On Tue, Jun 11, 2024 at 09:25:31AM +0100, Zé Loff wrote:
> On Mon, Jun 10, 2024 at 12:11:45PM -0700, jrmu wrote:
> > How can I configure vmm to use vlans for virtual machines?  I saw
> > openbsd.amsterdam * use this, but I am not sure how to replicate it.
> > 
> > As I understand it, vmm creates a tap(4) interface for each virtual machine,
> > and all tap interfaces are then placed inside the switch defined in vm.conf,
> > which in my case is veb(4). To set up the virtual machines, would I want to
> > create a vlan(4) device for each virtual machine, and have the machine use
> > that? And then to add the vlan device onto the veb bridge?
> > 
> > * https://openbsd.amsterdam/setup.html
> > 
> > -- 
> > jrmu
> > IRCNow (https://ircnow.org)
> 
> TL,DR:  add the VLAN interface to the veb device configured in /etc/vm.conf
> 
> It depends a bit on the role you want your vmm host to play in that
> network.  Everything written below refers to the host, unless otherwise
> specified.
> 
> 
> The simplest setup is when the host plays no part in the VMs' networks,
> and all VLAN traffic will be sent upstream as-is (the host can still
> access the VMs services, but will do so via the upstream gateway).  In
> this scenario you will have a bunch of VLANs already configured
> upstream, and simply want each VMs traffic to be blindly forwarded
> between the VMs and the upstream network.
> 
> You'll need (1) a vmd switch for each VLAN, each defining a veb, (2) a
> vlan device for each VLAN, and (3) to add the VLAN devices to their
> respective vebs:
> 
> (1) A vmd switch for each VLAN:
> 
>     /etc/vm.conf:
>     switch "whatever1001" { interface veb1001 }
>     switch "whatever1002" { interface veb1002 }
>     ...
>     vm "blablaon1001" {
>       ...
>       interface {
>         switch "whatever1001"
>         <lladdr **:**:**:**:**:**>
>       }
>     }
>     vm "yaddayaddaon1002" {
>         switch "whatever1002"
>         <lladdr **:**:**:**:**:**>
>     }
> 
> You can do without the fixed lladdr.  I use them because I want fixed IP
> addresses and I have an upstream dhcpd managing that.
> 
> (2) VLAN interfaces on the host (change em0 to whatever is relevant in
> your case):
> 
>     /etc/hostname.vlan1001:
>     vnetid 1001 parent em0
>     up
> 
>     /etc/hostname.vlan1002:
>     vnetid 1002 parent em0
>     up
> 
> (3) Add the vlan interfaces to the vebs created by vmd:
> 
>     /etc/hostname.veb1001
>     description "blablablaon1001 uplink"
>     add vlan1001
>     up
> 
>     /etc/hostname.veb1002
>     description "yaddayaddaon1002 uplink"
>     add vlan1002
>     up
> 
> And that's it.
> 
> If you want the host to directly connect to the VMs, you can just create
> vport interfaces (with appropriate IP address) and add them to the vebs.  

Actually, this is not entirely correct.  If you are adding the vlan
interface to the veb, then there is no need for the vport, you can just
configure the vlan interface (IP address, etc).  The vmd host will then
be a part of the VLAN, so you get a "direct" route to the VM, if you
want to.

You _will_ need to add a vport to a veb if you want an isolated link
between the host and the VMs, but if that is the case you don't need
VLANs: just a different vport per veb.


-- 
 

Reply via email to