802.1Q VLAN Networks¶

This guide describes how to enable network isolation provided through Host-managed VLANs. This driver will create a bridge for each OpenNebula Virtual Network and attach a VLAN tagged network interface to the bridge. This mechanism is compliant with IEEE 802.1Q.

The VLAN ID will be the same for every interface in a given network, automatically computed by OpenNebula. It may also be forced by specifying a VLAN_ID parameter in the Virtual Network template.

OpenNebula Configuration¶

The VLAN ID is calculated according to this configuration option of /etc/one/oned.conf:

#  VLAN_IDS: VLAN ID pool for the automatic VLAN_ID assigment. This pool
#  is for 802.1Q networks (Open vSwitch and 802.1Q drivers). The driver
#  will try first to allocate VLAN_IDS[START] + VNET_ID
#     start: First VLAN_ID to use
#     reserved: Comma separated list of VLAN_IDs or ranges. Two numbers
#     separated by a colon indicate a range.

VLAN_IDS = [
    START    = "2",
    RESERVED = "0, 1, 4095"
]

By modifying this section, you can reserve some VLANs so they aren’t assigned to a Virtual Network. You can also define the first VLAN ID. When a new isolated network is created, OpenNebula will find a free VLAN ID from the VLAN pool. This pool is global and it’s also shared with the Open vSwitch Networks network mode.

The following configuration parameters can be adjusted in /var/lib/one/remotes/etc/vnm/OpenNebulaNetwork.conf:

Parameter	Description
`:validate_vlan_id`	Set to `true` to check that no other VLANs are connected to the bridge
`:keep_empty_bridge`	Set to `true` to preserve bridges with no virtual interfaces left.
`:ip_bridge_conf`	(Hash) Options passed to `ip` cmd. on bridge create (`ip link add <bridge> type bridge ...`)
`:ip_link_conf`	(Hash) Options passed to `ip` cmd. on VLAN interface create (`ip link add`)

Note

Remember to run onehost sync -f to synchronize the changes to all the nodes.

Example:

# Following options will be added when creating bridge. For example:
#
#     ip link add name <bridge name> type bridge stp_state 1
#
# :ip_bridge_conf:
#     :stp_state: on


# These options will be added to the ip link add command. For example:
#
#     sudo ip link add lxcbr0.260  type vxlan id 260 group 239.0.101.4 \
#       ttl 16 dev lxcbr0 udp6zerocsumrx  tos 3
#
:ip_link_conf:
    :udp6zerocsumrx:
    :tos: 3

Defining 802.1Q Network¶

To create an 802.1Q network, include the following information in the template:

Attribute	Value	Mandatory
`VN_MAD`	Set `802.1Q`	YES
`PHYDEV`	Name of the physical network device that will be attached to the bridge.	YES
`BRIDGE`	Name of the Linux bridge, defaults to `onebr<net_id>` or `onebr.<vlan_id>`	NO
`VLAN_ID`	The VLAN ID, will be generated if not defined and `AUTOMATIC_VLAN_ID=YES`	YES (unless `AUTOMATIC_VLAN_ID`)
`AUTOMATIC_VLAN_ID`	Mandatory and must be set to `YES` if `VLAN_ID` hasn’t been defined	YES (unless `VLAN_ID`)
`MTU`	The MTU for the tagged interface and bridge	NO

For example, you can define a 802.1Q Network with the following template:

NAME    = "private2"
VN_MAD  = "802.1Q"
PHYDEV  = "eth0"
BRIDGE  = "br0"         # Optional
VLAN_ID = 50            # Optional. If not setting VLAN_ID set AUTOMATIC_VLAN_ID = "YES"

In this example, the driver will check for the existence of the br0 bridge. If it doesn’t exist it will be created. eth0 will be tagged (eth0.50) and attached to br0 (unless it’s already attached).