How to add VLAN network to KVM guest

Quick way to add network interface from specific VLAN to your  guest:

I prefer drawing than explaining, so below you can see how the situation looks like:

To allow Linux host to be aware of VLANs you have to enable 802.1Q tagged queuing.

This is most easily done with modprobe. So the command:

sbin/modprobe 8021q

should do the trick.

To verify if it’s working you can use the command:

$ lsmod | grep 8021q

8021q 21768 0

So now out Host is able to recognize VLANs

Next step is to add network interfaces bind to specific VLAN  in our host.

We have eth0 interface in our host and it needs to use tagged network traffic for VLAN ID 1,2,3.

  • eth0 – regular network interface
  • eth0.1 – virtual interface that use untagged frame from VLAN 1
  • eth0.2 – virtual interface that use untagged frame from VLAN 2
  • eth0.3– virtual interface that use untagged frame from VLAN 3

I will show how to configure eth0.1. We do this by editing conf file:

# vi /etc/sysconfig/network-scripts/ifcfg-eth0.1

In this file we write:

DEVICE=eth0.1

VLAN=yes

ONBOOT=yes

TYPE=Ethernet

Ok 30% done 🙂 Now we want to create a bridge interface that will allow us to bridge network VLAN1 to our guest.

We add bridge with:

brctl addbr br0

and associate with it VLAN1 network which is configured in eth0.1:

brctl addif br0 eth0.1

Now we edit the configuration file for our bridge:

# vi /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0

TYPE=Bridge

BOOTPROTO=none

ONBOOT=yes

DELAY=0

We add one line in our  eth0.1 config file to associate it to br0:

# vi /etc/sysconfig/network-scripts/ifcfg-eth0.1

and we add this line:

BRIDGE=br0

To apply changes in network configuration we have to restart network service using this command:

/etc/init.d/network restart

excellent! We configured VLAN1 on host machine!! Great Job! 🙂 Next step is the easiest we add additional network interface to our guest.

I prefer using Virt-manager for this type of action. Call me lame, but this is very convenient solution.

Virt-manager won’t make network configuration changes unless you restart him ( I mean close and open program not server ). Next:

     

  1. Double-click on guest
  2. Hardware tab
  3. Add hardware
  4. Network device
  5. Choose br0
  6.  

unfortunately it’s necessary to shutdown guest and start him to apply changes ( note it isn’t enough to reboot the guest, you have to shutdown him and then start). Using RHEL 6 or CENTOS 6 you can add hardware to virtual guests without shutting down.

Finally we have added VLAN1 to our guest who doesn’t even know how tough that was to please him 🙂 First post finished, probably tones of mistakes, so please point them and help me improve

Advertisements

13 thoughts on “How to add VLAN network to KVM guest

  1. Devon says:

    Thanks you really helped me on this one, I have been struggling on the VLAN/KVM issue.

    • milles21 says:

      Will I need to give the eth0.1, eth0.2, eth0.3 IP addresses or should only eth0 have a ip address.

      • henroo says:

        You can’t give eth0.x IP address. You need toset BOOTPROTO=none and ONBOOT= yes in every ifcfg-eth0.x file. If you want to give host IP address from some VLAN than you need do it in bridge config file

  2. awi says:

    Hi,
    and have much thanks for this short tutorial. It solved exactly the problem I had.

    I made a setup of a CentOS 6.2 Server with KVM virtualization on a root server and I built up KVM/Qemu based solutions many times before, but only in local network areas, where you’ve got the availability of NIC-Cards as much as need, even to connect physical systems to your virtual networks.
    But if want to have your private virtualized LAN on a root server in a data storage center and you’ve got only one physical NIC in your Server available (the other is reserved and used for maintenance LAN), you’ve got to workaround with ethernet based VLAN configurations, also many times used by apache IP based SSL configurations. I’ve configured everything before, the necessary virtual bridging, the VLAN-eth.x configurations, the only thing I failed, was to bring up the kernel to do VLAN-ing. And I googled a half day before I found your tutorial, and have seen so much complicated solutions, in most cases based on virtual bridged routing from vlan to vlan (often also with NAT).

