Bridged Networking¶
This guide describes how to deploy Bridged networks. In this mode, the virtual machine traffic is directly bridged through the Linux bridge on the hypervisor Nodes. Bridged networks can operate in four different modes depending on the additional traffic filtering made by OpenNebula:
Dummy Bridged, no filtering, no bridge setup (legacy no-op driver).
Bridged, no filtering is made, managed bridge.
Bridged with Security Groups, iptables rules are installed to implement security groups rules.
OpenNebula Configuration¶
The following configuration parameters can be adjusted in /var/lib/one/remotes/etc/vnm/OpenNebulaNetwork.conf:
Parameter |
Description |
|---|---|
|
Maximum number of entries in the IP set (used for the security group rules) |
|
Set to |
|
(Hash) Options passed to |
Note
Remember to run onehost sync -f to synchronize the changes to all the Nodes.
Defining Bridged Network¶
To create a Virtual Network, include the following information in the template:
Attribute |
Value |
Mandatory |
|---|---|---|
|
Driver:
|
YES |
|
Name of the Linux bridge on the Nodes |
NO (unless |
|
Name of the physical network device that will be attached to the bridge
(does not apply for |
NO |
For example, you can define a Bridged with Security Groups type network with the following template:
NAME = "private1"
VN_MAD = "fw"
VLAN filtering and trunking¶
By default the Linux bridge driver does not performs any filtering on the VLAN traffic generated by the virtual machines. You can limit the allowed VLAN to trunk in the VM ports with following attributes:
Attribute |
Value |
Mandatory |
|---|---|---|
|
Specify a range of VLANs that are allowed for the VM traffic. Comma separated list of tags, ranges are supported. |
NO |
For example to only allow a VM to use the VLANS IDs 100, 105, 106 and 107, add to the network:
VLAN_TAGGED_ID = "100,105-107"
Note
The VM is responsible for tagging the VLAN traffic, no tagging is performed in the bridge