Skip to content

Commit

Permalink
Add example for VLAN sub-interfaces
Browse files Browse the repository at this point in the history 
The example demonstrates the use case of VLANs separating application
traffic from management traffic while still utilizing the underlying
Ethernet port for untagged traffic. This scenario is not addressed
in the vlans-and-lags example.

Signed-off-by: Milan Lenco <[email protected]>
  • Loading branch information
@milan-zededa @uncleDecart
milan-zededa authored and uncleDecart committed Dec 5, 2024
1 parent 9b0d3c9 commit a4a6ce7
Show file tree
Hide file tree
Showing 6 changed files with 529 additions and 27 deletions.
2 changes: 1 addition & 1 deletion pkg/defaults/defaults.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ const (
DefaultRegistryPort = 5050

//tags, versions, repos
DefaultEVETag = "13.3.0" // DefaultEVETag tag for EVE image
DefaultEVETag = "13.7.0" // DefaultEVETag tag for EVE image
DefaultAdamTag = "0.0.57"
DefaultRedisTag = "7"
DefaultRegistryTag = "2.7"
Expand Down
103 changes: 103 additions & 0 deletions sdn/examples/vlan-subinterfaces/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
# SDN Example with VLAN sub-interfaces

VLANs enable the segmentation of a physical network into multiple logical networks,
allowing for better traffic control, security, and resource optimization.
On EVE, the use of VLANs helps isolate the management traffic from application traffic
or even to split applications and their traffic into different logical networks.
This allows the external networks to give preferential treatment and apply different
policies as per their requirements.

VLAN configurations supported by EVE:

1. VLAN filtering for switch network instances
2. VLAN sub-interfaces over physical NICs used for management traffic or for Local NIs
3. VLAN sub-interfaces over LAGs used for management traffic or for Local NIs

In this example, we focus on the second use-case, where VLANs are used to separate management
traffic from the application traffic routed via Local network instances.

Network topology diagram:

```text
+-----+ +----------------+
| EVE |--| VLAN 10 (mgmt) |-----
+-----+ +----------------+ |
|
+------+ +--------------+ +---------+ +------+
| app1 |--| NI1 (local) |--| VLAN 20 |--| eth0 |
+------+ +--------------+ +---------+ +------+
|
+------+ +--------------+ |
| app2 |--| NI2 (local) |---<untagged>-----
+------+ +--------------+
```

Deploy example with:

```shell
make clean && make build-tests
./eden config add default
./eden config set default --key sdn.disable --value false
./eden setup --eve-bootstrap-file $(pwd)/sdn/examples/vlan-subinterfaces/device-config.json
./eden start --sdn-network-model $(pwd)/sdn/examples/vlan-subinterfaces/network-model.json
./eden eve onboard
./eden controller edge-node set-config --file $(pwd)/sdn/examples/vlan-subinterfaces/device-config.json
```

Note that VLAN IP subnets are `172.22.<VLAN-ID>.0/24`. EVE will therefore use IP address from
the subnet `172.22.10.0/24` to access the controller. Network traffic from `app1` will be NATed
to an IP address from `172.22.20.0/24` before it leaves the edge node.
`app2` will be using the underlying `eth0` interface instead of a VLAN sub-interface to access
the untagged portion of the network with subnet `192.168.77.0/24`.

Once deployed, check DHCP-assigned IPs:

```shell
./eden eve ssh
$ ifconfig vlan10
vlan10 Link encap:Ethernet HWaddr 02:FE:22:1A:87:00
inet addr:172.22.10.13 Bcast:172.22.10.255 Mask:255.255.255.0
...

$ ifconfig vlan20
vlan20 Link encap:Ethernet HWaddr 02:FE:22:1A:87:00
inet addr:172.22.20.13 Bcast:172.22.20.255 Mask:255.255.255.0

$ ifconfig eth0
eth0 Link encap:Ethernet HWaddr 02:FE:22:1A:87:00
inet addr:192.168.77.13 Bcast:192.168.77.255 Mask:255.255.255.0
...
```

