vlan interview questions
Top vlan frequently asked interview questions
I've scoured the docs (http://pubs.vmware.com/vsphere-55/index.jsp) and can't find anything about adding virtual machines to vlans. There's plenty of info on creating and configuring them, but not how to add virtual machines to them through pyvmomi (or esxcli if necessary). I'm pretty sure it can be done, as you can do it easily through the vSphere client, but I'm looking to do it in an automated fashion.
Source: (StackOverflow)
I already have a virtual machine with its own public ip address and I would like to set up a new VM using port forwarding from the host.
I have two public addresses:
- X.X.X.146 for the host
- Y.Y.Y.99 for the first virtual machine
Currently, I have the following network configuration (and it's working well):
Host interfaces
# cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto vmbr0
iface vmbr0 inet static
address X.X.X.146
netmask 255.255.255.224
gateway X.X.X.129
bridge_ports eth0
bridge_stp off
bridge_fd 9
bridge_hello 2
bridge_maxage 12
1st VM (with dedicated public IP) interfaces
# cat /etc/network/interfaces
auto eth0
iface eth0 inet static
address Y.Y.Y.99
netmask 255.255.255.248
pointopoint Y.Y.Y.97
gateway Y.Y.Y.97
dns-nameservers 8.8.8.8 8.8.4.4
Now, I want to setup the port forwarding for the 2nd virtual machine (IP: 10.0.2.15). I add a new bridge on the host like this:
# cat /etc/network/interfaces
[...]
auto vmbr2
iface vmbr2 inet static
address 10.0.2.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.0.2.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.2.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 10.0.2.15:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 10.0.2.15:22
and I link my 2nd virtual machine to the vmbr2 bridge.
... but it doesn't work and, as I'm a newbie with networking, I don't know what is wrong.
Any help is welcome.
Thanks.
Source: (StackOverflow)
First, I am aware of creating a VXLAN interface with tag based on ip command:
ip link add vxlan-br0 type vxlan id <tag-id> group <multicast-ip> local <host-ip> dstport 0
But it is useless for my actual demand, and my demand is to isolate multiple docker containers using different tags, something like:
brctl addif br1 veth111111 tag=10 # veth111111 is the netdev used by docker container 1
brctl addif br1 veth222222 tag=20 # veth222222 is the netdev used by docker container 2
brctl addif br1 veth333333 tag=10 # veth111111 is the netdev used by docker container 3
I want to isolate container 2 from container 1 and 3, and don't isolate communication bewteen container 1 and 3. How to achieve this?
Source: (StackOverflow)
I'm trying to compile a module that uses 8021q calls. I have 8021q installed with a makefile and kconfig in /lib/modules/[version]/build/net/8021q. When I attempt to build however, I receive the following:
WARNING: "register_vlan_dev" [/home/user/test/test.ko] undefined!
I'm new to building modules, so how do I make this function visible to my module?
My code block (full of errors, but just as an example):
int create_and_register(struct gfast_dfe_entry *dfe,
uint16_t port_on_dfe, uint16_t tag)
{
int ret = -ENODEV;
uint16_t portidx = (uint16_t)(0);
static char port_ifname[IFNAMSIZ] = "eth0";
static struct net_device *ports[10];
ports[portidx] = alloc_netdev(privsize, port_ifname, NULL);
if ((ret = register_vlan_dev(ports[portidx])) != 0) {
PWARN("cannot create port%d - register_vlan_dev returned err=%d",
portidx, ret);
rtnl_unlock();
goto err_reg_vlandev;
}
return 0;
err_reg_vlandev:
free_netdev(ports[portidx]);
ports[portidx] = NULL;
return 1;
}
My makefile:
obj-m += test.o
test-objs := main.o
KERNELPATH:=/lib/modules/$(shell uname -r)/build
all: modules
modules:
make -C $(KERNELPATH) M=$(shell pwd) -Wall modules
clean:
make -C $(KERNELPATH) M=$(shell pwd) clean
Thanks for the help!
Source: (StackOverflow)
I am trying to route a Linux machine (Ubuntu 14.04) traffic with VLAN ID 4 tag.
It is important that the tagging will be done in the Linux itself and not in a further switch.
