Re: [ovs-discuss] kvm guests and vlans

Fri, 05 Oct 2018 15:25:19 -0700 

> ovs-vsctl \
          -- add-br br0 \
          -- add-port br0 bond0 tag=0 \
          -- add-port br0 bond0.11 tag=11 \
          -- add-port br0 bond0.12 tag=12 \
          -- add-port br0 vm1 tag=0 \
          -- add-port br0 vm2 tag=11 \
          -- add-port br0 vm3 tag=12

Thanks Ben. The reason i need to break out the child interfaces from bond0 is 
that i have some applications on the host that would be receiving traffic from 
vlans 11 and 12. My requirement is that guests on vlan11 and vlan12 will need 
to talk to these applications running on bond0.11 and bond0.12 respectively and 
also go out onto the lan to reach other machines on vlan11 and 12.
I also see another approach by reading  notes on the web of creating separate 
bridges for each of the subinterfaces ex bridge.11 by adding bond0.11. 
Any reason  why creating seperate bridges is preferred over creating a single 
bridge ?any security concerns if we use a single bridge as you called out?
ThanksSrinivas 

    On Saturday, 6 October, 2018, 3:19:56 AM IST, Ben Pfaff <[email protected]> 
wrote:  
 
 On Fri, Oct 05, 2018 at 08:42:39PM +0000, Srinivas via discuss wrote:
> Hello, I have a physical box with the following interface config. Note that 
> vlans are already configured as child interfaces on the main bond0 interface.
> bond0:       ipaddr 10.2.34.29 (native and untagged traffic)  
> bond0.11:  ipaddr 172.30.11.28   (traffic for vlan 11)             bond0.12:  
> ipaddr 172.30.12.21 (traffic for vlan 12)
>         Now i want to create three guest machines vm1 , vm2 and vm3 using kvm 
> with vm1 for native/untagged traffic and vm2 on vlan 11 and vm3 on vlan12.  
>         My questions are a) Can i do this using a single bridge?b)  what 
> would the bridge config look like? Would i need to use fake bridges and move 
> bond0.11 and bond0.12 to the fake bridges?c) Can i leave my bond0.11 and 
> bond0.12 as is just move the bond0 under a ovs bridge bridge1 and set the 
> vnet ports for vm2 and vm3 as access ports for vlan 11 and vlan 12  
> respectively and vnet port for vm1 as untagged?

I think you can do something like this:

ovs-vsctl \
          -- add-br br0 \
          -- add-port br0 bond0 tag=0 \
          -- add-port br0 bond0.11 tag=11 \
          -- add-port br0 bond0.12 tag=12 \
          -- add-port br0 vm1 tag=0 \
          -- add-port br0 vm2 tag=11 \
          -- add-port br0 vm3 tag=12

I wouldn't leave anything without a tag, that would make it a trunk port.





If you didn't break out the child interfaces from bond0 then it could be
simpler:

ovs-vsctl \
          -- add-br br0 \
          -- add-port br0 bond0 \
          -- add-port br0 vm1 tag=0 \
          -- add-port br0 vm2 tag=11 \
          -- add-port br0 vm3 tag=12
  
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Reply via email to