Feature #2345

Tagged VLAN (trunk) support for VM guests

Added by Stefan Kooman over 5 years ago. Updated over 1 year ago.

Status:ClosedStart date:09/27/2013
Priority:NormalDue date:
Assignee:Jaime Melis% Done:

0%

Category:Documentation
Target version:Release 4.6
Resolution: Pull request:

Description

At the moment (ONE 4.2) it's not possible to pass tagged (802.1Q) VLANS to a guest domain, although it is possible to do with OpenvSwitch. I would like to have support for this, as it opens the way to use (many) VLAN's on a single interface.

In order to use VLAN functionality in ONE using OpenvSwitch you would set two parameters:

VLAN = "YES"
VLAN_ID = VID (integer)

A virtual machine using this virtual network will get a "ACCESS" VLAN interface in the given VLAN.

To provide tagged interface support (trunk) a modification should be made to allow multple VLAN ID's to be declared, i.e:

VLAN_TAGGED_ID = "VID-1, VID-2, VID-3"

A virtual machine using a virtual network with only this VLAN declaration would get a trunked interface with VLAN_ID's VID-1, VID-2, VID-3 on it.

If both VLAN_ID and VLAN_TAGGED_ID are declared in the virtual network, the network interface would get both properties, i.e ACCESS (native) VLAN (untagged) and tagged VLAN's (trunk). It should not be allowed to have a VID in both VLAN_TAGGED_ID and VLAN_ID declaration (should produce an error while trying to create such a network).

One other thing that has to be taken into consideration is IP / NETWORK management. As it's possible to have multiple virtual interfaces it should also be possible to declare multiple different NETWORK's / IP's on those virtual interfaces. A possible solution might be to add a postfix consisting of the VLAN_ID, i.e. GATEWAY_VID = "", DNS_VID = "", etc.

Use cases:
- Router / Firewall in multiple networks to route / filter traffic between networks. Useful in somewhat more complex setups making use of LAN,DMZ, WAN networks.
- DHCP / PXE server providing DHCP services to multiple networks.

There has been a discussion on the mailinglist a while ago [1], so there's definately a demand for this.

[1]: http://www.mail-archive.com/users@lists.opennebula.org/msg10279.html

How would one go by setting this up using OpenvSwitch:

Create ACCESS VLAN:
ovs-vsctl set port <port name> tag=VID-1

Create TRUNK VLAN
ovs-vsctl set port <port name> trunks=VID-1,VID-2,VID-3

Enable both ACCESS VLAN as wel as TRUNK VLAN:
ovs-vsctl set port <port name> vlan_mode=native-untagged

Associated revisions

Revision 49eec69f
Added by Jaime Melis over 5 years ago

Feature #2345: Open vSwitch drivers now managed the VLAN_TAGGED_ID parameter. This parameter is not yet sent from the core.

Revision ae9e580d
Added by Jaime Melis over 5 years ago

Feature #2345: add VLAN_TAGGED_ID to the list of image inherited attributes

History

#1 Updated by Daniel Dehennin over 5 years ago

Hello,

Note that it's possible to make a full trunk port, not limited to a list of VLAN IDs:

root@server:~# ovs-vsctl set port <port name> vlan_mode=trunk

Regards.

#2 Updated by Ruben S. Montero over 5 years ago

  • Category set to Drivers - Network
  • Status changed from Pending to New
  • Assignee set to Jaime Melis
  • Target version set to Release 4.4

#3 Updated by Ruben S. Montero over 5 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

#4 Updated by Jaime Melis about 5 years ago

  • Category changed from Drivers - Network to Documentation
  • Status changed from Closed to Assigned
  • Target version changed from Release 4.4 to Release 4.6
  • Resolution deleted (fixed)

Documentation needed

#5 Updated by Jaime Melis almost 5 years ago

  • Status changed from Assigned to Closed

#6 Updated by Stefan Kooman almost 4 years ago

I have setup a "nested" hypervisor. The underlying hypervisor (L0) is managed by opennebula. In order to have network isoloation in the guest hypervisor (L1) I have set up a "trunk" port using the "VLAN_TAGGED_ID" attribute (VLAN_TAGGED_ID="226,227"). As the virtual network has a AR in it, it is seen as a "ACCESS PORT" as well as a "TRUNK" port. Resulting in the following configuration:

Port "vnet6"
tag: 226
trunks: [226, 227]
Interface "vnet6"

This configuration is treated as a "native vlan" by openvswitch. See discussion here: http://openvswitch.org/pipermail/discuss/2015-June/017924.html. Currently there is no way to provide a "trunk" only port with OpenNebula. As a virtual network needs to have a AR to get a lease (and thus reducing the trunk port to a native vlan port for one of the defined vlans). How can we come by this problem in OpenNebula? Drop the requirement for a AR? Add a "TRUNK" option for a virtual network? A "pure" trunked interface is very useful in "nested" hypervisor situations.

#7 Updated by Ruben S. Montero almost 4 years ago

Yes I'd say that an specific attribute would be the ideal. Probably we should open an issue for this in the backlog (instead of reopening this)?

#8 Updated by Stefan Kooman over 1 year ago

Issue #5503 created for this, as suggested by Ruben.

Also available in: Atom PDF