I created a new interface eth0.4 using this command
vconfig add eth0 4
ifconfig eth0.4 10.0.0.32 broadcast 10.0.0.0 up
In addition I checked that the 8021q driver is loaded using
lsmod | grep 8021q
I also added to /etc/network/interfaces
auto eth0.4
iface eth0.4 inet static
address 10.0.0.32
netmask 255.255.255.0
vlan-raw-device eth0
When I make a request to the an HTTP website. I don't see anything comes out of the vlan's interface (using ifconfig).
I am wondering how the Linux knows to route the traffic through the vlan's interface? and If it is not, how can I manually configure such route?
Source: (StackOverflow)
im trying to set up a procurve 2510G-48 switch to have 3 vlans. The first 12 ports is gonna act like a normal switch, the second vlan is going to only comunicate with the first block of 6 ports, the third block will do the same as the second, same for the fourth.
So when you send a packet through vlan one with a vlan 4 tag it will end in the fourth.
I have set up an ubuntu server with three vlan ports with different tags. One physical port will be patched to vlan 1 and the virtual ports gets 6 ports each. Any way to do that, been struggling with this for a while.
Source: (StackOverflow)
I've got a host with RHEL6.4 OS. Under the host I have a KVM VM also running RHEL6.4.
The host is connected to tagged switch interface that has vlan tag 1.
I've configured the host network interfaces as follows:
ifcfg-eth0
#
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
USERCTL=no
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
#
ifcfg-eth1
#
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
USERCTL=no
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
#
ifcfg-bond0
#
DEVICE=bond0
TYPE=Bond
BONDING_MASTER=yes
BOOTPROTO=static
NAME=bond0
ONBOOT=yes
USERCTL=no
BONDING_OPTS="mode=active-backup primary=eth0 miimon=100"
#
and the host vswitch as follows:
#
ovs-vsctl add-br ovsbr0
ovs-vsctl add-port ovsbr0 bond0
ovs-vsctl add-port ovsbr0 vlan1 tag=1 -- set interface content type=internal
ifconfig vlan1 192.168.1.2/28 up
#
And I'm able to ping the external vlan1 GW(192.168.1.1).
The issue I'm having is that I'm unable to ping external IPv4 Gateway from the VM.
When I ping from the VM, I get response for the first packet, but the rest seem to lose the VLAN tag and goes to wrong interface.
If I tcpdump bond0.1 I see the first ICMP request and reply, but the rest of the ICMP replys seem to appear on bond0 interface (not bond0.1)
#
[root@vm ~]# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=255 time=2.64 ms
^C
--- 192.168.1.1 ping statistics ---
5 packets transmitted, 1 received, 80% packet loss, time 4786ms
rtt min/avg/max/mdev = 2.642/2.642/2.642/0.000 ms
[root@vm ~]#
#
[root@vm ~]# tcpdump -i bond0.1 host 192.168.1.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bond0.1, link-type EN10MB (Ethernet), capture size 65535 bytes
20:49:28.053502 IP 192.168.1.3 > 192.168.1.1: ICMP echo request, id 55664, seq 1, length 64
20:49:28.054158 IP 192.168.1.1 > 192.168.1.3: ICMP echo reply, id 55664, seq 1, length 64
20:49:29.055189 IP 192.168.1.3 > 192.168.1.1: ICMP echo request, id 55664, seq 2, length 64
20:49:30.054971 IP 192.168.1.3 > 192.168.1.1: ICMP echo request, id 55664, seq 3, length 64
20:49:31.054935 IP 192.168.1.3 > 192.168.1.1: ICMP echo request, id 55664, seq 4, length 64
20:49:32.054918 IP 192.168.1.3 > 192.168.1.1: ICMP echo request, id 55664, seq 5, length 64
#
[root@vm]# tcpdump -i bond0 host 192.168.1.1
tcpdump: WARNING: bond0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bond0, link-type EN10MB (Ethernet), capture size 65535 bytes
20:49:28.053509 IP 192.168.1.3 > 192.168.1.1: ICMP echo request, id 55664, seq 1, length 64
20:49:29.055199 IP 192.168.1.3 > 192.168.1.1: ICMP echo request, id 55664, seq 2, length 64
20:49:29.055653 IP 192.168.1.1 > 192.168.1.3: ICMP echo reply, id 55664, seq 2, length 64
20:49:30.054983 IP 192.168.1.3 > 192.168.1.1: ICMP echo request, id 55664, seq 3, length 64
20:49:30.055522 IP 192.168.1.1 > 192.168.1.3: ICMP echo reply, id 55664, seq 3, length 64
