[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-discuss] Multiple VM's on Multiple VLANS

From: Brian Doyle
Subject: Re: [Qemu-discuss] Multiple VM's on Multiple VLANS
Date: Thu, 1 Nov 2012 08:03:26 -0400

Your assumptions where correct i was using the vlan= settings with in the qemu command.  I have setup the true vlan's and bridged my taps to them.  With doing it this way do I need to use iptables to ensure that network traffic "flows" correctly?  I ask this becuase if I take out the vlan= settin gfrom the qemu command I do not seem to have the connectivity that I am looking for?
Here is my qemu-ifup script.  There is a good chance my bridges are not configured correctly.

I run this script with: qemu-ifup tap0 tap1 tap2 tap3 tap4

# script to bring up the tun device in QEMU in bridged mode 
# first parameter is name of tap device (e.g. tap0)
# some constants specific to the local host - change to suit your host




# First take eth0 down, then bring it up with IP 
#/sbin/ifdown eth0
/sbin/ifconfig eth0 promisc up
#/sbin/ifdown vlan4
/sbin/ifconfig vlan4 promisc up
#/sbin/ifdown vlan5
/sbin/ifconfig vlan5 promisc up
#/sbin/ifdown vlan101
/sbin/ifconfig vlan101 promisc up

# Bring up the tap device (name specified as first argument, by QEMU)
/usr/sbin/openvpn --mktun --dev $1 --user `id -un`
/sbin/ifconfig $1 promisc up

/usr/sbin/openvpn --mktun --dev $2 --user `id -un`
/sbin/ifconfig $2 promisc up

/usr/sbin/openvpn --mktun --dev $3 --user `id -un`
/sbin/ifconfig $3 promisc up

/usr/sbin/openvpn --mktun --dev $4 --user `id -un`
/sbin/ifconfig $4 promisc up

/usr/sbin/openvpn --mktun --dev $5 --user `id -un`
/sbin/ifconfig $5 promisc up

# create the bridge between eth0 and the tap device
/usr/sbin/brctl addbr br0
/usr/sbin/brctl addif br0 eth0
/usr/sbin/brctl addif br0 vlan4
/usr/sbin/brctl addif br0 $1
#/usr/sbin/brctl addif br0 $2
#/usr/sbin/brctl addif br0 $3
#/usr/sbin/brctl addif br0 $4
#/usr/sbin/brctl addif br0 $5
/usr/sbin/brctl addbr br1
/usr/sbin/brctl addif br1 vlan5
/usr/sbin/brctl addif br1 $2
/usr/sbin/brctl addif br1 $3
/usr/sbin/brctl addbr br2
/usr/sbin/brctl addif br2 vlan101
/usr/sbin/brctl addif br2 $4
/usr/sbin/brctl addif br2 $5
#/usr/sbin/brctl addbr br3
#/usr/sbin/brctl addif br3 $4
#/usr/sbin/brctl addif br3 $5

# only a single bridge so loops are not possible, turn off spanning tree protocol
/usr/sbin/brctl stp br0 off 
/usr/sbin/brctl stp br1 off 
/usr/sbin/brctl stp br2 off 
#/usr/sbin/brctl stp br3 off 
# Bring up the bridge with ETH0IP and add the default route 
/sbin/ifconfig br0 $ETH0IP netmask broadcast $BROADCAST
/sbin/route add default gw $GATEWAY

/sbin/ifconfig br1 $TAP1IP netmask broadcast $TAP1BC
#/sbin/ifconfig br2 $TAP2IP netmask broadcast $TAP2BC
/sbin/ifconfig br2 $TAP3IP netmask broadcast $TAP3BC

# stop firewall - comment this out if you don't use Firestarter
#/sbin/service firestarter stop 

Brian C. Doyle

On Tue, Oct 30, 2012 at 1:33 PM, Mike Lovell <address@hidden> wrote:
On 10/30/2012 11:15 AM, Brian Doyle wrote:
Hello all,

I am trying to setup multiple VM's utilizing multiple VLANS.  My basic setup works using a single bridge on the host but this bridge is allowing DHCP requests to get through to my VM with a DHCP server running.

Here is a "map" of what I am trying

VM1 -> 192.168.1.# -> tap0 & -> 172.16.0.# -> tap1

VM2-> 172.16.0.# -> tap2  & -> 10.0.0.# -> tap3

VM3 -> 10.0.0.# -> tap4

VM3 is a thin client PXE boot setup connecting to VM2.  VM2 is allowed access through to the real world via VM1.

i assume that all of the tap devices are connected to the single bridge on the host that you said you had and that it is a standard kernel bridge. if that is the case, then all of those devices are connected to the same broadcast domain. i am also guessing that you put a different 'vlan=X' option on each qemu process. if this is what you did, its not correct for what you want and a very common mistake.

in the qemu network options, a 'vlan' is *not* a 802.1q vlan which is what a lot of people think it is. 'vlan' in qemu terms means a pseudo network hub that gets set up inside the qemu process. one or more network frontends, i.e. a guest network device, and network backends, i.e. a host tap device, get connected to this pseudo hub which blindly passes packets between devices. it doesn't do anything related to 802.1q vlans and doesn't inspect the packets. it just passes them along.

the traditionally accepted way of separating vms into actual 802.1q vlans has been to use vconfig on the host to create a vlan network interface and then create a linux bridge for each vlan which has the vlan interface connected to it. then you would connect the appropriate tap interfaces to the bridge for each vlan. this method works well. another way to do this is to use openvswitch and configure vlans in it with an uplink using your regular interface. it is a slightly more complicated system to configure and less documentation out there but a more advanced way of doing things.

hopefully that answers your question.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]