Recent Changes - Search:
Vlan /

Configure VLANs inside VMM

vlan(4) allows us to create virtual LANs. Packets sent on vlans are tagged with a virtual network identifier. A simple vlan(4) setup can be configured for virtual machines run inside vmm.

NAT

We are going to use the 10.0.0.0/8 reserved IP address space and network address translation.

In the hypervisor, we add this line inside /etc/pf.conf: 

match out on egress from !(egress:network) to any nat-to (egress:0)

We configure the proper interfaces: 

host# cat /etc/hostname.veb0
link0
add vport0
host# cat /etc/hostname.vport0
link0
up
host # cat /etc/hostname.vlan0
parent vport0 vnetid 100
up
!ifconfig vlan0 inet 10.0.5.1/24
host# cat /etc/vm.conf
socket owner :vmdusers

switch "switch0" {
    locked lladdr
    interface veb0
}

bsdiso="/home/iso/install75.iso"

vm "$USER" {
    owner $USER
    memory 2G
    cdrom $bsdiso
    disk /home/$USER/$USER.qcow2 format qcow2
    interface tap0 {
        locked lladdr aa:bb:cc:dd:ee:01
        switch "switch0"
    }
}

Then, in the virtual machine: 

guest# cat /etc/hostname.vio0
up
guest# cat /etc/hostname.vlan0
parent vio0 vnetid 100
up
!ifconfig vlan0 inet 10.0.5.2/24
guest# cat /etc/mygate
10.0.5.1

We can confirm that packets are flowing properly by running ping inside the virtual machine: 

guest# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=113 time=7.372 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=113 time=7.201 ms

Then, on the host, run tcpdump: 

# tcpdump -ne -i veb0
tcpdump: listening on veb0, link-type EN10MB
14:04:42.749350 e8:8b:27:7b:7a:02 fe:e1:ba:d0:52:dc 8100 102: 802.1Q vid 100 pri 3 10.0.5.2 > 8.8.8.8: icmp: echo request
14:04:42.756052 fe:e1:ba:d0:52:dc e8:8b:27:7b:7a:02 8100 102: 802.1Q vid 100 pri 3 8.8.8.8 > 10.0.5.2: icmp: echo reply [tos 0x48]
14:04:43.749239 e8:8b:27:7b:7a:02 fe:e1:ba:d0:52:dc 8100 102: 802.1Q vid 100 pri 3 10.0.5.2 > 8.8.8.8: icmp: echo request
14:04:43.755954 fe:e1:ba:d0:52:dc e8:8b:27:7b:7a:02 8100 102: 802.1Q vid 100 pri 3 8.8.8.8 > 10.0.5.2: icmp: echo reply [tos 0x48]

As we can see, the packets are properly tagged using 802.1Q with vid 100.