Release Notes Linux VLAN Driver Version 1.8.0u 01/23/2004 Table of Contents ================= Introduction Packaging Kernel Source Code Setup Installing Source RPM Package VLAN Configuration (stand alone adapter) VLAN Configuration (teamed with Bonding) Startup Scripts & VLAN Automation Valid Values for VLAN ID Verification of VLAN Configuration Uninstall the RPM Limitations References Introduction ============ This package provides a driver module which implements the 802.1q VLAN tagging. 8021q.o is a module in 2.4 kernels and 8021q.ko is a module in 2.6 kernel. Packaging ========= The driver is released in the source RPM format. The file name for the package is vlan-.src.rpm and is dependent on the kernel source code. If you have not installed the kernel source code and/or setup the source tree on your Linux system, please see the "Kernel Source Code Setup" section below. Kernel Source Code Setup ======================== The driver requires the presence of the kernel source code and a configured kernel source tree before building the VLAN driver. NOTE: these steps should also be followed anytime you change from one kernel to another. For example, if you decide to update to the latest errata kernel you will need to reboot into the new kernel then setup the kernel source. The same applies too changing from an UP kernel to an SMP kernel - reboot into the new kernel and setup the kernel source. Red Hat installation: If the /usr/src/linux- directory does not exist install the kernel source code per Red Hat instructions. Once installed, follow the commands listed below to configure the kernel source to match the running kernel. # cd /usr/src/linux- # make mrproper # make -e KERNELRELEASE=`uname -r` oldconfig # make -e KERNELRELEASE=`uname -r` dep UnitedLinux 1.0 installation: If the /usr/src/linux- directory does not exist please install the kernel source code per UL 1.0 instructions. Once installed, please follow the commands listed below to setup the kernel source. # cd /usr/src/linux-.SuSE # cp /boot/vmlinuz.config .config # cp /boot/vmlinuz.version.h include/linux/version.h # cp /boot/vmlinuz.autoconf.h include/linux/autoconf.h # make oldconfig # make dep SuSE SLES 9 Installation: If the /usr/src/linux- directory does not exist, install the kernel source code per SuSE instructions. Once installed, follow the commands listed below to set up the kernel source tree. # cd /usr/src/linux- # make mrproper # make cloneconfig Installing Source RPM Package ============================= 1. Check for the existence of a current version of the vlan package as follows: # rpm -q vlan If an old version of the package exists the RPM package should be removed. # rpm -e vlan Then remove the loaded vlan module. # rmmod Verify that the old vlan package has been removed as follows: # rpm -q vlan 2. Install the RPM source package. # rpm -ivh vlan-.src.rpm 3. Change to the following directory and build the binary RPM for the VLAN driver. Red Hat Installation: # cd /usr/src/redhat # rpmbuild -bb SPECS/vlan.spec UnitedLinux 1.0 Installation: Note: On UnitedLinux 1.0 installations, the g++ compiler does not get installed by default. Since the vlan package depends on the g++ compiler, please install the gcc-c++- rpm package before building the vlan binary rpm package. # cd /usr/src/packages # rpm -bb SPECS/vlan.spec SuSE SLES 9 Installations: # cd /usr/src/packages # rpmbuild -bb SPECS/vlan.spec Note: If an error is encountered while building the driver or this directory doesn't exist, please refer to the "Kernel Source Code Setup" section of this document. 4. Install the new binary RPM package using the following command. Don't use the U (Upgrade) flag in the RPM command below - previous vlan drivers must be removed as described in step one above before installing this version. NOTE: To Preserve the current VLAN configuration (if applicable), the user is advised to backup the /etc/vlan.conf file before upgrading to the new package and restore the file after the upgrade finishes. Please refer to the section on "Startup Scripts & VLAN Automation" for more details. # rpm -ivh RPMS/i386/vlan-.i386.rpm --force The "force" rpm option is required since the VLAN driver is a part of the kernel rpm. 5. The VLAN driver can be configured with either stand alone adapters or with a team of adapters using the Bonding driver. Please refer to the "VLAN Configuration (stand alone adapter)" section for details on how to setup VLANs with a stand alone adapter. Please refer to the "VLAN configuration (teamed with Bonding driver)" section for details on how to setup VLANs in a teamed environment using the Bonding driver. VLAN Configuration (stand alone adapter) ======================================== A multiple VLAN configuration with one stand alone adapter is illustrated below. Server with the following configuration: -Supported Linux Distribution (Please see the "Supported Linux Distributions" section) -One HP NC7131 Gigabit Server Adapter Two clients with the following configuration: -Running Any Linux distribution -Each client with one HP NC7131 Gigabit Server Adapter Switch with VLAN capability -The following diagram illustrates the connectivity of the server and the clients to a VLAN capable switch __________ ___________________ | |eth0 (vlan=4000,4001) | Switch | | +------------------------------------+ port 1 | | | | (tagged 4001,4001)| | Server | | | | |eth1 | | | + + port 2 | |__________| | (unused) | __________ | | | |eth0 (untagged) | | | Client A +--------------------+ port 3 | |__________| | (untagged 4000) | | | __________ | | | |eth0 (untagged) | | | Client B +--------------------+ port 4 | |__________| | (untagged 4001) | |___________________| The above configuration is setup such that the server and client A belong to vlan 4000 and the server and client B belong to vlan 4001. The detailed configuration steps are as shown below. 1. Configure the server as shown below Issue the following commands on the server to create the VLANs. Load the network driver and bring up the interface. In this example configuration, the interface name is eth0. #ifconfig eth0 up Configure 2 VLANs on the eth0 interface using vconfig as follows (4000 and 4001 being the VLAN ID's) #vconfig add eth0 4000 #vconfig add eth0 4001 NOTE: if the module is not already loaded, the vconfig command ( when invoked first time ) will automatically load the module after showing the following warning message. WARNING: Could not open /proc/net/vlan/config. Maybe you need to load the 8021q module, or maybe you are not using PROCFS?? Bring up the VLAN interfaces as follows: #ifconfig eth0.4000 10.10.10.1 netmask 255.255.255.0 up #ifconfig eth0.4001 10.10.20.1 netmask 255.255.255.0 up Remove the IP Address information on the ethernet card as follows #ifconfig eth0 0.0.0.0 2. Configure the Clients as follows: Configure the IP Address on client A so that the client can only communicate with hosts configured on VLAN 4000 #ifconfig eth0 10.10.10.2 netmask 255.255.255.0 up Configure the IP Address on client B so that the client can only communicate with hosts configured on VLAN 4001 #ifconfig eth0 10.10.20.2 netmask 255.255.255.0 up 3. Switch Configuration Please refer to the documentation corresponding to your switch. In the example above, the connection from the server to the switch are "tagged" ports. The connection from the clients to the switch are "untagged" ports. Please refer to the section on "Valid Values for VLAN ID" for details on valid values for VLAN ID. VLAN Configuration (teamed using Bonding) ========================================= Server with the following configuration: Server with the following configuration: -Supported Linux Distribution (Please see the "Supported Linux Distributions" section) -One HP NC7131 Gigabit Server Adapter -One HP NC6770 Gigabit Server Adapter -Team both adapters with the Bonding driver (Please see the Bonding.txt file for more information) Two clients with the following configuration: -Running Any Linux distribution -One HP NC7131 Gigabit Server Adapter Switch with VLAN capability -The following diagram illustrates the connectivity of the server and the clients to a VLAN capable switch __________ ___________________ | |eth0 | Switch | | +------- ------+ port 1 | | | | Bond0 | | (tagged 10,20) | | Server | |====(vlan 10,20)=====| | | | |eth1 | | | | | +------- ------+ port 2 | |__________| | (tagged 10,20) | __________ | | | |eth0 (untagged) | | | Client A +--------------------+ port 3 | |__________| | (untagged 10) | | | __________ | | | |eth0 (untagged) | | | Client B +--------------------+ port 4 | |__________| | (untagged 20) | |___________________| The above configuration is setup such that the server (interfaces eth0 and eth1 teamed as bond0) is a member of both the VLANs 10 and 20. Client A is a member of VLAN 10 and client B is a member of VLAN 20. The detailed configuration steps are as shown below. Before proceding to the next step, please refer to the bonding.txt provided with the bonding rpm package and configure bonding as described in that document. It is assumed that the user has succesfully configured a team called bond0 on the server which teams two ethernet cards having interface names eth0 and eth1 (as shown by the above diagram). Note: VLAN's are not supported over teamed adapters if the bonding