Xen and VLANs
Overview
The default Xen scripts break when trying to bind VLAN sub-interfaces in dom0 to a domU. The default network-bridge script tries to do some trickery to rename the physical interface to a virtual interface before creating the bridge group and this rename unfortunately involves an interface down/up. This interface down causes the VLAN support in Linux to delete the whole subinterface and thus the "up" doesn't work. (One needs to use vconfig to bring up VLAN sub interfaces.)
DomU network interfaces are virtual interfaces (via netloop) which are then thrown into the requested bridge group. At this point it doesn't matter what the physical interface in the bridge group is - physical, vlan subif, whatever - it'll just wor.
I've written a few little scripts on mermaid to handle creating a bridge with a vlan subinterface under it. Xen can then create virtual interfaces for domU's in the bridge group.
/etc/xen/scripts/local-vlan-bridge
Takes the following parameters: [start|stop] [ethernet interface] [bridge number] For example: /etc/xen/scripts/local-vlan-bridge start eth0.7 xenbr0.7
This will create a bridge interface named "xenbr0.7" and place "eth0.7" into it. It won't try to do the IP address shifting magic that network-bridge will do.
/etc/xen/scripts/local-network-bridge
This just handles creating and destroying the bridge groups that Xen DomU's will use. Its called once by xend on startup and once on shutdown. All it does is call "network-bridge" (the default Xen script to create network bridges) for eth0 (which will work fine); then the local-vlan-bridge script on eth0.7 to create xenbr0.7 .
Vlan subinterfaces are simply enumerated in /etc/network/interfaces, just like any other vlan interface. These are created before xend starts.
Finally, you can use the named bridge in a vif= configuration parameter in the xen DomU config file. It defaults to "xenbr0". Mussel has the following line:
vif = [ 'mac=MAC:ADDRESS:FOR:MUSSEL, bridge=xenbr0', 'bridge=xenbr0.7' ]
eth0 is in xenbr0 with the above hard-coded MAC; eth1 is in xenbr0.7.
Troubleshooting
First, tcpdump the VLAN sub interface. Are you seeing general ethernet broadcast spaf? If not, make sure the vlan subinterface is up, the switch port is configured to carry tagged VLAN dot1q frames (a "trunk" switchport in Cisco documentation); the trunk type is dot1q, the relevant VLAN id is allowed, and the VLAN id is in the VLAN database if needed.
Secondly, the bridge interface needs to be -up-. "brctl show" shows the bridge groups; make sure the interfaces are in the right bridge groups. Then ifconfig the bridge interface and make sure its up. Finally, tcpdump the bridge interface and make sure its also seeing traffic.
Note the VLAN subinterface and bridge should -not- be seeing tagged VLAN packets!
Other than that, grab a book on basic Layer 2 / VLAN networking and read..
Example - Creating a new VLAN subinterface for Xens..
- Create VLAN sub interface in /etc/network/interfaces ; ifup it
- tcpdump your newly created vlan subinterface and make sure traffic is on the VLAN; troubleshoot above if you need to
- Add a line in /etc/xen/scripts/local-network-bridge, eg "$dir/local-vlan-bridge $command ethX.Y xenbrX.Y"
- restart xend? Or perhaps just run the vlan bridge script manually to create the bridge group.
- Profit!