I've done a lot of reading about VLAN tagging in KVM bridged networks, but am getting very confused as to what needs to be tagged (the physical network devices, or the bridges attached to those devices) and whether or not the VM guest needs to tag it's internal device or this happens on the host side when the guests virtual NIC is attached to a tagged bridge.
Disclaimer: I make some assumptions below based on bits and pieces I'd picked up from a few blog entries/tech pages. Like a lot of things, there seems to be many ways of accomplishing the one task. If I'm just completely incorrect and someone knows of a good guide, send me the URL and I'll revise what I've done and come back if it doesn't work
I have a number of KVM virtual hosts all (including their guests) currently connected to the one network.
I'd like to segment this so that there's a logically separate network in use by a few guests (but not on all obviously). I've done a lot of reading into how to accomplish this, but have some basic questions about the actual process.
The setup:
kvmhost1
- eth0
br0
kh1guest1
- eth0 (connected to kvmhost1 br0)
kh1guest2
- eth0 (connected to kvmhost1 br0)
kvmhost2
- eth0
- br0
br0.10 (tagged VLAN10)
kh2guest1
- eth0 (connected to kvmhost2 br0)
kh2guest2
- eth0 (connected to kvmhost2 br0.10)
kvmhost3
- eth0
- br0
br0.10 (tagged VLAN10)
kh3guest1
- eth0 (connected to kvmhost3 br0)
kh3guest2
- eth0 (connected to kvmhost3 br0.10)
I'm making some assumptions here:
- for the whole thing to work, all hosts/guests need 802.1q enabled
- all hosts with guests that need access to the tagged VLAN need an additional bridge, tagged onto the VLAN
- any guest VM that needs access the tagged VLAN needs it's network connected to the tagged network bridge (br0.10 on the host(s))
Excuse my ignorance here, but my knowledge of VLANs are quite limited, and I've really only dealt with them on a physical level thus far(NIC into VLAN'ed switch port)
Any help would be great, or even a guide as to the proper way of accomplishing this.