driver is using the "arp" feature for configuring teams in any of the modes. For more details on the parameters associated with arp, please refer to the bonding.txt 1. Configure the server as shown below Configure the bonding and ethernet devices to start without an associated IP address as follows: #ifconfig bond0 0.0.0.0 up #ifconfig eth0 0.0.0.0 up #ifconfig eth1 0.0.0.0 up Note: For SUSE distributions, once the network is teamed using bonding, Issue the following command: #ifenslave bond0 eth0 #ifenslave bond0 eth1 Configure 2 VLANs on the bonding interface using vconfig as follows: #vconfig add bond0 10 #vconfig add bond0 20 NOTE: if the module is not already loaded, then the vconfig command will load the module. Bring up the VLAN interfaces as follows: #ifconfig bond0.10 100.0.0.1 netmask 255.0.0.0 up #ifconfig bond0.20 101.0.0.1 netmask 255.0.0.0 up 2. Configure the Clients as shown below Configure the IP Address on client A so that the client can only communicate with hosts configured on VLAN 10 #ifconfig eth0 100.0.0.2 netmask 255.0.0.0 up Configure the IP Address on client B so that the client can only communicate with hosts configured on VLAN 20 #ifconfig eth0 101.0.0.2 netmask 255.0.0.0 up 3. Switch Configuration Please refer to the documentation corresponding to your switch. In the example above, the connection from the server to the switch are "tagged" ports. The connection from the clients to the switch are "untagged" ports. Please refer to the section on "Valid Values for VLAN ID" for details on valid values for VLAN ID. Startup Scripts & VLAN Automation ================================= The VLAN package provides the following startup script and a configuration file that enables the user to preserve vlan configuration across reboots and automate vlan startup at system reboot. /etc/init.d/vlan /etc/vlan.conf The /etc/init.d/vlan script reads information from /etc/vlan.conf and configures VLANs accordingly. The format of /etc/vlan.conf is as explained below Note 1: If VLAN's are being configured in a teamed environment with bonding, the user should ensure that all the devices associated with the team(s) are configured without an IP Addresses. For example, in the "VLAN Configuration (teamed using Bonding)" section, the devices bond0, eth0 and eth1 should start without an associated IP address. The following text from the /etc/sysconfig/network-scripts/ifcfg-bond0 file shows the appropriate lines that are commented out to configure team(s) without IP Addresses. DEVICE=bond0 BOOTPROTO=static #BROADCAST=10.10.20.255 #IPADDR=10.10.20.1 #NETMASK=255.255.255.0 #NETWORK=10.10.20.0 ONBOOT=yes BOOTPROTO=none USERCTL=none If bonding has been activated/running on the system, please make the changes similar to what has been indicated above in all files associated with each of the devices associated with the team ( In this example,the devices are eth0 and eth1 ) and reboot the system before starting VLAN. Note: For SUSE distributions, once the network is teamed using bonding, Issue the following command: #ifenslave bond0 eth0 #ifenslave bond0 eth1 Note 2: If VLAN's are being configured with the bonding driver, the user should ensure that the bonding driver starts before the vlan script runs. On Redhat Distributions, this happens automatically when the network configuration scripts run. The Red Hat network scripts are located at /etc/sysconfig/network-scripts/ifcfg-bondX. Bonding does not automatically start with UnitedLinux 1.0. The user will need to create an RC script that starts before the VLAN script to ensure proper VLAN / bonding environments. Please refer to bonding.txt for more information regarding automation. 1. The nametype parameter indicates how the VLAN interface should be named. The supported values for this parameter are as follows. Assuming that a VLAN with ID=10 is created over eth0, the corresponding VLAN interface created with each nametype is shown in brackets. The default is DEV_PLUS_VID_NO_PAD VLAN_PLUS_VID ( vlan0010 ) VLAN_PLUS_VID_NO_PAD ( vlan10 ) DEV_PLUS_VID ( eth0.0010 ) DEV_PLUS_VID_NO_PAD ( eth0.10 ) The nametype parameter is specified in the file as follows nametype 2. List defining properties of each VLAN to be configured. Each line in this list corresponds to one VLAN and contains 4 entries which are shown below. For the sample configuration desribed in the section "VLAN configuration (stand alone adapter)", the /etc/vlan.conf would look as follows: eth0 4000 10.10.10.1 255.255.255.0 eth0 4001 10.10.20.1 255.255.255.0 Please note that leading zero's are not allowed for the vlan_id field. For Example, if the vlan_id is 10, usage of either 010 or 0010 will end up in unpredictable results. 