VLAN filtering bridge with multiple host interfaces?

Issues related to configuring your network
Post Reply
User avatar
jlehtone
Posts: 2931
Joined: 2007/12/11 08:17:33
Location: Finland

VLAN filtering bridge with multiple host interfaces?

Post by jlehtone » 2020/01/07 15:55:03

A bridge can filter vlans; allow/drop traffic per bridge-port. NetworkManager has support for that.

The old method was to create vlan connections and enslave each to separate bridge connection.
The new should achieve same with single bridge connection and without separate vlan connections.

Sounds nice. However, most examples focus on "a bridge to all VMs", and the rare exceptions are neither
for RHEL's old network.service nor NM.


Namely:
I have a (10Gbps) VLAN trunk. I'll enslave it to a bridge and hook VMs to it. I presume that is the easy part.

The real beef is that I'd like the host to have IP address on some of the VLAN's. Traditionally, I've had 0 or 1 IP address on a bridge.
How to have addresses on bridge per VLAN?

I guess three cases:
A. Not possible
B. Possible, but I fail to find the right documentation
C. I've seen the doc, but failed to grok


I can always fall back to the old style, but where is the fun in that?

SR-IOV VFs to separate host and (bridged) VM traffic?

aks
Posts: 3008
Joined: 2014/09/20 11:22:14

Re: VLAN filtering bridge with multiple host interfaces?

Post by aks » 2020/01/07 16:53:02

AFAIK a bridge is a layer 2 device (data-link). I guess you could achieve layer 3 (network) functionality via proxy arp (quick Google says: https://wiki.debian.org/BridgeNetworkCo ... nsProxyArp - didn't read)?

User avatar
jlehtone
Posts: 2931
Joined: 2007/12/11 08:17:33
Location: Finland

Re: VLAN filtering bridge with multiple host interfaces?

Post by jlehtone » 2020/01/08 18:02:06

Both bridge and vlan are layer 2, but one can trivially add a layer 3 interface (IP address, etc) on them.

The question was, how to add additional interfaces (with vids) to a bridge?

There is documentation about "veth", usually in context of network namespaces, but NM does not support type "veth".
Libvirt adds "vnet" interfaces on bridges, but a vnet pairs with "a NIC" in VM (similar to veth devices coming in pairs).

virt-manager of CentOS 7 does not support VLAN-tagged vnet's.
virt-manager of CentOS 8 neither (in UI), but it allows editing the XML.


[edit]
Managed switch (ok, I've only seen HP Procurve) supports VLANs and you can configure an IP address for the switch on each VLAN.
That I'd like to reproduce with a bridge.
(A L3 switch can also be configured to route between those subnets.)

Post Reply

Return to “CentOS 8 - Networking Support”