[ovs-discuss] VLANs and DHCP
scott.lowe at scottlowe.org
Fri Oct 2 14:51:07 UTC 2015
Hi Jeff, please see my responses inline, prefixed by [SL].
Jeff Forbes <jeff.forbes at mail.nacon.com> wrote:
> I have set up the openvswitch demo for isolating VM traffic using VLANs.
> The setup works as expected. The difficulty I am having is with using
> DHCP to assign the IPs. The two VLANs have IP ranges of 10.0.0.x and
> 10.0.1.x and the netmasks are 255.255.0.0. I have been able to get
> dnsmasq to assigned IPs for one of the VLANs by assigning an internal
> openvswitch port on the DHCP server the ip of 10.0.0.1 and the tag of
> one of the VLANs.
[SL] Based on the network addresses and subnet mask provided, you have a
situation where you have two VLANs (which are Layer 2 broadcast domains)
inside a single IP network (which is a Layer 3 broadcast domain). This can
produce some unexpected (and typically undesired) results. Generally, you'll
align your VLANs with your IP subnets, since systems can't communicate
across VLANs without passing through a Layer 3 device anyway.
> The goal is to be able to have multiple vlans with IPs in the 10.0.x.y
> range and have them assigned IPs based on the VMs MAC address.
> What is the best way to have the DHCP daemon recognize the different
[SL] DHCP itself is not VLAN-aware and operates within a Layer 2 broadcast
domain (a VLAN). Without assistance, a single DHCP server in one VLAN won't
be able to provide IP address leases to systems outside its own VLAN. That
assistance comes in the form of a DHCP relay, which takes DHCP requests on
one VLAN and forwards them across a router to the DHCP server in the other
> I tried to use the trunk directive, but dnamasq did not respond to the
> broadcast DHCP request.
> The reason for using the 10.0.x.y address space is that we would like to
> be able to have some of the VLANs be able to communicate between each
> other without changing the VLAN tag. Is there a way of doing this?
[SL] Systems in different VLANs can't communicate with systems in other
VLANs without passing through a Layer 3 device (a router).
Can you share a bit more on exactly *what* you're trying to achieve with
this particular environment, so that we can try to provide some guidance as
to how to achieve it?
More information about the discuss