Traditionally, using vlan interface in libvirt domain create a bridge for each vlan network. This complicates host’s network stack if VLANs are growing.
Linux bridge supports vlan-filtering that define one bridge only to manage multiple VLANs.
However, the libvirt guest domain configuration doesn’t support bridge VLAN configuration.
This project injects hooks script to libvirt and customize VLANs of network interface tap to bridge in libvirt guest domain.
The hook script use bridge utility. Enable setuid for bridge utility if perform user session (qemu:///session) provision:
sudo chmod u+s `which bridge`To install hook script:
# Make qemu.d/ directory to host hook script
sudo mkdir -p /etc/libvirt/hooks/qemu.d/
# Download script and store in qemu.d/ directory
curl -L https://github.com/eStreamSoftware/libvirt-hooks/raw/master/bridge-vlan.sh | sudo tee /etc/libvirt/hooks/qemu.d/bridge-vlan.sh
# Enable execution
sudo chmod +x /etc/libvirt/hooks/qemu.d/bridge-vlan.sh# Define a bridge
BR=bridge0
# Create a network bridge with vlan-filtering support
sudo nmcli con add type bridge \
bridge.vlan-filtering yes \
bridge.stp no \
ipv4.method disabled \
ipv6.method disabled \
ifname $BR con-name $BR|
Note
|
bridge supports bridge.vlan-default-pvid and bridge.vlans option too.
|
Attach a network interface to the bridge:
# Optional: Add a network interface as member to the bridge
DEV=enp2s0
sudo nmcli con add type bridge-slave connection.autoconnect yes bridge-port.vlans "2-4094" ifname $DEV master $BR
# Optional: Activate the connection (get new connection profile name from last execution)
sudo nmcli con up #bridge-slave-connectionTo add bridge device to libvirt guest domain:
virsh attach-interface $VM bridge $BR --model virtio --config