1

I am trying to use new vlan-filter capable bridge on Virtualization Host running OEL 8.1. It does not support OpenVSwitch out of the box and I think vlan-aware bridge might work.

Now I have (configured via nmcli):

[root@nano ~]# bridge vlan
port    vlan ids
eno5
     22 PVID untagged    24
br0
     22 PVID untagged    24 untagged

Interface br0 has an IP address, what I think is not right, because there should be somethink like br0.22 having that address.

So there is a bridge and main interface having VLANs: 1. 22 - main for the host 2. 24 - main for VMs

The question is - how exactly KVM can be configured to be attached to single 24 VLAN and how exactly those VLANs should be used.

KVM documentation says you can define network with portgroups for OpenVSwitch (and I have that somewhere) or you define network for a bridge. Old technology is to make separate bridge for each VLAN and I might do this here, but there is no way to create sub-bridges for vlan-aware bridge.

It is not possible to create vlan22 interface either nmcli con add type vlan con-name vlan22 dev br0 id 22 because it will not work.

It appears I am confused with this technology and its way to keep VLAN tag between bridge slaves.

Is there any advice to point me out?

kab00m
  • 398
  • 1
  • 9
  • you can attach the VM ('s interface) to the bridge as usual, and then, manually, configure the new bridge port's vlan settings (using `bridge vlan ... dev ...`). It can't be configured before it's enslaved. If your tools don't have scripts to do so, you'll have to do it yourself. For a set of docs/experiments/blogs on vlan aware bridges for linux, see my links in my answer there: [Transparent firewall with nftables and VLANs](https://serverfault.com/questions/858556/transparent-firewall-with-nftables-and-vlans/906459#906459). – A.B Dec 22 '19 at 13:19
  • Thank you, it was very helpful. – kab00m Dec 22 '19 at 13:53

0 Answers0