2

Our environment will have a KVM host setup dynamically using kickstart (easy enough).

The hard part is dealing with network configuration and keeping VLAN configuration (and possibly bridge/host config) persistent across reboot.

We have a dynamic environment in which I would like to be able to configure virtual switch ports as you would with a typical switch where the configuration persists after reboot (maybe adds automatically to configuration file)

aka:
cisco: switchport mode access; switchport access vlan 4
brocade: vlan 4; untagged e 0/1/2

I'm not really sure what the 'right' decision is here, whether openvswitch is what i'm looking for of it can just be done using linux bridges and libvirt. I'm pretty lost and having a hard time finding what is available. I know OpenStack can do this, for me though it would be more interesting to know how OpenStack does it so we can implement its parts

So my question: what is the best/easiest way to persist vlan/network configurations on KVM?

cheesesticksricepuck
  • 467
  • 1
  • 5
  • 17
  • libvirt will store its own virtual network configurations. What is the problem you are having with it? – Michael Hampton Apr 01 '14 at 01:05
  • Can you give an example of a libvirt command you have run? I'm trying to add vlans to a bridge but I have not been able to find an available libvirt command and would not know where it stores this persistent configuration if it did. – cheesesticksricepuck Apr 01 '14 at 01:12
  • 1
    Oh, you want to tag guest traffic? You'll need open vSwitch for that. – Michael Hampton Apr 01 '14 at 01:16
  • Are all configurations always defined in xml format even in openvswitch? Do you know if there are command line utilities that write configuration changes to the xml config files? – cheesesticksricepuck Apr 01 '14 at 01:21
  • I dunno. I haven't used it outside of OpenStack, and even that hasn't gone past evaluation. – Michael Hampton Apr 01 '14 at 01:29
  • @MichaelHampton VLANs are very easy to implement without the complexity of OVS, using simple bridging, see my answer below – dyasny Apr 01 '14 at 04:09

1 Answers1

4

This is very simple to do. Normally, you would use bridging on the host, the bridge acting as a virtual switch for the VMs and the physical NICs to plug into:

network -> Host NIC -> BRIDGE <- VM

With VLANs this gets a bit more complicated:

network (trunk port) -> Host NIC -> Tagged IF -> BRIDGE <- VM

All of this is managed in ifcfg scripts on a RHEL host, e.g. ifcfg-eth0 (host NIC); ifcfg-eth0.100 (Tagged IF); ifcfg-br100 (bridge interface working on top of the tagged interface, transmitting tagged traffic).

If you need multiple VLANs, simply add more ifcfg-eth0.tagNumber interfaces, and build a bridge on top of each, for VMs who need to be on the tagged network to plug into.

Hope it makes sense, it's really quite simple.

EDIT:

  • if there's only one tag that you want to set on the switch that's also fine, just tag the traffic on the port, and use a bridge. Since everything arriving at the NIC will be tagged, the bridge will relay the traffic to the VMs as is
  • for every VLAN you simply create a bridge and plug the VM into that bridge for tagged traffic access. If you have a small set of VLANs you will be using, just create all those VLAN IFs and bridges and plug VMs into whatever bridge+VLAN you need dynamically, without touching the host configuration
dyasny
  • 18,482
  • 6
  • 48
  • 63
  • So, for every vlan I want to add/remove would just require the addition/subtraction of one of these config files? I'm guessing the bridge would also require knowledge of these new vlan interfaces. When created would the vlans take effect immediately or could I reload configuration? Could I achieve this in a way that is non impacting to the other domains on this host? – cheesesticksricepuck Apr 01 '14 at 11:21
  • No, the way this works is NIC-VLAN-Bridge-VM, not NIC-Bridge-VLAN-VM. So for every VLAN you simply create a bridge and plug the VM into that bridge for tagged traffic access. If you have a small set of VLANs you will be using, just create all those VLAN IFs and bridges and plug VMs into whatever bridge+VLAN you need dynamically, without touching the host configuration – dyasny Apr 01 '14 at 14:14
  • yeaa, I don't really have a small subset of VLANs I want to connect. We use VLANs dynamically in our lab. Without VMs, we just use SNMP to configure switchports, with VMs we were hoping we could do something similar (maybe just run a command). We don't need the tagged traffic going into the guest, we just need to segregate traffic via vlans on virtual switchports. – cheesesticksricepuck Apr 01 '14 at 14:56
  • well, if there's only one tag that you want to set on the switch that's also fine, just tag the traffic on the port, and use a bridge. Since everything arriving at the NIC will be tagged, the bridge will relay the traffic to the VMs as is – dyasny Apr 01 '14 at 20:16