    But in my opinion the virtualization system itself shouldn’t do any complicated network routing, even if you want to realize a virtual Firewall (in my case IPCop) to protect your virtual LAN and should be directly accessible from Internet. Finally I only can say have much thanks for this solution.

    nice greetings,
    awi

  3. Hussein says:

    Excellent article. I am going to try this soon. I am using pFsense virtual router and this method would require me to add the bridge and restart it everytime. Is there a simple way to do this per virtual machine? Preferably in virt-manager. I will keep reading in the mean time. Thanks!

  4. vk says:

    waiting for link-up on net0 ok
    DHCP ( net0 mac ) …….. connection timed out
    no more network devices

    tcpdump -i br0
    2:03:45.452081 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:54:00:d9:1d:74 (oui Unknown), length 387

  5. Raju says:

    May I know were you have specified the VLAN ID?

    • henroo says:

      VLAN ID is specified by the name of the file in /etc/sysconfig/network-scripts/ifcfg-interface.X
      Instead of “X” you put your VLANID and in the configuration file add line:
      VLAN=yes

      • Dan says:

        henroo – I am using br0 as bridge then have em1 and em2 interfaces
        all vlans configured on em2 like em2.620 em2.619 etc

        Interface :

        etwork-scripts]$ cat ifcfg-em2
        NM_CONTROLLED=”yes”
        HWADDR=”00:13:6d:d0:a1:33″
        BOOTPROTO=”static”
        DEVICE=”em2″
        ONBOOT=”yes”

        VLAN :
        network-scripts]$ cat ifcfg-em2.620
        VLAN=yes
        DEVICE=em2.620
        PHYSDEV=em2
        ONBOOT=yes
        BRIDGE=guest1-lan

        Bridge :

        network-scripts]$ cat ifcfg-guest1-lan
        DEVICE=guest1-lan
        TYPE=Bridge
        ONBOOT=yes
        BOOTPROTO=static
        DELAY=1

        VIRSH IFACE :

        iface-dumpxml guest-1-lan

        brctl show :

        network-scripts]$ brctl show
        bridge name bridge id STP enabled interfaces
        br0 8000.00237de0a132 no em1
        vnet0
        guest-1-lan 8000.00237de0a133 no em2.620
        vnet2
        virbr0 8000.525400b819cd yes virbr0-nic
        vnet1
        vnet3

        (should I see em2 somewhere above?)

        On Guest :

        I am using DHCP but I am not getting eth0 IPs

        Virt-Manager Gui for Guest

        NIC1 : default NAT (192.168.122.x)
        NIC2 : Specify Shared device Name
        Bride Name : guest-1-lan
        Device Mode ; virto

      • henroo says:

        Hi,
        Your bridge is visible from
        brctl show
        guest1-lan

        But change BOOTPROTO to “none” everywhere

        also disable Network Manager
        NM_CONTROLLED=”no”

        change DELAY to 0

        remove unnecessary lines like
        PHYSDEV

        Read again my post and change your config 🙂

  6. Dan says:

    hello,

    let me add these configuration were working and looks like I deleted something and it broke …. let me give you overview

    guest are backtrack and I am using libvirt BRODGE networking.

    1.. “default” NAT will give one NIC DHCP IP in range 192.168.122.x

    2. how would I get 192.168.0.2 on eth0 using DHCP via BRIDGE on backtrack guest ?

    do I need to define something in virt-mamager –> connection details –> Virtual Network Tab ???

    (as mentioned earlier something from GUI was deleted without knowledge so basically I am trying to repair the configs, where were working before)
    help me here to figure out that missing piece of puzzle

    let me know what more information you need/

    thanking you in advance

  7. Dan says:

    guest are defined on em2 like em2.600 em2.601 (where 600,601 are VLAN id)

    btctl show I have br0 vibr0 (192.168.122.0/24) vibr1 (vibr1 has 192.168.0.0/16)

    br0 bridge has em1 attached to it while em2 not attached to bridge

  8. baide says:

    Good, very good! Thank you!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s