headers. With access
ports, like we've described so far, no VLAN header is present in
the Ethernet frame. This means that the machines (or switches)
connected to access ports need not be aware that VLANs are
involved, just like in the case where we use two different physical
switches.
Now suppose that you have a whole bunch of switches in your
network, instead of just one, and that some machines in group A are
connected directly to both switches 1 and 2. To allow these
machines to talk to each other, you could add an access port for
group A's VLAN to switch 1 and another to switch 2, and then
connect an Ethernet cable between those ports. That works fine,
but it doesn't scale well as the number of switches and the number
of VLANs increases, because you use up a lot of valuable switch
ports just connecting together your VLANs.
This is where VLAN headers come in. Instead of using one cable and
two ports per VLAN to connect a pair of switches, we configure a
port on each switch as a VLAN "trunk port". Packets sent and
received on a trunk port carry a VLAN header that says what VLAN
the packet belongs to, so that only two ports total are required to
connect the switches, regardless of the number of VLANs in use.
Normally, only switches (either physical or virtual) are connected
to a trunk port, not individual hosts, because individual hosts
don't expect to see a VLAN header in the traffic that they receive.
None of the above discussion says anything about particular VLAN
numbers. This is because VLAN numbers are completely arbitrary.
One must only ensure that a given VLAN is numbered consistently
throughout a network and that different VLANs are given different
numbers. (That said, VLAN 0 is usually synonymous with a packet
that has no VLAN header, and VLAN 4095 is reserved.)
On Thu, Aug 30, 2012 at 09:58:18AM +0700, Dinh Khai Nguyen wrote:
> Yeah, so how could I use 2 VMs with tag=1 and ping each other successfully?
> Thanks.
>
> On 30 August 2012 09:52, Ben Pfaff <blp at nicira.com> wrote:
>
> > Then it's not surprising that you can't access the internet from your
> > VMs that are on VLAN 1.
> >
> > On Thu, Aug 30, 2012 at 09:45:08AM +0700, Đình Khải Nguyễn wrote:
> > > No, it's not available. This is my virtual network.
> > [...]
> > > On 29 August 2012 21:20, Ben Pfaff <blp at nicira.com> wrote:
> > >
> > > > On Wed, Aug 29, 2012 at 02:21:55PM +0700, Đình Khải Nguyễn wrote:
> > > > > However, the problem occurs when I try to add a VM to a VLAN using
> > > > command
> > > > > like: 'ovs-vsctl add-port br0 tap0 tag=1'. The guest VM will
> > immediately
> > > > > lose the wired connection, so I cannot ping to another VM nor to the
> > > > > internet.
> > > >
> > > > Is the Internet available on your network on VLAN 1?
> > > >
> > >
> > > --
> > > Best regards,
> > > // =================================================
> > > // Nguyễn Đình Khải
> > > // K53CA, Faculty of Computer Science
> > > // University of Engineering and Technology, VNU, Hanoi
> > > // Mobile: 01696972265
> > > // =================================================
> >
More information about the discuss
mailing list