[Users] How do Networks and Vlan-tagging work in oVirt ?

Tue Feb 12 21:27:04 UTC 2013

On 02/12/2013 12:36 PM, Nicolas Ecarnot wrote:
> Le 11/02/2013 11:37, Matt . a écrit :
>> I'm struggeling setting up my network in oVirt at the moment as I would
>> like to seperate specific VM's from other devices/clients in my network.
>>
>> I have decent setup switching network using Vlans, this is also the fact
>> for ovirt and the storage nodes where teh ports are seperated between
>> storage and management.
>>
>> Because I want to manage which client can acces which VM I need Vlan
>> tagging. The question is where are we going to do this, on the VM itself
>> or on the network I attach the VM's Nic to.
> 
> Hi,
> 
> I have also some related questions about VLAN tagging.
> 
> In any linux, I can create some virtual interfaces dedicated to some
> VLANs, like bond0:50
> I was expecting oVirt to allow me to create such virtual interfaces, use
> them in an oVirt "virtual network". Thus, any VM using this "virtual
> network" would be insured to stay limited to this vlan.
> 
> I know I can create bond0:50 manually in Fedora, but I guess oVirt must
> be implied in the network setup.
> 

You should follow the next steps:

1. Create a new logical network from the networks main tab: define its
data-center and set its vlan-id to 50 (the VM network checkbox should be
checked)
2. Click on the created network in the networks main tab ---> Select the
'Clusters' sub-tab and ---> click on 'Assign/Unassign Network' and
attach the network to the cluster (which contains the hosts that are
expected to run the VMs).
3. Click on 'hosts' sub-tab of the network main tab for the same
network. You should be able to see the cluster's hosts. Select a host
and click on 'Setup Networks'.
4. In the 'setup networks' dialog you would see the host's interfaces on
the left side and the logical networks definition on the right.
Drag the network on top of an interface, or first drag a nic on top of
another to create a bond and then drag the network to that bond.
A command will be sent from the engine to the vdsm on the host to
configure the desired network configuration.
5. In order to persist the network configuration on the host you can
check the 'save network configuration' from 4.

Specifically in the case you've described, few device will be created on
the host:
1. bond0
2. bond0.50 - the vlan device
3. 'your-network' - the vm network bridge will be created as a linux
bridge on top of bond0.50

> I also know I can setup my switches to make them do IP-vlan-tagging, but
> the solution above looks smarter to me.
> 
> How do one usually do in that case?
> 