Sunday, February 18, 2018

isolate vm using vlan with openvswitch

**** information
 vm1 connect to tap0 using vlan 100
vm2 connect to tap1 using vlan 101

1- create br0
$ sudo ovs-vsctl add-br br0

2- create tap devices

$ sudo tunctl
$ sudo tunctl

3- add tap0 and tap1 with vlan tag
$ sudo ovs-vsctl add-port br0 tap0 tag=100
$ sudo ovs-vsctl add-port br0 tap1 tag=101

4- run vm using tap device

$ sudo qemu-system-x86_64  -m 1024 -enable-kvm  -hda /home/vm1.qcow2 -net nic,macaddr=DE:AD:B0:EF:E0:01 -net tap,ifname=tap0 

$ sudo qemu-system-x86_64  -m 1024 -enable-kvm  -hdc /home/vm2.qcow2 -net nic,macaddr=DE:AD:B0:EF:E0:02 -net tap,ifname=tap1 

 5- if we to make the two vm able to reach each other, we need to create vlan0 on br0 and assign vlan

 $ sudo modprobe 8021q
$ vconfig add br0 100
$ sudo ifconfig br0.100

$ vconfig add br0 101
$ sudo ifconfig br0.101

then add ip_forwarding
$ sudo sysctl -w net.ipv4.ip_forward=1

