Debian – Should VLAN Interface Be Added into Bridge for KVM?

bridgedebiankvm-virtualizationvlan

I am setting up a Debian Squeeze box as a KVM host. I want to add multiple interfaces to each KVM guest so I want them to be on different VLANs.

After reading about this, I believe the best method is to add multiple logical VLAN (sub)-interfaces to the physical NICs and then create a bridge adapter for each VLAN interace, and assign each bridge as a NIC for KVM guests. Does this make good sense, or madness?

Do I have to use bridged interfaces with KVM like this? Can't I just add eth1.xx and eth1.yy to my interfaces config below and then configure those directly as bridged KVM guest NICs? If so, how should this look in the interfaces config file below?

user@host:~$ cat /etc/network/interfaces 
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# Management Interface
auto eth0
iface eth0 inet static
address 172.22.0.31
netmask 255.255.255.0
gateway 172.22.0.1

# Interface for guest VMs
auto eth1

# Guest1 : Use VLAN 117
auto eth1.117
iface eth1.117 inet manual
# Set up br1 for guest 1, bridging with vlan 117
auto br1.117
iface br1.117 inet manual
bridge_ports eth1.117
bridge_stp off

user@host:~$ uname -a
Linux hostname 3.4.9 #1 SMP Wed Aug 22 19:08:46 BST 2012 x86_64 GNU/Linux

UPDATE

I would really like it if someone could clarify the config for me, as I have also seen the above configured with this syntax, so I don't see why one would be preferred over the other;

# Interface for guest VMs
auto eth1
allow-hotplug eth1
iface eth1 inet static

# Vlan 117 for guest 1
auto vlan 117
iface vlan111 inet static
vlan_raw_device eth1

# Guest 1 : NIC 1
auto br1.117
iface br1.117 inet manual
bridge_ports vlan117
bridge_stp off

ANSWER

I agree with dyasny on the topology, and am happily using the following config with is similar to Silopolis' example:

# Mangement Interafce
allow-hotplug eth0
# Guest Interface
allow-hotplug eth1

# Guest 1
allow-hotplug vlan116
# Guest 2
allow-hotplug vlan117

# Management
auto eth0
iface eth0 inet static
address 10.0.0.10
netmask 255.255.255.0
gateway 10.0.0.1

# Guest 1
auto vlan116
iface vlan116 inet manual
vlan_raw_device eth1

# Guest 2
auto vlan117
iface vlan117 inet manual
vlan_raw_device eth1

allow-hotplug br116
allow-hotplug br117

# Guest 1
auto br116
iface br116 inet manual
bridge_ports vlan116
bridge_stp off

# Guest 2
auto br117
iface br117 inet manual
bridge_ports vlan117
bridge_stp off

Best Answer

As far as I understand Debian network configuration infrastructure, using brX.YYY should not work as it would create a VLAN pseudo interface "above" the bridge, for which support has just begun being added to the kernel: https://lwn.net/Articles/513710/

Here is the kind of config I use:

# Bring up physical interface
iface eth0 inet manual

# Create VLAN interfaces
iface eth0.10 inet manual
         vlan_raw_device eth0

iface eth0.20 inet manual
...

# Create bridges
auto vmbr10
iface vmbr10 inet static
        address  10.10.10.81
        netmask  255.255.255.0
        #gateway  10.10.10.254
        bridge_ports eth0.10
        bridge_stp off
        bridge_fd 0

auto vmbr20
iface vmbr20 inet static
        address  10.10.20.81
...

If you want to use agregated/bonded interfaces:

  • bond the physical interfaces
  • create the VLAN interfaces on the bondX interface (bondX.YYY)
  • use the bondX.YYY as bridge_ports
Related Topic