You are not logged in.

#1 2019-10-24 17:49:15

blochl
Member
Registered: 2018-08-31
Posts: 52

[Solved]How to setup VM and Docker bridges to use different VLAN tags?

I have a (QEMU) VM and a Docker container running on the same host. I would like to have the following setup:

- All the traffic from the VM will go out from the host with a VLAN tag "X".
- All the traffic from the container will go out from the host with a VLAN tag "Y".
- All the traffic from the host itself will go out from it without a VLAN tag.

Could anyone point me to the right direction how to go about it?


Additional details:
- The VM is connected to a bridge "virbr-nat", created by libvirt, and the container is connected to the default "docker0" bridge.
- There's this article as far as Docker goes: https://hicu.be/docker-networking-macvl … figuration but it doesn't fit my case: it assumes a constant and single physical interface. In my case, there are several physical interfaces, the names of which could differ. Ideally, I need a mechanism to just tag the packets from each bridge with the correct VLAN tag on their way out, and not touch the rest of the routing. Tried as described here: https://access.redhat.com/documentation … tool_nmcli , but it doesn't work for bridges (apparently).

Last edited by blochl (2019-11-05 19:24:48)

Offline

#2 2019-10-24 23:55:52

Zod
Member
Registered: 2019-03-10
Posts: 133

Re: [Solved]How to setup VM and Docker bridges to use different VLAN tags?

There's this..I didn't read it in enough depth to know if it pertains to what you are trying to do, In particular I don't understand what you mean by....

blochl wrote:

In my case, there are several physical interfaces, the names of which could differ.

https://docs.docker.com/network/macvlan/

Also, I understand that in some virtualization environments, using macvlan networking exposes the mac address twice for the same physical interface requiring enabling promiscuous mode on/for the interface to work.

Edit: I think I meant to say that 2 different mac address per interface are exposed.

Edit: Additional light reading if you're so inclined..
https://tools.ietf.org/html/rfc5517

Edit: I thought this was pretty fascinating also..
https://wiki.gentoo.org/wiki/QEMU_with_ … ch_network

Edit: A little more on Open vswitch, I think this is where the tagging should be done.
https://developer.ibm.com/tutorials/l-v … etworking/

Last edited by Zod (2019-10-25 02:10:32)

Offline

#3 2019-11-05 19:24:09

blochl
Member
Registered: 2018-08-31
Posts: 52

Re: [Solved]How to setup VM and Docker bridges to use different VLAN tags?

Thanks!

As a follow up, here's how I solved it eventually:
(The several physical interfaces with different names do not matter so much, as I can change them and/or create virtual interfaces)

Created VLAN interfaces:

ip link add link eth0 name eth0.100 type vlan id 100
ip link add link eth0 name eth0.200 type vlan id 200

Pass eth0.100 through to the container:

`ip link set eth0.100 netns "$(docker inspect --format '{{.State.Pid}}' <containername>)"`

(As described here: https://unix.stackexchange.com/question … to-contain )

Then turn the interface on and run dhcpcd in the container using:

docker exec -u 0 <containername> ip link set dev eth0.100 up
docker exec -u 0 <containername> dhcpcd -b eth0.100

As for the VM - I just passed the second interface there, and the OS in the VM already knew what to do with it. smile

Offline

Board footer

Powered by FluxBB