VLAN-based DHCP address pool implementation in OVS, ovsvlandhcp

VLAN-based DHCP address pool implementation in OVS, ovsvlandhcp

Preface

VLAN, as a virtual LAN technology, plays an important role in switch networking management and cloud computing platform network services, especially in the current Virtual Switching OVS, VLAN applications are more flexible and important. For the basic usage of VLAN in OVS, see the author's article OVS-based VLAN application and implementation. This article describes how to assign DHCP address pools of different network segments to DHCP servers in VLAN networks.

I. Technical Background

Generally, the DHCP server can allocate different address Pools Based on the option extension field of the DHCP protocol. Because a VLAN belongs to a L2 network, it cannot obtain VLAN information in upper-layer DHCP applications, to divide an address pool based on VLAN information, you can either bring VLAN information to the application layer in a certain way, or enable Multiple DHCP services in different VLAN networks. Generally, the latter method is relatively simple.

For example, in a Linux system network node, different external vlan networks can communicate with different VM hosts on the node, devices connected through the eth0 interface need to obtain addresses of different network segments based on different VLANs. To process packets of vlan1 and vlan2, The eth0 interface uses the vconfig tool to create virtual interfaces of eth0.1 and eth0.2, bridge with the VM's tap port, and then enable the DHCP Server service through interface binding on each bridge interface. This completes the function of dividing different address pools for different VLANs.

II. Implementation Principle

If there are many device interfaces and there are many VLAN subnets, you need to create many VLAN virtual interfaces to process different vlan packets of different interfaces. For example, if two eth0 and eth1 interfaces exist, both vlan1 and vlan2 packets must be processed, in this way, four virtual interfaces (eth0.1, eth0.2, eth1.1, and eth1.2) need to be created. This multiplication relationship is cumbersome to use in scenarios with many network interfaces and vlan subnets. Further, if these virtual interfaces Complete Multiple Address pools in the Virtual Switching OVS, you also need to create multiple OVS bridges.

In the OVS network, there is a bridge interface of the internal type. You can set tags for this interface to process packets of different VLANs, by starting the DHCP service on this interface to allocate different address pools, the network is achieved, as shown in:

Eth1 and eth2 are used as the trunk ports of OVS to forward packets on the link. dhcp1 and dhcp2 are the internal interfaces of the tag 1 and 2, respectively, configure the IP address on dhcp1 and dhcp2 and enable DHCP Server. This completes the requirements for allocating different address pools for different VLANs.

3. Configure commands

Create ovs bridge Java

 
 

  
  
# ovs-vsctl add-br br-ovs  
 
 

Eth1 and eth2 are added to OVSJava

 
 

  
  
# ovs-vsctl add-port br-ovs eth1 
  
  
# ovs-vsctl add-port br-ovs eth1 
 
 

Create bridge interfaces dhcp1 and dhcp2Java that enable dhcp service

 
 

  
  
# ovs-vsctl add-port br-ovs dhcp1 -- set interface dhcp1 type=internal 
  
  
# ovs-vsctl add-port br-ovs dhcp2 -- set interface dhcp2 type=internal 
 
 

Set tagJava of dhcp1 and dhcp2

 
 

  
  
# ovs-vsctl set Port dhcp1 tag=1 
  
  
# ovs-vsctl set Port dhcp2 tag=2 
 
 

View the preceding configuration as follows:

Configure address-to-bridge interfaces dhcp1 and dhcp2Java

 
 

  
  
# ifconfig dhcp1 192.168.1.1 
  
  
# ifconfig dhcp2 10.0.0.1 
 
 

Start dhcp Service Java on dhcp1 and dhcp2

 
 

  
  
# dnsmasq --bind-interfaces --except-interface=lo --interface dhcp1  
  
  
--dhcp-range 192.168.1.2,192.168.1.10 
  
  
# dnsmasq --bind-interfaces --except-interface=lo --interface dhcp2 
  
  
 --dhcp-range 10.0.0.2,10.0.0.10 
 
 

Iv. Test Results

Run the dhcp client on the PC device to obtain the IP address, and attach tag1 and tag2 to eth1 (or eth2) through the switch to test the vlan. When the tag value is 1, the dhcp packet of vlan1 can be captured through tcpdump on eth1:

The dhcp packet is as follows:

When the tag value is 2, the dhcp packet of vlan2 is displayed as follows through tcpdump packet capture on eth1:

The dhcp packet is as follows:

From the above verification results, we can see that the two bridge interfaces dhcp1 and dhcp2 only process packets corresponding to vlan values based on the configured tag, and complete VLAN isolation for different network segments, thus, different VLANs are allocated with different DHCP address pools.