Check that `app1` can access HTTP server deployed for VLAN 20 (`httpserver-20.sdn`),
but not HTTP server deployed for VLAN 10 (`httpserver-10.sdn`) or for the untagged
network (`httpserver-untagged.sdn`):

```shell
./eden eve ssh
CONSOLE="$(eve list-app-consoles | grep cee082fd-3a43-4599-bbd3-8216ffa8652d | grep CONTAINER | awk '{print $4}')"
eve attach-app-console "$CONSOLE"

app1$ curl httpserver-20.sdn/helloworld
Hello world from HTTP server for VLAN 20
app1$ curl httpserver-10.sdn/helloworld
curl: (7) Failed to connect to httpserver-10.sdn port 80 after 44 ms: Couldn't connect to server
app1$ curl httpserver-untagged.sdn/helloworld
curl: (7) Failed to connect to httpserver-untagged.sdn port 80 after 48 ms: Couldn't connect to server
```

Check that `app2` can access HTTP server deployed for the untagged network (`httpserver-untagged.sdn`),
but not HTTP server deployed for VLAN 10 (`httpserver-10.sdn`) or for VLAN 20 (`httpserver-20.sdn`):

```shell
./eden eve ssh
CONSOLE="$(eve list-app-consoles | grep 45ff198d-b295-4ff2-bf69-76977af809fd | grep CONTAINER | awk '{print $4}')"
eve attach-app-console "$CONSOLE"

app2$ curl httpserver-untagged.sdn/helloworld
Hello world from HTTP server for untagged network
app1$ curl httpserver-10.sdn/helloworld
curl: (7) Failed to connect to httpserver-10.sdn port 80 after 47 ms: Couldn't connect to server
app1$ curl httpserver-20.sdn/helloworld
curl: (7) Failed to connect to httpserver-20.sdn port 80 after 47 ms: Couldn't connect to server
```
269 changes: 269 additions & 0 deletions sdn/examples/vlan-subinterfaces/device-config.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,269 @@
{
"deviceIoList": [
{
"ptype": 1,
"phylabel": "eth0",
"phyaddrs": {
"Ifname": "eth0"
},
"logicallabel": "ethernet0",
"assigngrp": "eth0",
"usage": 1
}
],
"vlans": [
{
"logicallabel": "mgmt-vlan",
"interfaceName": "vlan10",
"lowerLayerName": "ethernet0",
"vlanId": 10
},
{
"logicallabel": "app-vlan",
"interfaceName": "vlan20",
"lowerLayerName": "ethernet0",
"vlanId": 20
}
],
"networks": [
{
"id": "6605d17b-3273-4108-8e6e-4965441ebe01",
"type": 4,
"ip": {
"dhcp": 4
}
},
{
"id": "b970ac70-2ef7-4c6b-8bb8-ff8626321313",
"type": 4,
"ip": {
"dhcp": 2
}
}
],
"systemAdapterList": [
{
"name": "mgmt-vlan",
"uplink": true,
"networkUUID": "6605d17b-3273-4108-8e6e-4965441ebe01"
},
{
"name": "app-vlan",
"networkUUID": "6605d17b-3273-4108-8e6e-4965441ebe01"
},
{
"name": "ethernet0",
"networkUUID": "6605d17b-3273-4108-8e6e-4965441ebe01"
}
],
"networkInstances": [
{
"uuidandversion": {
"uuid": "9ca83da9-94e8-48b4-9ae8-3f188c5c694a",
"version": "1"
},
"displayname": "ni1",
"instType": 2,
"activate": true,
"port": {
"type": 1,
"name": "app-vlan"
},
"ipType": 1,
"ip": {
"subnet": "10.50.10.0/24",
"gateway": "10.50.10.1",
"dns": [
"10.50.10.1"
],
"dhcpRange": {
"start": "10.50.10.2",
