bridges and vlans...

Discussion:

Alexander

2011-05-30 12:06:11 UTC

Hello.
On FreeBSD host system I have the following configuration:
on physical interface I created vlan, connected it to bridge, created epair and added it end to bridge. In such way I can connect several jailed systems (VNET) to one vlan, providing one virtual interface to each jail.
I'm trying to achieve this functionality on OpenIndiana system (oi_151) so that severals zones could be connected to one vlan with own vnic, but I didn't managed yet. I can't create vnic based on vlan and can't bridge vlan...

--
This message posted from opensolaris.org

James Carlson

2011-05-30 16:45:34 UTC

Permalink

Post by Alexander
Hello.
on physical interface I created vlan, connected it to bridge, created epair and added it end to bridge. In such way I can connect several jailed systems (VNET) to one vlan, providing one virtual interface to each jail.
I'm trying to achieve this functionality on OpenIndiana system (oi_151) so that severals zones could be connected to one vlan with own vnic, but I didn't managed yet. I can't create vnic based on vlan and can't bridge vlan...

Bridges exist logically below the level of VLANs, so you can't really
just bridge two distinct VLANs together. It doesn't make sense, at
least to me.

You can create VNICs on top of an etherstub to connect zones together
with a virtual link. I'm not certain, but I suspect that's what you're
trying to do. See:

http://www.sun.com/bigadmin/features/articles/crossbow_net_virt.jsp

--
James Carlson 42.703N 71.076W <carlsonj-dlRbGz2WjHhmlEb+***@public.gmane.org>

Alexander

2011-05-30 17:29:42 UTC

Permalink

Post by Alexander

Post by Alexander
Hello.
On FreeBSD host system I have the following
on physical interface I created vlan, connected it

to bridge, created epair and added it end to bridge.
In such way I can connect several jailed systems
(VNET) to one vlan, providing one virtual interface
to each jail.

Post by Alexander
I'm trying to achieve this functionality on

OpenIndiana system (oi_151) so that severals zones
could be connected to one vlan with own vnic, but I
didn't managed yet. I can't create vnic based on
vlan and can't bridge vlan...
Bridges exist logically below the level of VLANs, so
you can't really
just bridge two distinct VLANs together. It doesn't
make sense, at
least to me.

Let me try to explain in more details.
I'd like to create the following configuration:

physicalInterface => vlanInterface <=> bridge <=> etherstub <=> VirutalInterfaces for zones

In such way I'd like to achieve the following: each zone has exclusive ip stack and multiple zones can be in one vlan, which is seen from outside.
It seems, that most of our tasks can be solved with usual configuration (shared ip stack), but on our FreeBSD hosts such configuration (exclusive ip stack + bridge per vlan) is quite convinient. I was suprised that I can't achive similar configuration on Solaris host.

--
This message posted from opensolaris.org

Sebastien Roy

2011-06-01 11:58:01 UTC

Permalink

Post by Alexander

Hello. On FreeBSD host system I have the following
on physical interface I created vlan, connected it

to bridge, created epair and added it end to bridge. In such way I
can connect several jailed systems (VNET) to one vlan, providing
one virtual interface to each jail.

I'm trying to achieve this functionality on

OpenIndiana system (oi_151) so that severals zones could be
connected to one vlan with own vnic, but I didn't managed yet. I
can't create vnic based on vlan and can't bridge vlan...
Bridges exist logically below the level of VLANs, so you can't
really just bridge two distinct VLANs together. It doesn't make
sense, at least to me.

Let me try to explain in more details. I'd like to create the
physicalInterface => vlanInterface<=> bridge<=> etherstub<=>
VirutalInterfaces for zones
In such way I'd like to achieve the following: each zone has
exclusive ip stack and multiple zones can be in one vlan, which is
seen from outside. It seems, that most of our tasks can be solved
with usual configuration (shared ip stack), but on our FreeBSD hosts
such configuration (exclusive ip stack + bridge per vlan) is quite
convinient. I was suprised that I can't achive similar configuration
on Solaris host.

You can, it's quite simple. This works by creating two VLAN-tagged
VNICs over the same physical link, and adding one to each zone. The
kernel has an implicit logical bridge between a physical link and the
VNICs above it. For example:

dladm create-vnic -v <vlan-tag> -l <physical-link> vnic1
dladm create-vnic -v <vlan-tag> -l <physical-link> vnic2

You then use zonecfg to assign vnic1 and vnic2 to each zone:

zonecfg:zone1> add net
zonecfg:zone1:net> set physical=vnic1
zonecfg:zone1:net> end
...

zonecfg:zone2> add net
zonecfg:zone2:net> set physical=vnic2
zonecfg:zone2:net> end
...

-Seb

Bob Palowoda

2011-06-04 20:59:28 UTC

Permalink

Post by Alexander

Hello. On FreeBSD host system I have the

following

Post by Alexander

on physical interface I created vlan, connected

Post by Alexander

Post by Alexander
to bridge, created epair and added it end to

bridge. In such way I

Post by Alexander

Post by Alexander
can connect several jailed systems (VNET) to one

vlan, providing

Post by Alexander

Post by Alexander
one virtual interface to each jail.

I'm trying to achieve this functionality on

OpenIndiana system (oi_151) so that severals zones

could be

Post by Alexander

Post by Alexander
connected to one vlan with own vnic, but I didn't

managed yet. I

Post by Alexander

Post by Alexander
can't create vnic based on vlan and can't bridge

vlan...

Post by Alexander

Post by Alexander
Bridges exist logically below the level of VLANs,

so you can't

Post by Alexander

Post by Alexander
really just bridge two distinct VLANs together.

It doesn't make

Post by Alexander
sense, at least to me.
Let me try to explain in more details. I'd like to

create the

Post by Alexander
physicalInterface => vlanInterface<=> bridge<=>

etherstub<=>
VirutalInterfaces for zones

Post by Alexander
In such way I'd like to achieve the following: each

zone has

Post by Alexander
exclusive ip stack and multiple zones can be in one

vlan, which is

Post by Alexander
seen from outside. It seems, that most of our tasks

can be solved

Post by Alexander
with usual configuration (shared ip stack), but on

our FreeBSD hosts

Post by Alexander
such configuration (exclusive ip stack + bridge per

vlan) is quite

Post by Alexander
convinient. I was suprised that I can't achive

similar configuration

Post by Alexander
on Solaris host.

You can, it's quite simple. This works by creating
two VLAN-tagged
VNICs over the same physical link, and adding one to
each zone. The
kernel has an implicit logical bridge between a
physical link and the
dladm create-vnic -v <vlan-tag> -l <physical-link>
vnic1
dladm create-vnic -v <vlan-tag> -l <physical-link>
vnic2
You then use zonecfg to assign vnic1 and vnic2 to
zonecfg:zone1> add net
zonecfg:zone1:net> set physical=vnic1
zonecfg:zone1:net> end
...
zonecfg:zone2> add net
zonecfg:zone2:net> set physical=vnic2
zonecfg:zone2:net> end
...

Other examples with pretty pictures here:

http://www.c0t0d0s0.org/archives/5355-Upcoming-Solaris-Features-Crossbow-Part-1-Virtualisation.html

---Bob

--
This message posted from opensolaris.org

Continue reading on narkive:

Search results for 'bridges and vlans...' (Questions and Answers)

replies

Cisco VLAN configuration?

started 2008-02-08 08:07:18 UTC

computer networking

replies

Can I link (bridge)a unsecured network with a router that I can secure on its own?Our landlord provides free WiFi,but need a secure network.?

started 2018-08-28 19:59:29 UTC

computer networking

replies