[Users] networking: basic vlan help

[Lior Vernia]

On 23/01/14 18:35, Itamar Heim wrote:
> On 01/23/2014 05:59 PM, Assaf Muller wrote:
>> If you enable VLAN tagging on the management network, which is configured
>> on eth0 (Which also provides internet access from my understanding) then
>> you will connectivity as (I assume) your physical switches aren't
>> configured
>> for VLANs.
>>
>> For an all-in-one, what I would suggest is the following procedure:
>> On your PC, create a dummy NIC via:
>> sudo ip link add dev dummy_0 type dummy
>> sudo ip link set dev dummy_0 up
>>
>> It's important that the name will be in the dummy_* format.
>>
>> Following that, go back to the GUI, select the host and hit Refresh
>> Host Capabilities.
>>
>> You should see the new dummy_0 device as a host NIC.
>>
>> Create a VM network, and under the host Network Interfaces tab hit
>> Setup Host Networks.
>>
>> Drag and drop the new VM network on dummy_0 (Don't give dummy_0 a boot
>> protocol or an IP address
>> in the edit network dialog).
>>
>> At this point you should be able to attach VM vNICs' to the new VM
>> network and they won't
>> be physically connected to any other network, but they'll be able to
>> talk amongst themselves.
>>
>>
>> The "private network" feature is planned* for oVirt 3.5, so in the
>> future you'll be able
>> to just define a network as a private one and everything will work
>> automatically.
>>
>> * No promises!
>>
>>
>> Assaf Muller, Cloud Networking Engineer
>> Red Hat
>>
>> ----- Original Message -----
>> From: "Robert Story" <rstory at tislabs.com>
>> To: "users" <users at ovirt.org>
>> Sent: Thursday, January 23, 2014 5:44:25 PM
>> Subject: [Users] networking: basic vlan help
>>
>> Hello again,
>>
>> I'm new to VLANs and have a few questions. Right now I just have the mgmt
>> interface (bridged with eth0) on my all-in-one oVirt test setup. I
>> want to
>> separate some VMs from the public facing net, which I think means that
>> they
>> need to be on a different VLAN.  I created two new networks, pubX and
>> privY, with vlan ids X and Y, but couldn't assign them to eth0 because
>> the
>> current mgmt network is non-VLAN. I was about to enable VLAN tagging
>> on the
>> mgmt network, but I wanted to make sure that doing so wouldn't do
>> anything
>> to eth0 that would disrupt access to it (I only have remote access and
>> don't
>> want to lock myself out).  Also, if it is safe, does the mgmt vlan tag id
>> matter? is 0 the right value?
>>
>> Any/all help, hints, tips or references to examples/links greatly
>> appreciated.
>>
>>
>> Robert
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
> 
> wouldn't disabling 'vm network' on the mgmt network to simply allow the
> VLAN'd networks for VMs be simpler?

Yes, this is an alternative to VLAN-tagging the mgmt network. And
segregation from the "outer world" could be achieved as proposed by
Robert using VLANs, if switches are configured properly.

> also, since this question/use-case came up several times past 2 weeks -
> do we have a good enough user feedback on why user can't attach a
> logical network to the same interface, suggesting there is a non-vlan'd
> network visible to VMs, and that if they want to use VLAN'd networks on
> the same nic, they should disable the 'vm network' role on the
> non-vlan'd network?
> 

When trying to put such networks together via the Setup Networks dialog,
users are currently informed that non-tagged VM networks can't exist on
the same interface as tagged VM networks, and are advised to detach the
non-tagged network.

If this appears to be insufficient, I could replace it by a suggestion
to configure it as non-VM, or add that to the existing suggestion, but
we're kinda short on real-estate in the status panel of that dialog (and
that's a lot of information to absorb in one error).