VLAN configuration for Xen on Debian
From Wiki
This is a lot harder to get working than under other virtualisation platforms such as VM, but it is possible.
I assume that you have already configured your switchport as an 802.1q trunk. If this is the case, place something like this in /etc/network/interfaces to bring up your unconfigured VLAN interface at boot time:
auto vlan5 iface vlan5 inet manual vlan_raw_device eth1
This will create an interface named vlan5 at boot time. Run /etc/init.d/networking restart to create it now.
It helps to understand what actually happens to the network setup when Debian is booted with a Xen kernel:
- Interfaces which are going to be used by domUs are renamed, so
eth0becomespeth0. - A bridge is created between
peth0and the domUs'vifX.0, the bridge is namedeth0. - Any IP addresses assigned to the dom0's
eth0in/etc/network/interfacesget assigned to the bridgeeth0.
However, the bridge-network script which is part of Xen doesn't seem to be able to do this with VLAN interfaces without some modifications. Find the following sections and comment out the lines indicated here:
# cd /etc/xen/scripts # cp network-bridge network-bridge-vlan # vi network-bridge-vlan
do_ifup() {
#JSJSJS if [ $1 != "${netdev}" ] || ! ifup $1 ; then
if [ -n "$addr_pfx" ] ; then
# use the info from get_ip_info()
ip addr flush $1
ip addr add ${addr_pfx} dev $1
fi
ip link set dev $1 up
#JSJSJS [ -n "$gateway" ] && ip route add default via ${gateway}
#JSJSJS fi
}
op_start () {
if [ "${bridge}" = "null" ] ; then
return
fi
if link_exists "$pdev"; then
# The device is already up.
return
fi
claim_lock "network-bridge"
create_bridge ${tdev}
preiftransfer ${netdev}
transfer_addrs ${netdev} ${tdev}
# Remember slaves for bonding interface.
if [ -e /sys/class/net/${netdev}/bonding/slaves ]; then
slaves=`cat /sys/class/net/${netdev}/bonding/slaves`
fi
# Remember the IP details for do_ifup.
get_ip_info ${netdev}
#JSJSJS if ! ifdown ${netdev}; then
ip link set ${netdev} down
ip addr flush ${netdev}
#JSJSJS fi
ip link set ${netdev} name ${pdev}
ip link set ${tdev} name ${bridge}
setup_bridge_port ${pdev}
# Restore slaves
if [ -n "${slaves}" ]; then
ip link set ${pdev} up
ifenslave ${pdev} ${slaves}
fi
add_to_bridge2 ${bridge} ${pdev}
do_ifup ${bridge}
if [ ${antispoof} = 'yes' ] ; then
antispoofing
fi
release_lock "network-bridge"
}
Nice. Now, depending on how your setup is presently configured, either change the line in /etc/xen/xend-config.sxp to point to your new script:
(network-script network-bridge-vlan netdev=vlan5 bridge=vlanbr5)
...or if you are using a wrapper script to bridge several interfaces to different domUs, alter your wrapper script as needed:
# vi /etc/xen/scripts/multi-network-bridge
#!/bin/sh dir=$(dirname "$0") "$dir/network-bridge" "$@" vifnum=0 netdev=eth0 bridge=eth0 "$dir/network-bridge-js" "$@" vifnum=5 netdev=vlan5 bridge=vlanbr5
So, you should be able to have super happy fun time with your new VLAN bridge when you place this in your domU configuration file:
vif = [ 'ip=172.16.4.2,mac=00:16:3E:95:8D:98,bridge=vlanbr5' ]
So, here we see that as expected, vlan5 has become pvlan5, the domU has been allocated vif3.0 and a bridge called vlanbr5 has been created between the two interfaces:
# ifconfig -s -a Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 2424 0 0 0 579 0 0 0 BMRU eth1 1500 0 1275 0 0 0 58 0 0 0 BMRU lo 16436 0 8 0 0 0 8 0 0 0 LRU pvlan5 1500 0 1000 0 0 0 52 0 0 0 BMPRU vlanbr5 1500 0 958 0 0 0 6 0 0 0 BMRU
# brctl show bridge name bridge id STP enabled interfaces vlanbr5 8000.0002b3ed8470 no pvlan5 vif3.0
Marvellous.
