Setting up VLAN tagging in a KVM environment

Your KVM environment setup will be a little more complicated if VLANs are involved. These step-by-step instructions should simplify the setup.

Your KVM environment might be used in a simple infrastructure using a local area network and if that's the case, you just need to plug in the LAN cable and you're ready to go. But if VLANs are involved, the setup is a bit more complicated. These are the steps that you need to take to use VLAN tags in a KVM virtual environment.

In order to have VLAN tagging in a KVM environment, you need to create VLANs on the virtualization host, not on the virtual machines (VMs). That is because it really is the bridge on the host that (physically) communicates to the network infrastructure, and not the VMs themselves. These host-based VLANs must be associated with one bridge for each VLAN.  A host that has four VLANs will therefore have four bridges.  Additionally, users need to tell the VM configuration file (on the host) which bridge to use.

So let's work on an example KVM host that already has some network configuration files in it. This is what the "/etc/sysconfig/network" directory looks like. You can see that it contains two bridges, and also three network interface files that define different VLANs:

kvm-2:/etc/sysconfig/network # ls
config     if-up.d    ifcfg-eth0  ifcfg-vlan2054  ifcfg.template  routes
dhcp       ifcfg-br0  ifcfg-eth1  ifcfg-vlan2143  ifroute-lo      scripts
if-down.d
  ifcfg-br1  ifcfg-lo    ifcfg-vlan3004  providers

This is the content of one example vlan configuration file. Note the use of the VLAN_ID parameter, which makes the configuration specific to one VLAN:

kvm-2:/etc/sysconfig/network # cat ifcfg-vlan2143
BOOTPROTO='none'
BROADCAST=''
ETHERDEVICE='eth1'
ETHTOOL_OPTIONS=''
IPADDR=''
MTU=''
NAME=''
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
USERCONTROL='no'
VLAN_ID='2143'
PREFIXLEN='26'

You could also give it an IP address as well, but no IP address was needed in this example. If the VLAN interface on the host needs to be addressed directly, it needs an IP address as well. This is the case, for example, if you need to address it for management purposes. If it's used as a pass-through only, you can perfectly do without an IP address on the physical interface.

On this example, machine all VLANs were configured on eth1; eth0 is for management purposes only. This is the contents of ifcfg-eth0:

kvm-2:/etc/sysconfig/network # cat ifcfg-eth0
BOOTPROTO='static'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR='10.96.18.146/26'
MTU=''
NAME='VIC Ethernet NIC'
NETMASK=''
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
USERCONTROL='no'

Now for every VLAN there needs to be a specific bridge. The vlan2143 is connected to br1. This is seen in the BRIDGE_PORTS parameter in the bridge configuration file as you can see in the following listing.

kvm-2:/etc/sysconfig/network # cat ifcfg-br1
BOOTPROTO='static'
BRIDGE='yes'
BRIDGE_FORWARDDELAY='0'
BRIDGE_PORTS='vlan2143'
BRIDGE_STP='off'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR='0.0.0.0/26'
MTU=''
NAME=''
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
USERCONTROL='no'

To finalize the configuration, you need an interface definition in the VM configuration file so that it knows which specific bridge it is connected to. So, if the name of the VM is san-2, use virsh edit san-2 and make sure it includes the following interface definition:

<interface type='bridge'>
<mac address='52:54:f5:76:29:38'/>
<source bridge='br1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>

At this point you can bring up the entire configuration and you'll see that each VM is assigned to the VLAN you've created for it.

This was first published in August 2014

Dig deeper on Open source virtualization

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVMware

SearchWindowsServer

SearchCloudComputing

SearchVirtualDesktop

SearchDataCenter

Close