Hands-on practice of Linux VLAN-playing with OpenStack (13) every five minutes)

Hands-on practice of Linux VLAN-playing with OpenStack (13) every five minutes)

This section describes how to implement and configure the following VLAN network in the experiment environment.

Configure VLAN

Edit/etc/network/interfaces and configure eth0.10, brvlan10, eth0.20, and brvlan20.
Vmdiff is used to demonstrate modifications to/etc/network/interfaces.

Restart the host machine, ifconfig Network Interfaces

Use brctl show to view the current Linux Bridge configuration.
Eth0.10 and eth0.20 are respectively mounted on brvlan10 and brvlan20.

VM VM1 and VM2 have been created in advance on the host machine, and are all shut down.

Configure VM1

In virt-manager, Mount VM1's virtual network card to brvlan10.

Start VM1

View Bridge and find that brvlan10 is connected to a vnet0 device.

Verify that this is the virtual network card of vm1.

Configure VM2

Similarly, mount the VM2 Nic on the brvlan20

Start VM2

View Bridge and find that brvlan20 is connected to a vnet1 device.

Verify that this is the virtual network card of VM2 through virsh.

Verify VLAN isolation

To verify the isolation between VLAN10 and VLAN20, we configure the IP address of the same network segment for VM1 and VM2.

Configure the VM1 IP Address

Configure the IP address of VM2

Ping test VM1 and VM2 are not available

The reason is as follows:
1. Before VM2 sends a Ping packet to VM1, you need to know the MAC address corresponding to VM1 IP 192.168.100.10. VM2 broadcasts ARP packets on the network. Its function is to ask "who knows what the MAC address of 192.168.100.10 is ?"
2. ARP is a layer-2 protocol. VLAN isolation allows ARP to be broadcast only within the VLAN20 range. Only brvlan20 and eth0.20 can receive ARP packets, but devices in VLAN10 cannot receive ARP packets. VM1 cannot respond to the ARP packet sent by VM2.
3. If VM2 does not get the MAC address of VM1 vnet0, it cannot Ping VM1.

Linux Bridge + VLAN = Virtual Switch

Now we will summarize the network Virtualization of KVM.

1. A physical switch has multiple VLANs. Each VLAN has multiple ports.
   The same VLAN port can be exchanged and forwarded, and different VLAN ports are isolated.
   Therefore, the vswitch has two functions:Exchange and isolation.

2. What Linux VLAN devices implement isIsolation function, but no switching function.
   A VLAN parent device (such as eth0) cannot have two VLAN sub-devices with the same ID, so data exchange is impossible.

3. Linux BridgeSwitch feature.
   After attaching sub-devices of the same VLAN to a Bridge, data can be exchanged between devices.

To sum up, Linux Bridge and VLAN fully simulate L2 switches in the real world at the functional level.

Eth0 is equivalent to the trunk port on the vswitch, and allows the data of vlan10 and vlan20 to pass through
Eth0.10, vent0, and brvlan10 can both look at the access port of vlan10.
Eth0.20, vent1, and brvlan20 can both look at the access port of vlan20.