i have used both network modes as single instances but now i want to use both at the same time.
Here in a short list of the “Why”
i just want to have 2 NIC’s per Compute Host (one for the VM’s and one for the management network)
the VM network interface is accessing a switch as a VLAN trunk (therefore the VLAN mode)
there are 3 different VLAN’s within my network (100 for internet access, 50 for a special net and 25 just for the VM’s)
if all VM’s are now accessing the VLAN 25, they should just be able to see eachother if they are in the same group (which ebtables does pretty nice)
Conclusion:
As i understand the Modes, to be able to set up my setting, there is something like wrapping the ebtables mode within the VLAN mode needed to separate the VM’s of different groups even if they are in the same VLAN
i saw the ACL already but i don’t think that will fit or did i missed something?
the Problem i see:
both protocols are using OSI Layer 2 so i think there will be interference between them.
Do you have any clues how to set it up the right way?
Hello, why not use VLAN per VM Group? Opennebula is able to generate VLAN ID and also you can configure reserved VLAN IDs in oned.conf. I think that it is better approach.
in this case the maximum amount of Groups with their own network would be limited to 4096.
The point is that i have a physical network but don’t want to wire that much for each compute node. Therefore i created 3 VLAN, which should be accessible through one port. But i also want a separation of each Virtual network within the VLAN
It’s basically the following:
VM01 in Group01 —| bridged to |–> VLAN 50
VM02 in Group01 —| bridged to |–> VLAN 50
they should see eachother BUT
VM03 in Group02 —| bridged to |–> VLAN 50
VM04 in Group02 —| bridged to |–> VLAN 50
VM03 and VM04 should just see eachother (same group) but not VM01 and VM02 (different Group) and vice versa.
I think to be able to to that there is someting like the following needed.
Hi, I understand what you do, but 4096 networks is not sufficient? I think that is better solution over mixing VLANs with Ebtables mainly when there is no support in OpenNebula, but of course you can write own netwrok driver or what about VXLAN?
well, yes vxlan would extend it to 16 million possible separated networks but unfortunately i have a limitation because the network is already split into those three networks which i can use for my purpose (big company with old infrastructure).
So you don’t think there is a -more or less- easy way to implement this?
Pecadis
Edit 20.02.2017:
I found a solution. I have asked the Admin to make the Port to a VLAN Trunk Port first and set up the Linux vlan. Easy and simple … didn’t had it in mind in the first time.
Here you can find my /etc/network/interfaces configuration for sharing the public net (VLAN 50) as the pubnet Bridge to the VM
auto pubnet
iface pubnet inet manual
bridge_ports eth0.50
vlan-raw-device eth0
Hopefully it helps someone to solve a similiar issue =)