Skip to main content

OLVM, KVM and VLAN tagging

 Introduction:


OLVM (Oracle Linux Virtualization Manager) is a server virtualization management platform based on oVirt. It allows administrators to manage virtual machines, storage, and networking. VLAN tagging is a networking technique used to segregate network traffic using 802.1Q tags.




Understanding VLAN Tagging in OLVM

When integrating VLANs in OLVM, the goal is to allow different virtual machines (VMs) or networks to coexist on the same physical interface, logically separated using VLAN IDs.

Key Concepts

  • Tagged VLAN: The network traffic carries a VLAN ID (802.1Q tag). Useful when a single physical NIC handles traffic for multiple VLANs.

  • Untagged VLAN: Default VLAN on a port that doesn’t tag outgoing traffic.

  • Logical Networks: In OLVM, a logical network is associated with a VLAN and mapped to a physical NIC or a bridge.

Steps to Configure VLAN Tagging in OLVM

1. Create Logical Networks

Go to the OLVM Admin Portal:

  • Navigate to Networks > Networks tab.

  • Click New to create a new logical network.

  • Specify:

    • Name (e.g., VLAN100)

    • Check VLAN tag and enter the VLAN ID (e.g., 100)

    • Optionally, assign it to a data center or cluster

2. Attach the Logical Network to a Host NIC

  • Go to Compute > Hosts.

  • Select a host, click Network Interfaces.

  • Click Setup Host Networks.

  • Drag the VLAN-tagged logical network (e.g., VLAN100) to the desired NIC.

  • OLVM will automatically create a VLAN sub-interface (e.g., eth0.100).

3. Configure Bridges (Optional)

If you're using bridged networking:

  • A bridge (e.g., ovirtmgmt) can be created on the VLAN sub-interface (eth0.100) so VMs can connect to that VLAN.

4. Assign VLAN Networks to VMs

  • When creating or editing a VM, attach a vNIC profile associated with the VLAN-tagged logical network.

  • This allows the VM to send/receive traffic on that VLAN.


Key Considerations for VLAN Tagging in KVM

  1. Host NIC Configuration

    • The physical NIC must be connected to a trunk port on the physical switch, allowing it to carry traffic for multiple VLANs.

    • Ensure the switch is correctly configured to support 802.1Q VLAN tagging.

  2. Bridge and VLAN Interface Setup

    • Use VLAN sub-interfaces (e.g., eth0.100 for VLAN 100) or configure VLANs directly on Linux bridges using tools like nmcli or ip.

    • Create separate bridges per VLAN if needed (e.g., br100 for VLAN 100), and attach VMs to the appropriate bridge.

  3. Libvirt Network Configuration

    • If using libvirt, define virtual networks with the appropriate bridge/VLAN interface.

    • Use <vlan> elements in the XML to explicitly tag traffic.

  4. Security

    • VLAN tagging provides logical separation, but it is not a substitute for full isolation—combine with firewalls, SELinux, or AppArmor.

    • Prevent VLAN hopping attacks by disallowing native VLANs or misconfigured trunk ports.

  5. Performance Impact

    • While VLAN tagging itself has minimal overhead, incorrect configuration (e.g., misaligned MTUs or improperly bridged interfaces) can degrade performance.

    • Monitor throughput and latency after setup.

  6. VM NIC Support

    • Ensure the VM’s virtual NIC model (e.g., virtio) and guest OS support VLANs if VMs need to perform internal VLAN tagging (e.g., in a nested setup).

  7. Consistency Across Hosts

    • For cluster environments (e.g., OLVM), ensure all hosts have consistent VLAN bridge and interface configurations to avoid migration or deployment issues.

  8. Naming and Documentation

    • Use clear naming conventions for VLAN interfaces and bridges (e.g., vlan200-br) to simplify maintenance and troubleshooting.

  9. Automation and Management Tools

    • Use automation tools (Ansible, scripts) or management platforms (OLVM, oVirt, Cockpit) to standardize VLAN setup and reduce human error.

Best Practices for KVM and VLAN Tagging

  • Use bonding for high availability if you’re using VLANs on production servers.

  • Ensure switch ports are set to trunk mode to pass VLAN-tagged traffic.

  • Avoid IP conflicts between VLANs.


Benefits of using KVM:

VLAN tagging provides several key benefits in a virtualized environment like Oracle Linux Virtualization Manager (OLVM). It allows network traffic from multiple VLANs to traverse a single physical network interface, improving hardware efficiency and reducing infrastructure costs. By logically segmenting traffic, VLAN tagging enhances network security and isolation—ensuring that sensitive data is kept separate from other traffic. It also improves network performance by reducing broadcast domains and enabling better traffic management. In virtual environments, VLAN tagging supports flexible and scalable network configurations, allowing administrators to assign different VLANs to virtual machines without the need for additional physical connections. This streamlines network design and supports more efficient use of resources.

Comments

Post a Comment

Popular posts from this blog

Disable Firewall on Oracle Linux 8

In this blogpost we will see how we can stop/disable the firewall on Oracle Linux 8, the firewall command is same in both linux 7 an linux 8. The below listed is the procedure for stopping and disabling the  firewall on Oracle Linux 8. - Here we can see the firewall deamon in active state - Here when we stop the firewall in previous command, now the firewall daemon is dead - For permanent disabling the firewall on server, we can use "disable" option The following commands will be helpful: #systemctl status firewalld #systemctl stop firewalld #systemctl disable firewalld #systemctl enable firewalld #systemctl start firewalld Hope it helps !! Thanks for reading :) regards, X A H E E R
3 comments
Read more

Enable Desktop on Oracle Solaris 11.4

Oracle Solaris 11 installation has multiple options to choose for installation of an Operating Environment, but mostly Oracle Solaris text install media is used and this installation media doesn't offer the GUI Desktop Environment by default after the installation. This blog post will explain how we can enable the desktop for Oracle Solaris 11.4 operating system, after the completion of installation. We have to install "solaris-desktop" package and reboot the machine and GUI desktop will be enabled for the Operating System. In this blog post my virtual machine is connected to the internet and hence I am able to use available pupblic repository for package installation, if in case internet is not available for the server/machine then we have configure the local/Server  repository for the installation. Follow the below steps for desktop package installation: After installation of dekstop package we are now able to login with GUI desktop environment...
1 comment
Read more

Oracle AVDF Installation and Setup Document

This blogpost will provide you detailed information about Oracle Audit Vault and Database Firewall (Oracle AVDF) setup. Oracle AVDF is a comprehensive Database Activity Monitoring (DAM) solution that integrates with native audit data. Environment Setup: [oracrp@ebs-dev2-db01 ~]$ mkdir -pv /oradb/oracle/avcli mkdir: created directory ‘/oradb/oracle/avcli’ [oracrp@ebs-dev2-db01 ~]$ mkdir -pv /oradb/oracle/avagent mkdir: created directory ‘/oradb/oracle/avagent’ [oracrp@ebs-dev2-db01 ~]$ - Add these variables to the environment file vi DEV2CDB.env # AVS export AVCLI_HOME="/oradb/oracle/avcli" export AV_HOME="/oradb/oracle/avagent" export PATH="$PATH:$AV_HOME/bin" Download the JAR files:   AVDF installation requires one network interface card on respective hosts. IP assigned to AV server NIC will communicate with target databases and IP assigned to DF server will connect to AV Download - Agent jar file:   Login to AV console as avadmin user   - Go t...
1 comment
Read more