EtherChannel + 2 Vlans

Issues related to configuring your network
hrumster
Posts: 1
Joined: 2018/01/23 15:32:56

EtherChannel + 2 Vlans

Postby hrumster » 2018/01/23 16:05:42

Good day.

I have the question about route table and arp in 2 vlans.

So I have a 2 subnets
10.1.10.0/24 - 10 vlan with 10.1.10.1 gate
10.1.20.0/24 - 20 vlan with 10.1.20.1 gate

My config
/etc/sysconfig/network-scripts/ifcfg-eno1

Code: Select all

TYPE=Ethernet
NAME=eno1
UUID=049065dd-331f-4d37-9b2b-022cebf92489
DEVICE=eno1
ONBOOT=yes
MASTER=bond
SLAVE=yes
MASTER_UUID=c43e1dc5-2312-43b4-a969-c776a368f1d9


cat /etc/sysconfig/network-scripts/ifcfg-ens2

Code: Select all

TYPE=Ethernet
NAME=ens2
UUID=73cb0276-1e39-4a70-819d-e46c3d9b256c
DEVICE=ens2
ONBOOT=yes
MASTER=bond
SLAVE=yes
MASTER_UUID=c43e1dc5-2312-43b4-a969-c776a368f1d9


cat /etc/sysconfig/network-scripts/ifcfg-bond

Code: Select all

DEVICE=bond
BONDING_OPTS="resend_igmp=1 updelay=0 use_carrier=1 arp_all_targets=any miimon=100 lp_interval=1 min_links=0 downdelay=0 xmit_hash_policy=layer2 primary_reselect=always ad_actor_sys_prio=65535 fail_over_mac=none mode=802.3ad ad_user_port_key=0 lacp_rate=slow all_slaves_active=0 ad_select=stable num_unsol_na=1 num_grat_arp=1"
TYPE=Bond
BONDING_MASTER=yes
PROXY_METHOD=none
BROWSER_ONLY=no
IPV6INIT=no
NAME=bond
UUID=c43e1dc5-2312-43b4-a969-c776a368f1d9
ONBOOT=yes


cat /etc/sysconfig/network-scripts/ifcfg-vlan10

Code: Select all

VLAN=yes
TYPE=Vlan
DEVICE=vlan10
PHYSDEV=bond
VLAN_ID=10
REORDER_HDR=yes
GVRP=no
MVRP=no
PROXY_METHOD=none
BROWSER_ONLY=no
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
NAME=vlan10
ONBOOT=yes
BOOTPROTO=none
IPADDR=10.1.10.2
PREFIX=24
GATEWAY=10.1.10.1
DNS1=8.8.8.8

cat /etc/sysconfig/network-scripts/ifcfg-vlan20

Code: Select all

VLAN=yes
TYPE=Vlan
DEVICE=vlan10
PHYSDEV=bond
VLAN_ID=20
REORDER_HDR=yes
GVRP=no
MVRP=no
PROXY_METHOD=none
BROWSER_ONLY=no
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
NAME=vlan10
ONBOOT=yes
BOOTPROTO=none
IPADDR=10.1.20.2
PREFIX=24
GATEWAY=10.1.20.1
DNS1=8.8.8.8

And I have 4 requirements to forward traffic

1. trafic from 10.1.10.0/24 to 10.1.10.0/24 goes like directly connected with arp in the same vlan.
2 trafic from 10.1.10.0/24 to 10.1.20.0/24 goes to gate 10.1.10.1
3 trafic from 10.1.10.0/24 to any ( Internet ) goes to 10.1.10.1

and the same for 10.1.20.0/24

1. trafic from 10.1.20.0/24 to 10.1.20.0/24 goes like directly connected with arp in the same vlan.
2 trafic from 10.1.20.0/24 to 10.1.10.0/24 goes to gate 20.1.10.1
3 trafic from 10.1.20.0/24 to any ( Internet ) goes to 10.1.20.1

And main thing is traffic from vlan 10 do not see trafic from 20 vlan.

At the moment traffic from 10.1.10.x goes to 10.1.20.x inside my host.
I was try to set routes like
sudo ip route add default via 10.1.10.1 dev bond0.10 table 10
sudo ip route add default via 10.1.20.1 dev bond0.20 table 20

sudo ip rule add from 10.1.20.0/24 to 10.1.20.0/24 table local
sudo ip rule add from 10.1.10.0/24 to 10.1.10.0/24 table local

sudo ip rule del from 10.1.10.0/24 table 10 priority 33000
sudo ip rule del from 10.1.20.0/24 table 20 priority 33001

tfraffic stop go to my PC with 10.1.10.30 with 10 vlan subnet and traffic from 10 vlan still can pind trafic from 20 vlan ( inside the host ). I mean traffic do not come to gate.

If I create a bridge on vlan 20, detete IP from vlan20 and set IP on bridge - all the same. I create a KVM or another virtual machine or Docker with this bridge and Virtual machine use default route from host:
ip route
default via 10.1.10.1 dev vlan10 proto static metric 400
default via 10.1.20.1 dev vlan20 proto static metric 425
10.1.10.0/24 dev vlan10 proto kernel scope link src 10.1.10.2 metric 400
10.1.20.0/24 dev vlan20 proto kernel scope link src 10.1.20.2 metric 425

Vitrual machine take route with best metric and traffic from 20 vlan goes to gate of 10 Vlan.

What should I do to make it work as I want ? I've spent 3 days with testing different bridge and virt. machine, but it make no scese. (

p.s. I can make a scheme if my explaining is bad.