VLAN Creation on KVM-I

Creating a VLAN on KVM requires more raw networking knowledge in comparison to VMware world. KVM requires some Linux networking knowledge beside general understanding of computer networks. I didĀ  not see more information on the Internet about that. To fill this gap I write this post. šŸ™‚ Actually there are more than one methods creating a VLAN on KVM. In this post I will show the first method.Ā  In this methodĀ  sub-interfaces are created in the bridge NOT in the physical NIC interface. Doing so, Vlan tagsĀ  wont be stripped-off or Vlan tags wont be embedded in the physical interface but bridge. I use Ubuntu 16.04 for the KVM host. In this post, I will use KVM and libvirt interchangeable.

Loading 8021q module

First thing we need to load 8021q module on the KVM host in order to encapsulate or d-encapsulate IEEE 802.1Q type Vlan.

To load module automatically on boot. Create a file 8021q.conf in the /etc/modules-load.d/ and add 8021q

Creating a Bridge(s)

In order to create a vlan(trunk and access ) we need to crate bridge(s) and tell the system tag the frames. In Linux, to create tagged frame we use vconfig command. We need to install vlan package to use it.

Note: Creating a bridge with this method is NOT persistent. To make it persistent you need do add configuration to /etc/network/interfaces file. Because of plenty of tutorials about that, I do not explain it here.

You can see network interfaces after creating bridges and sub-interfaces on KVM Host.

We also need to up links.

Final bridge status

Defining Bridges on KVM.

After creating bridges, We also need to define bridges to our hypervisor to use it. I will create three configuration files for the br0, vlan30 and vlan40 successively in the /etc/libvirt/qemu/networks folder.

br0.xml

vlan30.xml

vlan40.xml

 

Checking bridges

So far so good ?

You may confuse due to the fact that we did many things so far. I hope below figure gives you a better understanding what we did so far. It is depicted below figure how our network looks like. Only think that I did not do is adding physical interface to bridge br0. In this post, KVM guests will not connect to the Internet. According to this design we do not need to setup any VLAN configuration onĀ  the KVM virtual guests. It has all handled by br0.30 and br0.40–Any outgoing packet from VLAN30 network will be tagged by the br0.30 sub-interface. Any incoming tagged packet to VLAN30 network will be stripped-off by the br0.30 sub-interface. It is the same as VLAN40 network.

 

 

 

 

 

 

 

 

 

 

 

Experiments

I captured the packages on br0.30 interface and br0 bridges to check, ifĀ  vlans works as expected.

Output br0.30(we see incoming tagged icmp request stripped-off by the br0.30 we see untagged frames)

 

Output on the br0 (we see tagged 802.1q encapsulation vlan30)

 

According to the figure above, hosts on the VLAN30 and hosts on the VLAN40 can not communicate each other as we do not have L3 device for Inter Vlan Routing. Next post, I will provision virtual L3 device which will be VyOS(Vyatta) on the KVM. I will add two network interfaces on it. –Connect one interface to the br0(trunk port) andĀ  the other interfaceĀ  to the physical NIC for the Internet connection.