Cisco Cisco Packet Data Gateway (PDG)
VLANs
VLANs and KVM Hypervisor ▀
VPC-VSM System Administration Guide, StarOS Release 19 ▄
233
VLANs and KVM Hypervisor
Network Isolation
NGOS networking stack implementation allows the KVM host to act as a simple layer 2 bridge (that is, an Ethernet
switch), a forwarding or NAT router, a stateful firewall, or any combination of those roles.
switch), a forwarding or NAT router, a stateful firewall, or any combination of those roles.
VLANs versus Bridged Interfaces
In the KVM virtualization scenario, VLAN usage can be seen as an extension to the simple bridge interface sharing. The
difference lies in which interface participates in the bridge set. In the standard mode of operation (as seen in the
examples in Network port sharing with Ethernet bridges), the physical interfaces (such as eth0, eth1...) are bound to the
bridge, which is used by each guest. These interfaces carry unmodified packets coming externally or being generated
internally, with or without a VLAN ID tag.
difference lies in which interface participates in the bridge set. In the standard mode of operation (as seen in the
examples in Network port sharing with Ethernet bridges), the physical interfaces (such as eth0, eth1...) are bound to the
bridge, which is used by each guest. These interfaces carry unmodified packets coming externally or being generated
internally, with or without a VLAN ID tag.
It is possible to filter out every package not carrying a particular VLAN ID by creating subinterfaces. These
subinterfaces become part of the VLAN defined by a specific VLAN ID.
subinterfaces become part of the VLAN defined by a specific VLAN ID.
Applying this concept to the bridged interface sharing method involves replacing the bound physical interface by a
subinterface that is part of a particular VLAN segmentation. This way, every virtual machine guest with interfaces
bound to this bridge is part of that particular VLAN. Like in the simple Ethernet bridge environment, the network
provided is transparent.
subinterface that is part of a particular VLAN segmentation. This way, every virtual machine guest with interfaces
bound to this bridge is part of that particular VLAN. Like in the simple Ethernet bridge environment, the network
provided is transparent.
Important:
Not all NIC types support VLAN trunking into a bridge, as many filter out VLANs in hardware.
Additional Information
For additional information on configuring VLANs with the KVM hypervisor see the URLs below:
Configuring 802.1q VLANs –
http://pic.dhe.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp?topic=%2Fliaat%2Fliaatkvmsecconfvlans.htm
KVM/Networking – https://help.ubuntu.com/community/KVM/Networking