Shulou(Shulou.com)06/01 Report--

This article introduces how to achieve VLAN in Linux. The content is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

LAN stands for Local Area Network, the local local area network, and usually uses Hub and Switch to connect to computers in LAN.

Generally speaking, when two computers are connected to the same Hub or Switch, they are in the same LAN.

A LAN represents a broadcast domain. It means that all members of the LAN will receive a broadcast packet from any one of the members.

VLAN stands for Virtual LAN. A switch with VLAN function can divide its own port into multiple LAN.

Broadcast packets sent by computers can be received by other computers in the same LAN, but not by computers located in other LAN. Simply put, VLAN divides a switch into multiple switches, limits the range of broadcasts, and isolates computers into different VLAN at layer 2.

For example, there are two sets of machines, Group An and B.

We want to configure machines in Group A to access each other, and machines in Group B to access each other, but machines in An and B cannot access each other.

One way is to use two switches, An and B each connected to one switch. Another method is to use a switch with VLAN function to put the machines of An and B in different VLAN.

Note that the isolation of VLAN is the isolation of layer 2, and the inability of An and B to access each other means that layer 2 broadcast packets (such as arp) cannot cross the boundaries of VLAN.

But on the third layer (such as IP), An and B can be interconnected through a router. Conceptually, it must be clearly defined.

Nowadays, almost all switches support VLAN. There are usually two configuration modes for the port of a switch: Access and Trunk.

Access port

These ports are labeled VLAN, indicating which VLAN the port belongs to. Different VLAN are distinguished by VLAN ID, and the range of VLAN ID is 1-4096. The Access port is directly connected to the computer network card, so the data packets from the network card are labeled as the VLAN when they flow into the Access port. Access ports can only belong to one VLAN.

Trunk port

Suppose there are two switches An and B. There are VLAN1 (red), VLAN2 (yellow), VLAN3 (blue) on A, and VLAN1, 2, 3 on B. how can we communicate between the same VLAN on AB?

The solution is to connect An and B, and the ports connecting An and B should allow data from VLAN1, 2, and 3 VLAN to pass through.

Such a port is Trunk port. The packets of VLAN1, 2, and 3 always carry their own VLAN tags when they arrive at the other switch through the Trunk port.

Now that we understand the concept of VLAN, let's look at how VLAN is implemented in a KVM virtualized environment.

Eth0 is a physical network card on the host, with a sub-device named eth0.10 connected to it. Eth0.10 is a VLAN device, and its VLAN ID is VLAN 10. Eth0.10 is hung on the Linux Bridge named brvlan10, and the virtual network card vent0 of the virtual machine VM1 is also hung on the brvlan10.

The effect of this configuration is that the host implements a switch (virtual, of course) with a VLAN10 defined above. Both eth0.10,brvlan10 and vnet0 are connected to the Access port of VLAN10 respectively. And eth0 is a Trunk port.

Packets sent by VM1 through vnet0 will be labeled VLAN10.

The function of eth0.10 is to define the function of VLAN10 brvlan10: other network devices on Bridge are automatically added to VLAN10.

Let's add another VLAN20.

So the virtual switch has two VLAN, VM1 and VM2 belong to VLAN10 and VLAN20 respectively. For the newly created virtual machine, you only need to put its virtual network card into the corresponding Bridge to control the VLAN to which it belongs.

VLAN devices always appear as mother-child relationship, and there is an one-to-many relationship between mother and child devices. A parent device (eth0) can have multiple child devices (eth0.10,eth0.20... While a child device has only one master device

On how to achieve Linux VLAN sharing here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.