3. Once all the entries are completed in the file, the VLAN can be restarted with the following command: /etc/init.d/vlan restart 4. To unconfigure the VLANs, please run the following commands: /etc/init.d/vlan stop /etc/init.d/network restart Special Note on the nametype parameter: -------------------------------------- If nametypes of either VLAN_PLUS_VID (or) VLAN_PLUS_VID_NO_PAD are used, the user is advised to handle situations which are similar to the illustration below where the network devices are different but the vlan_id is the same. eth0 4000 10.10.10.1 255.255.255.0 eth1 4000 10.10.10.1 255.255.255.0 Now, what happens in this situation is that when the VLAN devices are created, the VLAN device name would be vlan4000 for both devices and hence causes conflict. In such cases, the user should use nametype as DEV_PLUS_VID (or) DEV_PLUS_VID_NO_PAD. Please refer to the section on "Valid Values for VLAN ID" for details on valid values for VLAN ID. Valid Values for VLAN ID ======================== The range of values allowed for VLAN ID's is from 0 to 4094. However, the user should note that the value "0" is a reserved value. More details on what these values mean is given in detail in the 8021.q specification available through the following link http://standards.ieee.org/getieee802/download/802.1Q-1998.pdf It has also been observed that although the VLAN ID "1" is an allowed value, it may not work properly with all switches. Verification of VLAN Configuration ================================== There are two steps to verify the VLAN Configuration on the server - Verify the VLAN Setup - Verify the VLAN functionality 1. Verify the VLAN setup The VLAN configuration on the server can be verified with the following commands. The information below was generated from the the "VLAN Configuration (stand alone adapter)" example. # more /proc/net/vlan/config VLAN Dev name | VLAN ID Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD eth0.4000 | 4000 | eth0 eth0.4001 | 4001 | eth0 # ifconfig -a eth0 Link encap:Ethernet HWaddr 00:02:A5:3D:04:CE BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:276 errors:0 dropped:0 overruns:0 frame:0 TX packets:264 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:29052 (28.3 Kb) TX bytes:27228 (26.5 Kb) Interrupt:10 eth0.4000 Link encap:Ethernet HWaddr 00:02:A5:3D:04:CE inet addr:10.10.10.1 Bcast:10.255.255.255 Mask:255.255.255.0 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:43 errors:0 dropped:0 overruns:0 frame:0 TX packets:34 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3156 (3.0 Kb) TX bytes:2996 (2.9 Kb) eth0.4001 Link encap:Ethernet HWaddr 00:02:A5:3D:04:CE inet addr:10.10.20.1 Bcast:10.255.255.255 Mask:255.255.255.0 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:121 errors:0 dropped:0 overruns:0 frame:0 TX packets:121 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:9936 (9.7 Kb) TX bytes:11522 (11.2 Kb) 2. Verify the VLAN Functionality From client A, issue the following broadcast ping command: #ping -b 10.255.255.255 From client B, issue the following broadcast ping command: #ping -b 20.255.255.255 This will verify that the packets sent by client A will only be received by the server and the packets sent by client B will only be received by the server. At any point of time, client A should not receive packets sent from client B and vice versa. Uninstall the RPM ================= The following command will uninstall the vlan RPM. #rpm -e vlan Limitations =========== 1. Output of "ifconfig -a" command has the limitation of showing only eight characters for the interface name. If two VLAN interfaces are configured say bond0.4000 and bond0.4001, the ifconfig shows both as bond0.400 which causes confusion. One way to solve this problem would be to set the name type format in /etc/vlan.conf as follows: nametype VLAN_PLUS_VID_NO_PAD To restart the vlans:. #/etc/init.d/vlan restart Once this is done, the interface name would appear as "vlan4000" instead of "bond0.400" thereby causing ifconfig to show the output properly. 2. It has been seen sometimes due to the limits on the number of files that can be created under /proc, entries for some vlan devices may not get created. However, this does not affect the functioning of the VLAN itself. References ========== VLAN Home Page: http://www.candelatech.com/~greear/vlan.html ftp://ftp.netlab.ohio-state.edu/pub/jain/courses/cis788-97/virtual_lans.pdf A html format of the same document is available through the following link: ftp://ftp.netlab.ohio-state.edu/pub/jain/courses/cis788-97/virtual_lans/index.htm http://compnetworking.about.com/cs/virtuallans/