Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create single-nic-vm-host-with-vlans.md #476

Merged
merged 3 commits into from
Jun 19, 2024
Merged

Create single-nic-vm-host-with-vlans.md #476

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c91da14
Create single-nic-vm-host-with-vlans.md
ilvipero May 28, 2024
f551bdf
Apply suggestions from code review
ilvipero Jun 4, 2024
f2b90d4
Reformat single-nic-vm-host-with-vlans.
rkratky Jun 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions doc/howto.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ creating-link-aggregation
dbus-config
netplan-everywhere
single-nic-vm-host
single-nic-vm-host-with-vlans
```


Expand Down
239 changes: 239 additions & 0 deletions doc/single-nic-vm-host-with-vlans.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,239 @@
# How to configure a VM host with a single network interface and three VLANs

This guide shows how to configure a virtual machine (VM) host using Netplan and the `virsh` interface. The host in this scenario has a single network interface (NIC) and three VLAN networks.


## Prerequisites

Ensure the following prerequisites are satisfied.


### System

- Computer with a single network interface card (NIC).
- Ubuntu Server installed.
- KVM and QEMU installed; see [KVM installation](https://help.ubuntu.com/community/KVM/Installation).
- Administrator privileges.


### Networking

- IPv4:
- VLAN1 untagged (management), IPv4: 192.168.150.0/24
- VLAN40 tagged (guest), IPv4: 192.168.151.0/24
- VLAN41 tagged (dmz), IPv4: 192.168.152.0/24
- DNS1: 1.1.1.1
- DNS2: 8.8.8.8
- Switch with [VLAN](https://en.wikipedia.org/wiki/VLAN) support
- Router with [VLAN](https://en.wikipedia.org/wiki/VLAN) support
- VLAN1 IPv4: 192.168.150.254/24
- VLAN40 IPv4: 192.168.151.254/24
- VLAN41 IPv4: 192.168.152.254/24
- InterVLAN routing, DNS, and DHCP configured
- Firewall configured; see [UFW](https://help.ubuntu.com/community/UFW).


#### Disable netfilter for bridged interfaces

To allow communication between the host server, its virtual machines, and the devices in the local VLANs, disable netfilter for bridged interfaces:

1. Add the following lines to the `/etc/systemctl.conf` configuration file:

```
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-arptables = 0
```

2. Apply the changes immediately, without rebooting the host.

```none
sysctl -p /etc/sysctl.conf
```


## Netplan configuration

Configure Netplan:

- Disable DHCP on the NIC.
- Create two VLANs (40 and 41).
- Create three bridge interfaces, and assign IPv4 addresses to them:
- `br0`: bridge on the untagged VLAN1 and the management interface of the server
- `br0-vlan40`: bridge on `vlan40`
- `br0-vlan41`: bridge on `vlan41`
- Configure routes.
- Configure DNS.

1. To achieve this, modify the Netplan configuration file, `/etc/netplan/00-installer-config.yaml`, as follows:

```yaml
# network configuration:
# eno1 - untagged vlan1
# eno1-vlan40 - VLAN interface to connect to tagged vlan40
# eno1-vlan41 - VLAN interface to connect to tagged vlan41
# br0 - bridge for interface eno1 on untagged vlan1
# br0-vlan40 - bridge on tagged vlan40
# br0-vlan41 - bridge on tagged vlan41

network:
version: 2
ethernets:
eno1:
dhcp4: false
vlans:
eno1-vlan40:
id: 40
link: eno1
eno1-vlan41:
id: 41
link: eno1
bridges:
br0:
interfaces: [eno1]
dhcp4: false
addresses: [192.168.150.1/24]
routes:
- to: default
via: 192.168.150.254
metric: 100
on-link: true
nameservers:
addresses: [1.1.1.1, 8.8.8.8]
search: []
br0-vlan40:
interfaces: [eno1-vlan40]
dhcp4: false
routes:
- to: 0.0.0.0
via: 192.168.151.254
metric: 100
on-link: true
nameservers:
addresses: [1.1.1.1, 8.8.8.8]
br0-vlan41:
interfaces: [eno1-vlan41]
dhcp4: false
routes:
- to: 0.0.0.0
via: 192.168.152.254
metric: 100
on-link: true
nameservers:
addresses: [1.1.1.1, 8.8.8.8]
```

2. Test the new network settings:

```none
netplan try
```

3. Apply the configuration:

```
netplan apply
```


## Configure virtual networks using `virsh`

The next step is to configure virtual networks defined for `virsh` domains. This is not necessary, but it makes VM deployment and management easier.


### Check networking and delete the default network

1. Check existing virtual networks:

```none
virsh net-list --all
```

There should be one default network as in this example:

```
Name State Autostart Persistent
--------------------------------------------
default active yes yes
```

If needed, use the `net-info` command to gather more details about the default network:

```
virsh net-info default
```

2. Remove the default network:

```
virsh net-destroy default
virsh net-undefine default
```

3. Check network list to confirm the changes have been applied. There should no networks defined now:

```none
virsh net-list --all
```


### Create bridged networks

1. Create a directory for VM data. For example:

```none
mkdir /mnt/vmstore/
cd /mnt/vmstore/
```

2. Define the bridge interface, `br0`, for VLAN1 by creating the `/mnt/vmstore/net-br0.xml` file with the following contents:

```xml
<network>
<name>br0</name>
<forward mode="bridge" />
<bridge name="br0" />
</network>
```

3. Define the bridge interface, `br0-vlan40`, for VLAN40 by creating the `/mnt/vmstore/net-br0-vlan40.xml` file with the following contents:

```xml
<network>
<name>br0-vlan40</name>
<forward mode="bridge" />
<bridge name="br0-vlan40" />
</network>
```

4. Define the bridge interface, `br0-vlan41`, for VLAN41 by creating the `/mnt/vmstore/net-br0-vlan41.xml` file with the following contents:

```xml
<network>
<name>br0-vlan41</name>
<forward mode="bridge" />
<bridge name="br0-vlan41" />
</network>
```

5. Enable the virtual (bridged) networks. This consists of three steps (performed for each of the networks):

1. Define the network.
2. Start the network.
3. Set the network to autostart.

```
virsh net-define net-br0.xml
virsh net-define net-br0-vlan40.xml
virsh net-define net-br0-vlan41.xml
virsh net-start br0
virsh net-start br0-vlan40
virsh net-start br0-vlan41
virsh net-autostart br0
virsh net-autostart br0-vlan40
virsh net-autostart br0-vlan41
```

6. Test the bridged networks.

Congratulations, the configuration is complete. You can now create a virtual machine, assign the desired network using your preferred VM configuration tool, and run some tests.
Loading