Network configuration on XEN server with 2 interfaces, bridge and VLANs

Simple configuration of network on XEN server running on Debian Jessie, with 2 interfaces, when you want to use only one physical interface (eth1) for VPS, but using VLANs allow VPS to use Internet and LAN connections.

  • eth0 – Management LAN
  • eth1 – two networks: VLAN 11 and VLAN 12 in trunk link from cisco switch

VLANs provided from cisco switch on eth1:

  • VLAN 11 – Clients Internet
  • VLAN 12 – Clients LAN

Configuration on switch Cisco:

interface GigabitEthernet 0/9
 switchport trunk allowed vlan 11,12
 switchport mode trunk
 exit

On your Debian XEN server install necessary packages and load module to support VLANs:

aptitude install vlan
aptitude install bridge-utils #perhaps you installed it earlier

modprobe 8021q
echo "Support for VLANs" >> /etc/modules
echo 8021q >> /etc/modules
lsmod | grep 8021q

Turn on VLANs 11 and 12, add bridge and add interfaces to bridges:

#Configure VLANs
vconfig add eth1 11
vconfig add eth1 12
ifconfig eth1.11 up
ifconfig eth1.12 up
#Create bridges
brctl addbr xenbr_net
brctl addbr xenbr_lan
#Add interfaces to bridges
brctl addif xenbr_net eth1.11
brctl addif xenbr_lan eth1.12

I want to add IP address only on LAN interface (xenbr_lan), I don’t want to allow connection from xenbr_net to my XEN server, so I don’t add IP address to this interface.

ifconfig xenbr_lan up
ip addr add 10.0.0.2/24 dev xenbr_lan

Edit file /etc/network/interfaces to make configuration working after rebooting system:

iface eth1.11 inet manual
    vlan-raw-device eth1

auto xenbr_net
iface xenbr_net inet static
    bridge_ports eth1.11
    bridge_stp off
    bridge_maxwait 0
    bridge_fd 0

iface eth1.12 inet manual
    vlan-raw-device eth1

auto xenbr_lan
iface xenbr_lan inet manual
    address 10.0.0.2
    netmask 255.255.255.0
    #gateway 10.0.0.1 #not used in my config
    bridge_ports eth1.12
    bridge_stp off
    bridge_maxwait 0
    bridge_fd 0

Now, when you create VPS you can add to it one or two interfaces, and on VPS side configure it as normal ethernet (without VLANs). Part of VPS configuration in /etc/xen/vpstest.cfg file:

vif         = [ 'ip=1.2.3.4 ,mac=00:16:3E:AA:AA:AA,vifname=vpstest.0,bridge=xenbr_net',
                'ip=10.0.0.10 ,mac=00:16:3E:BB:BB:BB,vifname=vpstest.1,bridge=xenbr_lan' ]

Show configuration of network on XEN:

root@xenmaster:~$ brctl show
bridge name    bridge id        STP enabled    interfaces
xenbr_net      8000.003048f6f21b    no        eth1.11
                                              vpstest.0
xenbr_lan      8000.003048f6f21b    no        eth1.12
                                              vpstest.1

root@xenmaster:~$ ip ro
(...)
10.0.0.0/24 dev xenbr_lan  proto kernel  scope link  src 10.0.0.2

 

Ten wpis został opublikowany w kategorii Linux, network, Xen i oznaczony tagami , , , . Dodaj zakładkę do bezpośredniego odnośnika.