[Solved]How to setup VM and Docker bridges to use different VLAN tags?

blochl · 2019-10-24 17:49:15

I have a (QEMU) VM and a Docker container running on the same host. I would like to have the following setup:

- All the traffic from the VM will go out from the host with a VLAN tag "X".
- All the traffic from the container will go out from the host with a VLAN tag "Y".
- All the traffic from the host itself will go out from it without a VLAN tag.

Could anyone point me to the right direction how to go about it?

Additional details:
- The VM is connected to a bridge "virbr-nat", created by libvirt, and the container is connected to the default "docker0" bridge.
- There's this article as far as Docker goes: https://hicu.be/docker-networking-macvl … figuration but it doesn't fit my case: it assumes a constant and single physical interface. In my case, there are several physical interfaces, the names of which could differ. Ideally, I need a mechanism to just tag the packets from each bridge with the correct VLAN tag on their way out, and not touch the rest of the routing. Tried as described here: https://access.redhat.com/documentation … tool_nmcli , but it doesn't work for bridges (apparently).

Last edited by blochl (2019-11-05 19:24:48)

Zod · 2019-10-24 23:55:52

There's this..I didn't read it in enough depth to know if it pertains to what you are trying to do, In particular I don't understand what you mean by....

blochl wrote:

In my case, there are several physical interfaces, the names of which could differ.

https://docs.docker.com/network/macvlan/

Also, I understand that in some virtualization environments, using macvlan networking exposes the mac address twice for the same physical interface requiring enabling promiscuous mode on/for the interface to work.

Edit: I think I meant to say that 2 different mac address per interface are exposed.

Edit: Additional light reading if you're so inclined..
https://tools.ietf.org/html/rfc5517

Edit: I thought this was pretty fascinating also..
https://wiki.gentoo.org/wiki/QEMU_with_ … ch_network

Edit: A little more on Open vswitch, I think this is where the tagging should be done.
https://developer.ibm.com/tutorials/l-v … etworking/

Last edited by Zod (2019-10-25 02:10:32)

blochl · 2019-11-05 19:24:09

Thanks!

As a follow up, here's how I solved it eventually:
(The several physical interfaces with different names do not matter so much, as I can change them and/or create virtual interfaces)

Created VLAN interfaces:

ip link add link eth0 name eth0.100 type vlan id 100
ip link add link eth0 name eth0.200 type vlan id 200

Pass eth0.100 through to the container:

`ip link set eth0.100 netns "$(docker inspect --format '{{.State.Pid}}' <containername>)"`

(As described here: https://unix.stackexchange.com/question … to-contain )

Then turn the interface on and run dhcpcd in the container using:

docker exec -u 0 <containername> ip link set dev eth0.100 up
docker exec -u 0 <containername> dhcpcd -b eth0.100

As for the VM - I just passed the second interface there, and the OS in the VM already knew what to do with it.

Arch Linux

#1 2019-10-24 17:49:15

[Solved]How to setup VM and Docker bridges to use different VLAN tags?

#2 2019-10-24 23:55:52

Re: [Solved]How to setup VM and Docker bridges to use different VLAN tags?

#3 2019-11-05 19:24:09

Re: [Solved]How to setup VM and Docker bridges to use different VLAN tags?

Board footer