18 - 06 - 2024

Libvirt + openvswitch = vlans with portgroups

VLANs are old technology to keep L2 separated, but it's very handy to limit the interfaces needed on Linux to provide multiple separate networks for VMs. In old fashion way like XenServer does without openvswitch we would create VLANs on the interfaces like eth0.4000 or networks in form on bridges.

With openvswitch we just create one bridge and it will handle all VLAN traffic for us, without the need of interfaces messing our system.

The first step is to create OPENVSWITCH bridge, Of course you would need the packages including the vswitchd process running

$ ovs-vsctl add-br MANGEMENT

Create xml definition of the new network

        <forward mode='bridge'/>
        <bridge name='MANAGEMENT'/>
        <virtualport type='openvswitch'/>
        <portgroup name='v4000-CORE_DEVICES'>
        <vlan trunk='yes'>
          <tag id='4000' nativeMode='untagged'/>
          <tag id='4001'/>
       <portgroup name='vALL-TRUNK'>
        <vlan trunk='yes'>
          <tag id='4001' nativeMode='untagged'/>
          <tag id='4000'/>

The coolest thing for me it the way how we can present the VLANs to the Virtual Machine. By using nativeMode we can specify to use 802.1q tag or not  

Add the network to the libvirt

$ virsh net-create /etc/libvirt/qemu/networks/MANAGEMENT.xml

Add interface to the VMs (the type of VM does not matter LXC/XEN/VM)

    <interface type='network'>
      <mac address='52:54:00:ff:15:d7'/>
      <source network='MANAGEMENT' portgroup='vALL-TRUNK'/>
      <model type='rtl8139'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>

At this point we should have the network up and running. If you want to use diffrent portgroup just change the name of group under interface delaration.

Download this file (CORE.xml)CORE.xml[ ]1 kB
Download this file (NEXUS_1.xml)NEXUS_1.xml[ ]1 kB
Download this file (_CORE_NEXUS-1.xml)_CORE_NEXUS-1.xml[ ]4 kB