Virtualisation/KVM/Bridges bond vlans
Sommaire
Sites Références
Article très largement inspiré et adapté de ce site : VLANs, bridges & bonds using nmcli
Comment créer des bridges sur des bonds (avec ou sans VLANS) en utilisant NetworkManager (nmcli) ?
Some production systems you face might make use of bonded network connections that you need to bridge in order to get VMs onto them. That bond may or may not have a native VLAN (in which case you bridge the bond), or it might have VLANs on top (in which case you want to bridge the VLANs), or perhaps you need to do both.
Let’s walk through an example where we have a bond that has a native VLAN, that also has the tagged VLAN 123 on top (and maybe a second VLAN 456), all of which need to be separately bridged. This means we will have the bond (bond0) with a matching bridge (br-bond0), plus a VLAN on the bond (bond0.123) with its matching bridge (br-vlan123). It should look something like this.
Schéma d'infra
+------+ +---------+ +---------------+
| eth0 |---| | +------------+ | Network one |
+------+ | |----------| br-bond0 |---| (native VLAN) |
| bond0 | +------------+ +---------------+
+------+ | |
| eth1 |---| |
+------+ +---------+ +---------------+
| | +---------+ +------------+ | Network two |
| +---| vlan123 |---| br-vlan123 |---| (tagged VLAN) |
| +---------+ +------------+ +---------------+
|
| +---------+ +------------+ +---------------+
+-----| vlan456 |---| br-vlan456 |---| Network three |
+---------+ +------------+ | (tagged VLAN) |
+---------------+
To make it more complicated, let’s say that the native VLAN on the bond needs a static IP and to operate at an MTU of 1500 while the other uses DHCP and needs MTU of 9000.
OK, so how do we do that?
Start by creating the bridge, then later we create the interface that attaches to that bridge. When creating VLANs, they are created on the bond, but then attached as a slave to the bridge.
Create the bridge for the bond
First, let’s create the bridge for our bond. We’ll export some variables to make scripting easier, including the name, value for spanning tree protocol (SPT) and MTU. Note that in this example the bridge will have an MTU of 1500 (but the bond itself will be 9000 to support other VLANs at that MTU size.)
BRIDGE=br-bond0
BRIDGE_STP=yes
BRIDGE_MTU=1500OK so let’s create the bridge for the native VLAN on the bond (which doesn’t exist yet).
nmcli con add ifname "${BRIDGE}" type bridge con-name "${BRIDGE}"
nmcli con modify "${BRIDGE}" bridge.stp "${BRIDGE_STP}"
nmcli con modify "${BRIDGE}" 802-3-ethernet.mtu "${BRIDGE_MTU}"By default this will look for an address with DHCP. If you don’t want that you can either set it manually:
nmcli con modify "${BRIDGE}" ipv4.method static ipv4.address 192.168.0.123/24 ipv6.method ignore
|
Finally, bring up the bridge. Yes, we don’t have anything attached to it yet, but that’s OK.
nmcli con up "${BRIDGE}"
Next, we create the bond to attach to the bridge.
Create the bond and attach to the bridge
Let’s create the bond. In my example I’m using active-backup (mode 1) but your bond may use balance-rr (round robin, mode 0) or, depending on your switching, perhaps something like link aggregation control protocol (LACP) which is 802.3ad (mode 4).
Let’s say that your bond (we’re going to call bond0) has two interfaces, which are eth0 and eth1 respectively. Note that in this example, although the native interface on this bond wants an MTU of 1500, the VLANs which sit on top of the bond need a higher MTU of 9000. Thus, we set the bridge to 1500 in the previous step, but we need to set the bond and its interfaces to 9000. Let’s export those now to make scripting easier.
BOND=bond0 BOND_SLAVE0=eth0 BOND_SLAVE1=eth1 BOND_MODE=active-backup BOND_MTU=9000
Now we can go ahead and create the bond, setting the options and the slave devices.
nmcli con add type bond ifname "${BOND}" con-name "${BOND}"
nmcli con modify "${BOND}" bond.options mode="${BOND_MODE}"
nmcli con modify "${BOND}" 802-3-ethernet.mtu "${BOND_MTU}"
nmcli con add type ethernet con-name "${BOND}-slave-${BOND_SLAVE0}" ifname "${BOND_SLAVE0}" master "${BOND}"
nmcli con add type ethernet con-name "${BOND}-slave-${BOND_SLAVE1}" ifname "${BOND_SLAVE1}" master "${BOND}"
nmcli con modify "${BOND}-slave-${BOND_SLAVE0}" 802-3-ethernet.mtu "${BOND_MTU}"
nmcli con modify "${BOND}-slave-${BOND_SLAVE1}" 802-3-ethernet.mtu "${BOND_MTU}"
OK at this point you have a bond specified, great! But now we need to attach it to the bridge, which is what will make the bridge actually work.
nmcli con modify "${BOND}" master "${BRIDGE}" slave-type bridge
|
Now, we can bring the bond up which will also activate our interfaces.
nmcli con up "${BOND}"
We can check that the bond came up OK.
cat /proc/net/bonding/bond0
And this bond should also now be on the network, via the bridge which has an IP set.
Now if you look at the bridge you can see there is an interface (bond0) attached to it (your distro might not have brctl).
nmcli con ls /sys/class/net/br-bond0/brif/ brctl show
Bridging a VLAN on a bond
Now that we have our bond, we can create the bridged for our tagged VLANs (remember that the bridge connected to the bond is a native VLAN so it didn’t need a VLAN interface).
Create the bridge for the VLAN on the bond
Create the new bridge, which for our example is going to use VLAN 123 which will use MTU of 9000.
VLAN=123
BOND=bond0
BRIDGE=br-vlan${VLAN}
BRIDGE_STP=yes
BRIDGE_MTU=9000
OK let’s go! (This is the same as the first bridge we created.)
nmcli con add ifname "${BRIDGE}" type bridge con-name "${BRIDGE}"
nmcli con modify "${BRIDGE}" bridge.stp "${BRIDGE_STP}"
nmcli con modify "${BRIDGE}" 802-3-ethernet.mtu "${BRIDGE_MTU}"
Again, this will look for an address with DHCP, so if you don’t want that, then disable it or set an address manually (as per first example). Then you can bring the device up.
nmcli con up "${BRIDGE}"
Create the VLAN on the bond and attach to bridge
OK, now we have the bridge, we create the VLAN on top of bond0 and then attach it to the bridge we just created.
nmcli con add type vlan con-name "${BOND}.${VLAN}" ifname "${BOND}.${VLAN}" dev "${BOND}" id "${VLAN}"
nmcli con modify "${BOND}.${VLAN}" master "${BRIDGE}" slave-type bridge
nmcli con modify "${BOND}.${VLAN}" 802-3-ethernet.mtu "${BRIDGE_MTU}"
If you look at bridges now, you should see the one you just created, attached to a VLAN device (note, your distro might not have brctl).
nmcli con brctl show
And that’s about it! Now you can attach VMs to those bridges and have them on those networks. Repeat the process for any other VLANs you need on to of the bond.
