[ovirt-users] Passing VLAN trunk to VM

Edward Haas ehaas at redhat.com
Mon Mar 13 13:57:32 UTC 2017


What VLAN you expected to see on the vnics? 200?
Per the screenshots, 200 is already in use on the host for a different
network. You cannot have the same vlan on two different networks if they
origin from the same nic/bond.

Lets take a small example to illustrate this:
On the Host: bond0 with eth0 and eth1 as slaves. On bond0, there are 3
vlans: 101, 102, 103.
We define 4 networks: net1 on vlan 101, net2 on vlan 102, net3 on vlan 103
and netall on bond0.

When packets pass bond0, they are classified based on their tag, all that
match the defined vlans will be stripped and forwarded up the stack to the
relevant vlan interface.
The ones that are left will get processed by bond0 and the network that is
set on top of it.
Therefore, the netall network will never see packets that came from vlan
101, 102 and 103, but will see all the rest.

Thanks,
Edy.


On Mon, Mar 13, 2017 at 3:27 PM, Rogério Ceni Coelho <
rogeriocenicoelho at gmail.com> wrote:

> Hi Everyone,
>
> I try to use as we talk about not define a vlan tag, but does not work. I
> try using tag vlan and bond + tag vlan. Seems as you can see, ovirt attach
> vlan id 0 ( reserved to untagged vlan on a trunck -
> http://standards.ieee.org/getieee802/download/802.1Q-2005.pdf ).
>
> [image: pasted3]
>
> [image: pasted4]
>
> [image: pasted5]
>
>
> [image: pasted2][image: pasted1]
>
>
> Em dom, 12 de mar de 2017 às 11:33, Edward Haas <ehaas at redhat.com>
> escreveu:
>
>> On Sun, Mar 12, 2017 at 3:43 PM, Rogério Ceni Coelho <
>> rogeriocenicoelho at gmail.com> wrote:
>>
>> I think you define vlans on vm virtual nic OS like you do as usual.
>> Monday i will try and share results. Bye.
>>
>> Em Dom, 12 de mar de 2017 10:40, FERNANDO FREDIANI <
>> fernando.frediani at upx.com> escreveu:
>>
>> Great !
>>
>> What about a range of VLANs, is it also supported ?
>>
>>
>> That was the OVS note all about, only with an OVS bridge it is possible
>> to define/select the vlans which are exposed
>> to the VM vnic. But this is not available at the moment.
>> As Rogério mentioned, define the VLAN/s on the VM vnic.
>>
>>
>> 2017-03-11 17:47 GMT-03:00 Edward Haas <ehaas at redhat.com>:
>>
>> Passing a trunk to the vnic is supported long ago.
>> Just create a network over a nic/bond that is connected to a trunk port
>> and do not define any VLAN (we call it non vlan network).
>> In oVirt, a non-vlan network will ignore the VLAN tag and will forward
>> the packets as is onward.
>> It is up to the VM vnic to define vlans or use a promisc mode to see
>> everything.
>>
>> OVS can add a layer of security over the existing, by defining explicitly
>> which vlans are allowed for a specific vnic, but it is not
>> currently available.
>>
>>
>> On Thu, Mar 9, 2017 at 11:40 PM, Simon Vincent <sv at srvincent.co.uk>
>> wrote:
>>
>> I was wondering if open vswitch will get round this problem. Has anyone
>> tried it?
>>
>> On 9 Mar 2017 7:41 pm, "Rogério Ceni Coelho" <rogeriocenicoelho at gmail.com>
>> wrote:
>>
>> Hi,
>>
>> Ovirt user interface does not allow to input 4095 as a tag vlan number
>> ... Only values between 0 and 4094.
>>
>> This is useful to me too. Maybe any other way ?
>>
>> Em qui, 9 de mar de 2017 às 16:15, FERNANDO FREDIANI <
>> fernando.frediani at upx.com> escreveu:
>>
>> Have you tried use Vlan 4095 ? On VMware it used to be the way to pass
>> all Vlans from a vSwitch to a Vlan in a single port. And yes I have used it
>> also for pfSense.
>>
>> Fernando
>>
>> On 09/03/2017 16:09, Simon Vincent wrote:
>>
>> Is it possible to pass multiple VLANs to a VM (pfSense) using a single
>> virtual NIC? All my existing oVirt networks are setup as a single tagged
>> VLAN. I know this didn't used to be supported but wondered if this has
>> changed. My other option is to pass each VLAN as a separate NIC to the VM
>> however if I needed to add a new VLAN I would have to add a new interface
>> and reboot the VM as hot-add of NICs is not supported by pfSense.
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing listUsers at ovirt.orghttp://lists.ovirt.org/mailman/listinfo/users
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170313/479accc4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pasted2
Type: image/png
Size: 79879 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170313/479accc4/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pasted1
Type: image/png
Size: 80525 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170313/479accc4/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pasted5
Type: image/png
Size: 129379 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170313/479accc4/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pasted3
Type: image/png
Size: 27134 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170313/479accc4/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pasted4
Type: image/png
Size: 110233 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170313/479accc4/attachment-0009.png>


More information about the Users mailing list