Configuring vlans
VLAN stands for Virtual Local Area Network, it's used to create separate networks in software, even if they are not in hardware.
The way that VLAN works is they assign each port with a tag, or id. You can think of it as a color that a port has. Later, on switches they can decide where packets go based on their color (tag). for example only "red" ports can see "red" packets.
Introduction
A LAN is a group of network devices connected together, you can create a LAN by connecting them all to a hub or switch. the difference between these two is, a hub sends messages to all connected devices, but switch just sends them to destination specified in the packet.
┌────────────────────┐ ┌────────────────────┐
│ │ │ │
│ │ │ │
│ │ │ │
│ Hub │ │ Switch │
│ │ │ │
│ │ │ │
│ │ │ │
│ │ │ │
└──┬───┬───┬───┬───▲─┘ └──┬───┬───┬───┬───▲─┘
│ │ │ │ │ │ │ │ │ │
│ │ │ │ │ Incoming x x x │ │ Incoming
│ │ │ │ │ (ingress) │ │ (ingress)
▼ ▼ ▼ ▼ │ Outcoming ▼ │
└──────────────┘ (egress)
Outcoming
(egress)
While in a switch packets are not shared between anyone other than source and destination, you still can "see" the devices, and thus send packets to them provided you have their address.
consider the following senario, we have two networking "groups", oranges and apples. they must be disconnected. one way to do it is to use seperate switches for each group, like the following:
____
____ /___/|
/___/| | ||
| || ┌───────────┐ | = ||
| = || │ │ ┌──►| ||
| ||◄───► Switch2 │ │ |___|/
|___|/ │ apples │ │
____ │ │ ┌────▼──────┐ ____
/___/| └─────▲─────┘ │ │ /___/|
| || │ │ Switch1 ◄────────►| ||
| = ||◄─────────┘ │ oranges │ | = ||
| || │ │ | ||
|___|/ └───────────┘ |___|/
However, physically seperating LANs is always not d, due to lack physical space, and hardware costs. so often we end up everyone under the same switch.
____ ┐
/___/| │ Apples
| || │
____ | = || │
┌ /___/| ┌────────►| || │
│ | || ┌──────▼────┐ |___|/ │
Oranges │ | = || │ │ │
│ | ||◄───► Switch │ ____ │
│ |___|/ │ │ /___/| │
│ ____ │ ◄───►| || │
│ /___/| └─────▲─────┘ | = || │
│ | || │ | || │
│ | = ||◄─────────┘ |___|/ ┘
│ | ||
│ |___|/
└
But this isn't what we wanted, now oranges and apples can see each other... that's where VLAN can help us, by virtually creating LANs, even if these are under the same switch:
____ ┐
/___/| │ Apples
| || │
____ | = || │
┌ /___/| ┌────────►| || │
│ | || ┌──┬───▼────┐ |___|/ │
Oranges │ | = || │ │ VLAN │ │
│ | ||◄───► │ #2 │ ____ │
│ |___|/ │ └──────┐ │ /___/| │
│ ____ │ VLAN #1 │ ◄───►| || │
│ /___/| └─────▲───┴─┘ | = || │
│ | || │ | || │
│ | = ||◄─────────┘ |___|/ ┘
│ | ||
│ |___|/
└
Configuration
To tag a packet with virtual network identifier:
# cat /etc/hostname.if0 up # cat /etc/hostname.vlan0 vnetid 100 parent if0 inet 10.0.5.2 0xffffff00 up
Replace if0 with the interface, such as vio0 for virtio(4).