:: Re: [DNG] VLAN interfaces over Bond…
Top Page
Delete this message
Reply to this message
Author: Ralph Ronnquist
Date:  
To: dng
Subject: Re: [DNG] VLAN interfaces over Bond interfaces
I don't think "vconfig" brings up the interfaces, so you might need to
tell udev to do that when they are added:

allow-hotplug bond1.1
allow-hotplug bond1.10
allow-hotplug bond1.99

or if you prefer, by adding explicit "post-up ifup bond1.1" phrases instead.

Ralph.

Mike Tubby wrote on 3/9/19 9:34 am:
> I have an application that needs both VLANs and bonding at the same time
> and I'm having trouble getting it to work.
>
> System is Dell R610 and Devuan 2.0 ("ASCII").  The machine is operating
> as a firewall and has duplicated Ethernet on the outside and inside.
> Duplication is for resilience, not performance.
>
> The bonding driver works fine on the outside and works fine on the
> inside for a single, non-VLAN, network - however my problem is that I
> need to implement the legacy inside network on VLAN 1, a new internal
> network on VLAN 10 and a guest network on VLAN 99, hence I need "VLAN
> over bonding".
>
> I have a similar setup at home where I just have straight Ethernet
> interfaces (no bonding) and the VLANs work fine on eth1.1, eth1.145,
> eth1.99 etc.
>
> I have module '8021q' loaded and package 'vlan' installed (to get
> 'vconfig' executable).
>
> Interface bond0 is the 'outside' and doesn't use VLAN and is fine.
>
> Interface bond1 is the 'inside' and needs to be brought up without any
> untagged IP and three VLAN interfaces are needed:
>
>     bond1.1    for legacy 192.168.1.0/24 traffic
>     bond1.10    for new 10.10.0.0/16 traffic
>     bond1.99    for secure guest traffic on 192.168.99.0/24
>
> I have tried various incantations of configs in /etc/network/interfaces
> and don't seem to be able to get the VLAN over Bond to work.  I have
> tried with and without hints like "vlan-raw-device bond1" and
> with/without explicit 'vconfig' entries to try to force configuration of
> the VLANs and just about every combination seen on StackExchange etc.
>
> With /etc/network/interfaces as shown (below) the system boots, doesn't
> output any errors, bond1 comes up with no IPv4 address, and only an
> FE80:: link-local IPv6 address.
>
> Doing:
>
>     cat /proc/net/vlan/status
>
> shows that no VLANs are configured.
>
>
> Am I missing something or are the network startup scripts not able to
> configure VLAN over Bond?  They work just fine for VLAN over plain Eth?
>
>
> Mike
>
> PS. IP addresses redacted/changed to protect the innocent.
>
>
>
> #
> # Loopback
> #
> auto lo
> iface lo inet loopback
>
> #
> # Outside (Internet)
> #
> auto bond0
> iface bond0 inet static
>         address 195.xx.yy.2
>         netmask 255.255.255.192
>         gateway 195.xx.yy.1
>         bond-mode 1
>         bond-miimon 100
>         bond-slaves eth0 eth1
>         bond-primary eth0
>
> iface bond0 inet6 static
>         pre-up modprobe ipv6
>         address 2999:2222:1999::2
>         netmask 64
>         gateway 2999:2222:1999::1
>
> #
> # Inside bonding interface
> #
> auto bond1
> iface bond1 inet manual
>         pre-up modprobe 8021q
>         post-up vconfig add bond1 1
>         post-up vconfig add bond1 10
>         post-up vconfig add bond1 99
>         bond-mode 1
>         bond-miimon 100
>         bond-slaves eth2 eth3
>         bond-primary eth2
>
> #
> # Inside VLAN1 - Legacy 192.168.1.0/24
> #
> iface bond1.1 inet static
>         address 192.168.1.1
>         netmask 255.255.255.0
>         vlan-raw-device bond1
>
> iface bond1.1 inet6 static
>         pre-up modprobe ipv6
>         address 2999:2222:1999:8000::1
>         netmask 64
>         vlan-raw-device bond1
>
> #
> # Inside new VLAN10 - 10.10.0.0/16
> #
> iface bond1.10 inet static
>         address 10.10.0.1
>         netmask 255.255.0.0
>         vlan-raw-device bond1
>
> iface bond1.10 inet6 static
>         pre-up modprobe ipv6
>         address 2999:2222:1999:8010::1
>         netmask 64
>         vlan-raw-device bond1
>
> #
> # VLAN99 - Insecure/Guest use
> #
> iface bond1.99 inet static
>         address 192.168.99.1
>         netmask 255.255.255.0
>         vlan-raw-device bond1
>
> iface bond1.99 inet6 static
>         pre-up modprobe ipv6
>         address 2999:2222:1999:9900::1
>         netmask 64
>         vlan-raw-device bond1
>
>
>
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng