Release Notes Linux VLAN Driver Version 1.7.0 10/31/2002 Table of Contents ================= Introduction Supported Linux Distributions Packaging Kernel Source Code Setup Installing Source RPM Package VLAN Configuration (stand alone adapters) VLAN Configuration (teamed with Bonding) Startup Scripts & VLAN Automation Verification of VLAN Configuration Limitations Uninstalling the RPM References Introduction ============ The references section points to many useful articles on VLANs and possible configurations of VLANs. This package provides a driver (8021q) which implements the 802.1q VLAN implementation and the vconfig utility used to configure VLANs. Supported Linux Distributions ============================= VLANs are supported only on the following Linux distributions Red Hat Linux 7.3 Professional with errata kernel 2.4.18-10 Red Hat Linux 8.0 Professional ========= The driver is released in the source RPM format. The file name for the package is vlan-.src.rpm and is dependent on the kernel source code. Kernel Source Code Setup ======================== The Linux VLAN driver requires the presence of the kernel source code and configuring the kernel source before building the VLAN driver. The following steps need to be done once for each kernel that is booted. For example, if the current kernel is UP (uni-processor) and an SMP (symmetrical-multi-processor) kernel is booted, these steps must be performed again to configure the kernel source for SMP before building the VLAN driver for the SMP kernel. Red Hat installation: If the /usr/src/linux- directory does not exist install the kernel source code per Red Hat instructions. Once installed, follow the commands listed below to configure the kernel source to match the running kernel. For Red Hat Linux 8.0 Professional: # cd /usr/src/linux- # make mrproper # make -e KERNELRELEASE=`uname -r` oldconfig # make -e KERNELRELEASE=`uname -r` dep For all other Red Hat Linux distributions: # cd /usr/src/linux- # make mrproper # make oldconfig # make dep Installing Source RPM Package ============================= 1. Verify for the existence of a current version of the vlan package as follows: # rpm -q vlan If an old version of the package exists the RPM package should be removed. # rpm -e vlan Then remove the loaded VLAN module. # rmmod 8021q Verify that the old VLAN package has been removed as follows: # rpm -q vlan NOTE: When the vlan package is removed from the system, the /etc/vlan.conf file will be removed thereby causing the configuration information to be lost. It is advised that the user backup the /etc/vlan.conf before removing the vlan package. Please refer to the "Startup Scripts and VLAN Automation" section for more details. 2. Install the RPM source package. # rpm -ivh vlan-.src.rpm 3. Change to the following directory and build the binary RPM for the VLAN driver. # cd /usr/src/{redhat,packages} Red Hat 8.0 # rpmbuild -bb SPECS/vlan.spec Note: If an error is encountered while building the driver or this directory doesn't exist, please refer to the "Kernel Source Code Setup" section of this document. 4. Install (upgrade) the new binary RPM package created above using the following command. # rpm -Uvh --force RPMS/i386/vlan-.i386.rpm The "force" rpm option is required since the VLAN driver is a part of the kernel rpm. 5. The VLAN driver can be configured with either stand alone adapters or with a team of adapters using the Bonding driver. Please refer to the "VLAN Configuration (stand alone adapters)" section for details on how to setup VLANs over stand along adapters. Please refer to the "VLAN configuration (teamed with Bonding driver)" section for details on how to setup VLANs in a teamed environment using the Bonding driver. VLAN Configuration (stand alone adapters) ======================================== The VLAN Configuration over stand along ethernet adapters is best illustrated through the following setup. Server with the following configuration: Running Any Linux distribution supporting VLANs (Please refer to the "Supported Linux Distributions" section for a list) One NC7131 Compaq Gigabit Server Adapter Two clients with the following configuration: Running Any Linux distribution One NC7131 Compaq Gigabit Server Adapter TODO: Add HP Procurve Switch example. Switch (Extreme Networks Summit 1i ) The following diagram illustrates the connectivity of the server and the clients through the switch ---------- ------------------- | |eth0 (vlan=4092,4093) | Switch | | +------------------------------------+ port 1 | | Server | | (tagged 4092,4093)| | | | | | + + port 2 | | | | (unused) | ---------- ---------- | | | |eth0 | | | Client1 +--------------------+ port 3 | | | | (untagged 4092) | ---------- | | ---------- | | | |eth0 | | | Client2 +--------------------+ port 4 | | | | (untagged 4093) | ---------- ------------------- The above configuration is setup such that the server and client1 belong to vlan 4092 and the server and client2 belong to vlan 4093. The detailed configuration steps are as shown below. 1. Configure the server as shown below Issue the following commands on the server to create the VLANs. Load the network driver and bring up the interface. In this case, the interface name is eth0. #ifconfig eth0 up Configure 2 VLANs on the eth0 interface using vconfig as follows (4092 and 4093 being the VLAN ID's) #vconfig add eth0 4092 #vconfig add eth0 4093 NOTE: if the 8021q.o module is not already loaded, the vconfig command will load the module. Bring up the VLAN interfaces as follows: #ifconfig eth0.4092 10.10.10.1 netmask 255.255.255.0 up #ifconfig eth0.4093 10.10.20.1 netmask 255.255.255.0 up Remove the IP Address information on the ethernet card as follows #ifconfig eth0 0.0.0.0 2. Configure the Clients as follows: Configure the IP Address on client1 as follows #ifconfig eth0 10.10.10.2 netmask 255.255.255.0 up Configure the IP Address on client2 as follows #ifconfig eth0 10.10.20.2 netmask 255.255.255.0 up The idea here is that client1 can only communicate with hosts configured on VLAN 4092 and client2 can communicate with hosts configured on VLAN 4093. 3. Configure the Switch as follows Please refer to the documentation corresponding to your switch. The commands shown below are for a Summit 1i switch. Create two VLANS vlan1 and vlan2 create vlan vlan1 create vlan vlan2 Assign ID 4092 to vlan1 and ID 4093 to vlan2 configure vlan vlan1 tag 4092 configure vlan vlan2 tag 4093 Add appropriate ports to the VLANs. In this case, port 1 from the server and port 3 from client 1 belong to vlan1. Also, since Port 1 also belongs to vlan2, it must be tagged. configure vlan vlan1 add ports 1 tag configure vlan vlan1 add ports 3 Port 1 from the server and Port 4 from client 2 belong to vlan2. configure vlan vlan2 add ports 1 tag configure vlan vlan2 add ports 4 NOTE: Before you run the above configure commands, make sure that the untagged ports (3 and 4 in this case) do not belong to any other VLAN by default. Since untagged ports cannot be members of multiple VLANs, it is necessary to remove ports 3 and 4 from the VLANs to which they belong and then add them to vlan1 and vlan2 respectively. The following command can be used to remove ports from VLANs configure vlan delete ports Once the above is done, verify the switch vlan config by running the following command show vlan Specific configuration information of each VLAN can be obtained by running the following commands show vlan vlan1 show vlan vlan2 Please refer to the "Verification of VLAN Configuration" section to test the above setup. VLAN Configuration (teamed using Bonding) ========================================= Server with the following configuration: Running Any Linux distribution supporting VLANs (Please refer to the "Supported Linux Distributions" section for a list) One NC7131 Compaq Gigabit Server Adapter One NC6770 Compaq Gigabit Server Adapter Both the adapters are teamed using the Bonding driver. Please see the Bonding documentation that is supplied with the bonding source rpm package to configure a team. Two Clients with the following configuration: Running Any Linux distribution One NC7131 Compaq Gigabit Server Adapter Switch (Extreme Networks Summit 1i) The following diagram illustrates the connectivity of the server and the clients through the switch Bond0 ( vlan 10, 20 ) ---------- | ------------------- | |eth0 | | Switch | | +------|-----------------------------+ port 1 | | Server | | | (tagged 10,20) | | bond0 |eth1 | | | | +------|-----------------------------+ port 2 | | | | | (tagged 10,20) | ---------- ---------- | | | |eth0 | | | Client1 +--------------------+ port 3 | | | | (untagged 10) | ---------- | | ---------- | | | |eth0 | | | Client2 +--------------------+ port 4 | | | | (untagged 20) | ---------- ------------------- The above configuration is setup such that the server (interfaces eth0 and eth1 teamed as bond0) is a member of both the VLANs 10 and 20. client1 is a member of VLAN10 and client2 is a member of VLAN20. The detailed configuration steps are as shown below. Before proceding to the next step, please refer to the bonding.txt provided with the bonding rpm package and configure bonding as described in that document. It is assumed that the user has succesfully configured a team called bond0 on the server which teams two ethernet cards having interface names eth0 and eth1 (as shown by the above diagram). 1. Configure the server as shown below #ifconfig bond0 up Configure 2 VLANs on the bonding interface using vconfig as follows (10 and 20 being the VLAN IDs) #vconfig add bond0 10 #vconfig add bond0 20 NOTE: if the 8021q.o module is not already loaded, then the vconfig command will load the module. Bring up the VLAN interfaces as follows: #ifconfig bond0.10 10.10.10.1 netmask 255.255.255.0 up #ifconfig bond0.20 10.10.20.1 netmask 255.255.255.0 up Remove the IP Address information on the bonding and ethernet interfaces as follows #ifconfig bond0 0.0.0.0 #ifconfig eth0 0.0.0.0 #ifconfig eth1 0.0.0.0 2. Configure the Clients as shown below Configure the IP Address on client1 as follows #ifconfig eth0 10.10.10.2 netmask 255.255.255.0 up Configure the IP Address on client2 as follows #ifconfig eth0 10.10.20.2 netmask 255.255.255.0 up The idea here is that client1 can only communicate with hosts configured on VLAN10 and client2 can communicate with hosts configured on VLAN20. 3. Configure the Switch as shown below Create two VLANS vlan10 and vlan20 create vlan vlan10 create vlan vlan20 Assign ID 10 to vlan10 and ID 20 to vlan20 configure vlan vlan10 tag 10 configure vlan vlan20 tag 20 Port 1, 2 and 3 belong to vlan10. In the example port 1 and 2 are tagged while port 3 is left untagged. configure vlan vlan10 add ports 1 tag configure vlan vlan10 add ports 2 tag configure vlan vlan10 add ports 3 Port 1, 2 and 4 belong to vlan20. In the example port 1 and 2 are tagged while port 4 is left untagged. configure vlan vlan20 add ports 1 tag configure vlan vlan20 add ports 2 tag configure vlan vlan20 add ports 4 NOTE: Before you run the above configure commands, make sure that the untagged ports (3 and 4 in this case) do not belong to any other VLAN by default. Since untagged ports cannot be members of multiple VLANs, it is necessary to remove ports 3 and 4 from the VLANs to which they belong and then add them to vlan1 and vlan2 respectively. The following command can be used to remove ports from VLANs configure vlan delete ports Once the above is done, verify the switch VLAN configuration by running the following command show vlan To get specific configuration information of each VLAN, run the following commands show vlan vlan10 show vlan vlan20 Module Parameters ================= The VLAN driver does not support any configurable parameters. Startup Scripts & VLAN Automation ================================= The VLAN package provides the following startup script and a configuration file that enables the user to automate vlan startup during system reboot /etc/init.d/vlan /etc/vlan.conf The /etc/init.d/vlan script reads information from /etc/vlan.conf and configures VLANs accordingly. The /etc/vlan.conf defines two parameters as explained below 1. nametype parameter which indicates how the vlan interface should be named. The supported values for this parameter are as follows. Assuming that vlan with ID=10 is created over eth0, the corresponding vlan interface created with each nametype is shown in brackets. VLAN_PLUS_VID ( vlan0010 ) VLAN_PLUS_VID_NO_PAD ( vlan10 ) DEV_PLUS_VID ( eth0.0010 ) DEV_PLUS_VID_NO_PAD ( eth0.10 ) The default nametype is DEV_PLUS_VID_NO_PAD The nametype parameter is specified in the file as follows nametype 2. List defining properties of each VLAN to be configured. Each line in this list corresponds to one VLAN and contains 4 entries which are shown below For the configuration desribed in the "VLAN configuration (stand alone adapters)" section, the /etc/vlan.conf would like the follows eth0 4092 10.10.10.1 255.255.255.0 eth0 4093 10.10.20.1 255.255.255.0 Verification of VLAN Configuration ================================== There are two steps to verify the VLAN Configuration on the server - Verify the VLAN Setup - Verify the VLAN functionality 1. Verify the VLAN setup ( VLAN Over stand alone adapters ) The VLAN configuration on the server can be verified through the proc file system in /proc/net/vlan/config. The contents of this file are shown below. VLAN Dev name | VLAN ID Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD eth0.4092 | 4092 | eth0 eth0.4093 | 4093 | eth0 Output of the "ifconfig -a" command is shown below. eth0 Link encap:Ethernet HWaddr 00:02:A5:3D:04:CE BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:276 errors:0 dropped:0 overruns:0 frame:0 TX packets:264 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:29052 (28.3 Kb) TX bytes:27228 (26.5 Kb) Interrupt:10 eth0.4092 Link encap:Ethernet HWaddr 00:02:A5:3D:04:CE inet addr:10.10.10.1 Bcast:10.255.255.255 Mask:255.255.255.0 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:43 errors:0 dropped:0 overruns:0 frame:0 TX packets:34 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3156 (3.0 Kb) TX bytes:2996 (2.9 Kb) eth0.4093 Link encap:Ethernet HWaddr 00:02:A5:3D:04:CE inet addr:10.10.20.1 Bcast:10.255.255.255 Mask:255.255.255.0 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:121 errors:0 dropped:0 overruns:0 frame:0 TX packets:121 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:9936 (9.7 Kb) TX bytes:11522 (11.2 Kb) 2. Verify the VLAN setup ( VLAN Over Teaming ) The contents of /proc/net/vlan/config are shown below. VLAN Dev name | VLAN ID Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD bond0.10 | 10 | bond0 bond0.20 | 20 | bond0 Contents of /proc/net/vlan/bond0.10 are as follows bond0.10 VID: 10 REORDER_HDR: 1 dev->priv_flags: 1 total frames received: 269 total bytes received: 23330 Broadcast/Multicast Rcvd: 0 total frames transmitted: 88 total bytes transmitted: 8640 total headroom inc: 0 total encap on xmit: 88 Device: bond0 INGRESS priority mappings: 0:0 1:0 2:0 3:0 4:0 5:0 6:0 7:0 EGRESSS priority Mappings: Contents of /proc/net/vlan/bond0.20 are as follows bond0.20 VID: 20 REORDER_HDR: 1 dev->priv_flags: 1 total frames received: 40 total bytes received: 3482 Broadcast/Multicast Rcvd: 0 total frames transmitted: 40 total bytes transmitted: 4024 total headroom inc: 0 total encap on xmit: 40 Device: bond0 INGRESS priority mappings: 0:0 1:0 2:0 3:0 4:0 5:0 6:0 7:0 EGRESSS priority Mappings: The output of the "ifconfig -a" command is as follows bond0 Link encap:Ethernet HWaddr 00:02:A5:3D:04:CE UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1 RX packets:387 errors:0 dropped:0 overruns:0 frame:0 TX packets:304 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:37678 (36.7 Kb) TX bytes:24538 (23.9 Kb) bond0.10 Link encap:Ethernet HWaddr 00:02:A5:3D:04:CE inet addr:10.10.10.1 Bcast:10.255.255.255 Mask:255.255.255.0 UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1 RX packets:269 errors:0 dropped:0 overruns:0 frame:0 TX packets:88 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:23330 (22.7 Kb) TX bytes:8640 (8.4 Kb) bond0.20 Link encap:Ethernet HWaddr 00:02:A5:3D:04:CE inet addr:10.10.20.1 Bcast:10.255.255.255 Mask:255.255.255.0 UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1 RX packets:40 errors:0 dropped:0 overruns:0 frame:0 3. Verify the VLAN Functionality From client1, issue the following broadcast ping command #ping -b 10.255.255.255 Similarly, from client2, issue the following broadcast ping command #ping -b 20.255.255.255 This will verify that the packets sent by client1 will only be received by the server and the packets sent by client2 will only be received by the server. At any point of time, client1 should not receive packets sent from client2 and vice versa. Limitations =========== 1. ifconfig Limitation Output of "ifconfig -a" command has the limitation of showing only eight characters for the interface name. If two vlan interfaces are configured say bond0.4092 and bond0.4093, the ifconfig shows both as bond0.409 which causes confusion. One way to solve this problem would be to set the name type format in /etc/vlan.conf as follows nametype VLAN_PLUS_VID_NO_PAD and then restart the vlans as follows. #/etc/init.d/vlan restart Once this is done, the interface name would appear as "vlan4092" instead of "bond0.4092" thereby causing ifconfig to show the output properly. Uninstalling the RPM ==================== The following command will uninstall the vlan RPM. rpm -e vlan References ========== VLAN Home Page: http://www.candelatech.com/~greear/vlan.html ftp://ftp.netlab.ohio-state.edu/pub/jain/courses/cis788-97/virtual_lans.pdf A html format of the same document is available through the following link: ftp://ftp.netlab.ohio-state.edu/pub/jain/courses/cis788-97/virtual_lans/index.htm http://compnetworking.about.com/cs/virtuallans/