On 2/28/20 5:38 PM, Rich Freeman wrote:
On Fri, Feb 28, 2020 at 8:11 PM Daniel Frey <djqf...@gmail.com> wrote:
Thanks for the detail, I've just ordered an RPi4B to mess around with.
It would be helpful to move DNS etc off my home server as I'm trying to
separate everything into VLANs.
Keep in mind that Linux supports VLAN tagging, so if you set up your
switch to trunk your server you can have containers or even services
on multiple VLANs on the same host.
I have this configured via systemd-networkd - I'm sure you could do it
with various other network managers as well. I just have a bridge for
each VLAN and then I can attach container virtual ethernet interfaces
to the appropriate VLAN bridge for each container. KVM uses bridges
and it should be just as easy to put VMs on the appropriate bridges.
If you assign IPs on the host to each VLAN interface then as long as
the VLANs don't have conflicting IP addresses you can just attach
services to the appropriate VLANs by binding to their addresses. A
service that binds to 0.0.0.0 or to multiple addresses would listen on
all of them. Now, if your VLANs have conflicting address spaces then
I'd probably just stick to containers so that no host actually sees
conflicting IPs, otherwise you're probably going to have to go crazy
with iproute2 and netfilter to get all the packets going to the right
places.
And all of that should work from a Pi as well as long as long as you
enable CONFIG_VLAN_8021Q. You also need to make sure the tagged VLAN
traffic is passed from the switch (which is not what you normally want
to do for a non-VLAN-aware host where you would filter out all but one
VLAN and remove the tag).
I run my DHCP server on a Pi so that it is more independent.
Yes, I'm aware linux does VLANs... I set up netifrc to do this (I
already have some "smart" switches set up - not full layer 3.) I thought
about running containers but if I ever have to do something like
emergency maintenance on my server the whole LAN would be down. Seems
like a no-brainer to have a tiny device like an RPi to do this.
I'm not so sure I'll try installing Gentoo on it though, it doesn't
really seem suitable for compiling tasks. I'm pretty sure the kit I
ordered has a card with Raspbian on it, I'll check that out first.
Dan
