Bridge Aliases - Public Private Subnets

(Ben McGuire) #1

Does anyone know the correct setup for configuring aliases on the bridge interface.

The bridge virbr0 is connected to eth1 so we have tried creating eth1:0 which did not work.

The only way it worked was manually using this cmmand

/sbin/ifconfig virbr0:0 netmask

this allows our private network to be used alongside the public subnet configured on the bridge virbr0 however this is not a viable solution as a reboot would kill it.
We have tried post-up script but that too failed as the interface fails to come up.

(Антон Зубков) #2

Hello Ben,
Create new bridge for opennebula (br0). Why do you need aliases?

(Ben McGuire) #3

Hi Anton,

Creating a bridge is not the issue.
Due to routing of our public subnets we can only route them out via eth1 which is being used by the bridge for Opennebula. In addition our servers are linked via a private switch ( subnet ) also via eth1.

A second bridge cannot be created using eth1 as duplicate bridges are not allowed. So in light of the above I thought a work around would be creating an alias on eth1 for the private subnet however this does not work either.
/sbin/ifconfig virbr0:0 netmask

works as this creates the private subnet on the bridge as well as the public subnet associated with the bridge. However as I am writing this I just though maybe I do not need to add a public subnet to the bridge at all as I will be adding a public subnet via Sunstone anyway…then I can add the private subnet directly to the bridge…not sure if this will work. All our public subnets need to be routed out via eth1 due to mac address restrictions.

(Антон Зубков) #4

What in “brctl show”?

P.S. I use Openvswitch + vxlan for private networks in One.

(Ben McGuire) #5

Hi Again Anton,

Sorry they system made me wait before posting again :slight_smile:

I cannot show you the bridge setup as I have deleted everything on the dev server an installed ESXi as I am now testing vOneCloud as currently we use VMware Integrated Openstack so migrating will be so much easier. Plus ,my NFS datastore issue is no longer as I can (hopefully) use our existing vSAN storage in VMware.
There is no guide to state the vSAN is compatible but as vSAN is just another VMFS volume I cannot see why it would not work.

We also use vxlan via VMware NSX however I think Openvswitch is overkill and frankly IMHO Openvswtich is overrated and only given the gold standard for SDN due to the big Cloud providers wanting a standard integration when they build the various cloud projects especially in Openstack.

I also think setting up vOneCloud will be easier as I come from a VMware background so setting this up I could do with my eyes closed and from what I see it should not be too difficult. ( fingers crossed ).

There must be a way to use more than one subnet on a bridge or ethernet interface that is being used by a bridge. As I said before I can add the subnet manually but I cannot make it persistent.

I guess there is no point crying over spilt milk however I am going to find a way so that others my benefit in future as I cannot see any solution in my hours of testing and Googling.

(Kai 'wusel' Siering) #6

Which OS flavor are you running? Debian/Ubuntu allow to run stuff after interface has been brought up in /etc/network/interfaces, e. g.:

auto br-vlanX
iface br-vlanX inet static
  bridge_ports eth1
  bridge_stp off
  bridge_maxwait 0
  bridge_fd 0
  post-up ip addr add dev $IFACE
  post-up ip addr add dev $IFACE

RHEL/CentOS/… provide similar options, IIRC. (Please note that alias interfaces and ifconfig itself are deprecated :slight_smile:)

(Jan "Yenya" Kasprzak) #7

Hello Ben,

I have a similar setup - my hosts run CentOS 7, and we allow the VMs to be connected to the infrastructure outside ONe using bridges (and, differing from your setup, using VLANs). I have an interface “eth0”, statically configured using ifcfg-eth0, and connected to a VLAN dedicated for ONe physical hosts only. Then I have several VLANs I want my VMs to have access to. For each VLAN I have the vlanXY interface with PHYSDEV=eth0, the ethernet switch sends that VLAN as dot1x tagged traffic to the physical host, and on each physical host I also have a brXY bridge interface with no address, to which both the vlanXY interface and one-XXX-Y tun/tap interfaces are added.

Everything on physical hosts is statically configured, ONe just knows that it has to add a newly deployed VM to the brXY bridge accordingly.

Just don’t use the virbr0 interface, which is internal to libvirt and it is somewhat outside of both host OS and ONe control. You can even delete it using virsh net-undefine default, but I did not even bother.

FWIW, vxlan requires support for jumbo frames on your physical infrastructure (ethernet switches and Linux hosts). Some of the HW I use is too old and does not support jumbo frames at all.