Skip to content

Commit

Permalink
update docs
Browse files Browse the repository at this point in the history 
Also disable support for dual nic for now
  • Loading branch information
@muhamadazmy
muhamadazmy committed Oct 18, 2023
1 parent 5948c2f commit 41a3cc8
Show file tree
Hide file tree
Showing 4 changed files with 93 additions and 2 deletions.
4 changes: 4 additions & 0 deletions docs/internals/boot.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,7 @@ both `node-ready` and `boot` are not actual services, but instead they are there
- `zos-debug`: means zos is running in debug mode
- `zos-debug-vm`: forces zos to think it's running on a virtual machine. used mainly for development
- `disable-gpu`: if provided GPU feature will be disabled on that node
- `vlan:pub`: set the vlan tag of the node private subnet.
- `vlan:priv`: sets the vlan tag of the node public subnet.

For more details of `VLAN` support in zos please read more [here](network/vlans.md)
3 changes: 2 additions & 1 deletion docs/internals/network/readme.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,5 @@
- [definitions of the vocabulary used in the documentation](definitions.md)
- [Introduction to networkd, the network manager of 0-OS](introduction.md)
- [Detail about the wireguard mesh used to interconnect 0-OS nodes](mesh.md)
- [Documentation for farmer on how to setup the network of their farm](setup_farm_network.md)
- [Documentation for farmer on how to setup the network of their farm](setup_farm_network.md)
- [VLANS](vlans.md)
81 changes: 81 additions & 0 deletions docs/internals/network/vlans.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
# VLANS

ZOS support vlans by allowing the farmer to setup vlan for both private and public subnets.

By default zos uses untagged traffic for both priv and public subnets (for both single or dual nic nodes). In some data centers and cloud providers, they can only provide tagged subnets.

ZOS can then become VLAN aware by providing optional vlan tags during booting.

## Private VLAN

Setting up private vlan forces zos to tag all private traffic with the configured vlan tag. This is possible by providing the `vlan:priv` kernel command line parameter

> Example `vlan:priv=302` will tag all private traffic with VLAN id `302`
During boot, zos tries to find the first interface that has ipv4 (over dhcp) normally all interfaces are probed until one of them actually get an IP. If a vlan ID is set, the probing also happen on the proper vlan, then the private default bridge (called `zos`) is then setup correctly with the proper vlan

```
┌────────────────────────────────────┐
│ NODE │
│ │
vlan 302 ┌────┴──┐ │
───────────┤ Nic ├──────────┐ │
tagged └────┬──┘ │ │
│ ┌────┴─────┐ │
│ │ │ │
│ │ zos │ pvid 302 │
│ │ bridge ├──untagged │
│ │ │ │
│ │ │ │
│ └──────────┘ │
│ │
│ │
│ │
└────────────────────────────────────┘
```

## Public VLAN

> NOTE: Public VLAN in ZOS is **only** supported in a single nic setup. There is no support in dual nic yet
Setting up private vlan forces zos to tag all private traffic with the configured vlan tag. This is possible by providing the `vlan:pub` kernel command line parameter

> Example `vlan:pub=304` will tag all private traffic with VLAN id `304`
zos internally create a public bridge `br-pub` that can uses a detected ingress link (usually in dual nic setup) or shares
the same link as `zos` bridge by connecting to `br-pub` via a veth pair.

Single NIC setup

```
┌─────────────────────────────────────────────┐
│ │
304 tagged ┌────┴─────┐ │
───────────┤ NIC ├────────────┐ │
└────┬─────┘ │ │
│ │ │
│ ┌───────┴─────┐ │
│ │ │ │
│ │ zos │ │
│ │ bridge │ │
│ │ │ │
│ │ │ │
│ └───────┬─────┘ │
│ │ pvid 304 untagged │
│ │ │
│ │ │
│ ┌──────▼─────┐ │
│ │ │ │
│ │ br-pub │ │
│ │ bridge │ │
│ │ │ │
│ │ │ │
│ │ │ │
│ └────────────┘ │
│ │
└─────────────────────────────────────────────┘
```

## Dual NIC setup

Right now public vlans are not supported in case of dual nic setups. So in case public network is only available on the second nic then it will always be untagged traffic. This means the `vlan:pub` flag is silently ignored
7 changes: 6 additions & 1 deletion pkg/network/bridge/bridge.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"os"

"github.com/pkg/errors"
"github.com/rs/zerolog/log"
"github.com/threefoldtech/zos/pkg/network/ifaceutil"
"github.com/threefoldtech/zos/pkg/network/options"
"github.com/vishvananda/netlink"
Expand Down Expand Up @@ -103,7 +104,11 @@ func vethName(from, to string) string {
// a generated name
func Attach(link netlink.Link, bridge *netlink.Bridge, vlan *uint16, name ...string) error {
if link.Type() == "device" {
return attachNic(link, bridge, vlan)
if vlan != nil {
log.Warn().Msg("vlan is not supported in dual nic setup")
}

return attachNic(link, bridge, nil)
} else if link.Type() == "bridge" {
linkBr := link.(*netlink.Bridge)
n := vethName(link.Attrs().Name, bridge.Name)
Expand Down

0 comments on commit 41a3cc8

Please sign in to comment.