"end": "10.50.10.254"
}
}
},
{
"uuidandversion": {
"uuid": "0125b9fa-9054-446d-9e9a-1b99175d24a7",
"version": "1"
},
"displayname": "ni2",
"instType": 2,
"activate": true,
"port": {
"type": 1,
"name": "ethernet0"
},
"ipType": 1,
"ip": {
"subnet": "10.50.77.0/24",
"gateway": "10.50.77.1",
"dns": [
"10.50.77.1"
],
"dhcpRange": {
"start": "10.50.77.2",
"end": "10.50.77.254"
}
}
}
],
"apps": [
{
"uuidandversion": {
"uuid": "cee082fd-3a43-4599-bbd3-8216ffa8652d",
"version": "1"
},
"displayname": "app1",
"fixedresources": {
"memory": 512000,
"maxmem": 512000,
"vcpus": 1,
"virtualizationMode": 1
},
"drives": [
{
"image": {
"uuidandversion": {
"uuid": "398710ca-bf4f-46b0-b012-0d4e32214ba4",
"version": "1"
},
"name": "lfedge/eden-eclient:8a279cd",
"iformat": 8,
"dsId": "f204830d-cce1-4316-aa5e-3e8567cd09a9"
}
}
],
"activate": true,
"interfaces": [
{
"name": "eth0",
"networkId": "9ca83da9-94e8-48b4-9ae8-3f188c5c694a",
"acls": [
{
"matches": [
{
"type": "ip",
"value": "0.0.0.0/0"
}
],
"id": 1
}
]
}
],
"volumeRefList": [
{
"uuid": "d8fe3e53-cc6c-4cee-8562-b406a1a8ada7",
"mount_dir": "/"
}
]
},
{
"uuidandversion": {
"uuid": "45ff198d-b295-4ff2-bf69-76977af809fd",
"version": "1"
},
"displayname": "app2",
"fixedresources": {
"memory": 512000,
"maxmem": 512000,
"vcpus": 1,
"virtualizationMode": 1
},
"drives": [
{
"image": {
"uuidandversion": {
"uuid": "3eec1356-a469-43e3-80e2-67467d06deaf",
"version": "1"
},
"name": "lfedge/eden-eclient:8a279cd",
"iformat": 8,
"dsId": "f204830d-cce1-4316-aa5e-3e8567cd09a9"
}
}
],
"activate": true,
"interfaces": [
{
"name": "eth0",
"networkId": "0125b9fa-9054-446d-9e9a-1b99175d24a7",
"acls": [
{
"matches": [
{
"type": "ip",
"value": "0.0.0.0/0"
}
],
"id": 1
}
]
}
],
"volumeRefList": [
{
"uuid": "cee944a3-ae6f-4887-9d8d-adcc0ed02370",
"mount_dir": "/"
}
]
}
],
"volumes": [
{
"uuid": "d8fe3e53-cc6c-4cee-8562-b406a1a8ada7",
"origin": {
"type": 2,
"downloadContentTreeID": "63d3b01f-f44f-4007-ba33-6e720bd52992"
},
"displayName": "app1-volume"
},
{
"uuid": "cee944a3-ae6f-4887-9d8d-adcc0ed02370",
"origin": {
"type": 2,
"downloadContentTreeID": "63d3b01f-f44f-4007-ba33-6e720bd52992"
},
"displayName": "app2-volume"
}
],
"contentInfo": [
{
"uuid": "63d3b01f-f44f-4007-ba33-6e720bd52992",
"dsId": "f204830d-cce1-4316-aa5e-3e8567cd09a9",
"URL": "lfedge/eden-eclient:8a279cd",
"iformat": 8,
"displayName": "eden-eclient"
}
],
"datastores": [
{
"id": "f204830d-cce1-4316-aa5e-3e8567cd09a9",
"dType": 5,
"fqdn": "docker://index.docker.io"
}
],
"configItems": [
{
"key": "newlog.allow.fastupload",
"value": "true"
},
{
"key": "timer.config.interval",
"value": "10"
},
{
"key": "timer.download.retry",
"value": "60"
},
{
"key": "debug.default.loglevel",
"value": "debug"
},
{
"key": "debug.disable.dhcp.all-ones.netmask",
"value": "false"
}
]
}
Loading

0 comments on commit a4a6ce7

Please sign in to comment.