20:49:31.054968 IP 192.168.1.3 > 192.168.1.1: ICMP echo request, id 55664, seq 4, length 64
20:49:31.056497 IP 192.168.1.1 > 192.168.1.3: ICMP echo reply, id 55664, seq 4, length 64
20:49:32.054927 IP 192.168.1.3 > 192.168.1.1: ICMP echo request, id 55664, seq 5, length 64
20:49:32.055402 IP 192.168.1.1 > 192.168.1.3: ICMP echo reply, id 55664, seq 5, length 64
The VM network interfaces are configured as follows:
ifcfg-eth0
#
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
USERCTL=no
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
ifcfg-eth1
#
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
USERCTL=no
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
ifcfg-bond0
#
DEVICE=bond0
TYPE=Bond
BONDING_MASTER=yes
BOOTPROTO=static
NAME=bond1
ONBOOT=yes
USERCTL=no
BONDING_OPTS="mode=active-backup primary=eth0 miimon=100"
ifcfg-bond0.1
#
VLAN=yes
TYPE=Vlan
DEVICE=bond0.1
NAME=bond0.1
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.1.3
NETMASK=255.255.255.240
Any idea why this issue occurs?
Source: (StackOverflow)
There are many VLANs in my account which don't have billing items, which means they are not explicitly purchased. Therefore, I can't choose them as my destination VLANs if I want to create an autoscale group and deploy the VMs across more than two such VLANs. So how these non-purchased VLANs end up existing in my account? Is it because I created autoscale group early without specifying the VLAN, and that SoftLayer automatically and randomly chose one for me?
Source: (StackOverflow)
I am using netif_rx to send skb to a listener set on a loopback device.
On accept I need to use the VLAN information (I need the first VLAN information - 2 bytes originally on the skb mac header field).
The skb contains vlan information (h_vlan_TCI). I want to access this information on the socket level. (Since the linux removes VLAN tags from packets' payload early, I don't have this information at hand).
Is there any way I can access this?
If not - is there any field I can even override and use for this?
Source: (StackOverflow)
I understand that jumbo Ethernet frames are identified by a value of 0x8870 in the length/type field. (Reference: http://en.wikipedia.org/wiki/EtherType) Tagged VLAN frames are identified by a type of 0x8100.
This being the case, is it possible for a jumbo frame to be VLAN-tagged? How does that work?
Source: (StackOverflow)
http://s16.postimg.org/e5nu6g1md/bridgevlancaptive.png
The above image is based on my project about captive portal. As you can see on the image i have a diagram on LEFT side which is WORKING without a problem on a normal scenario without any vlan.
On RIGHT side however, it is similar to the setup on left side but it is with multiple VLAN.
I am having difficulties on finding the solution on this. need your input.
Currently im looking at ebtables form the link
http://ebtables.netfilter.org/misc/ebtables-man.html#lbBD
Basically the idea is to intercept the packet that flows to bridge interface from whatever vlan is tagged and create the same rule as the iptables to mark packet and redirect to login page.
I welcome your possible solutions in this.
Source: (StackOverflow)
I am having a problem to understand VLAN tagging.
I have already done changes in the /etc/network/interface file using this link
I am using socket programming on Raspbian (Raspberry pi) using C language.
I tried 2 methods:
The socket in C is
s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
When i send a ethernet packet from the raspberry pi using the above socket i only see the outgoing "arp" messages on the bus.
s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL))
But this creates an error "sendto failed: Invalid argument" during sending the packet, the code to send packet is:
struct sockaddr_in sin;
sin.sin_family = AF_PACKET;
sin.sin_port = htons(30490);
sin.sin_addr.s_addr = inet_addr(destination ip address);
if(sendto(socket, data, iph->tot_len, 0, (struct sockaddr *)&sin, sizeof(sin)) < 0)
{ perror("Sendto failed"); }
else { printf("Packet send"); }
Could anyone help me with the information on how to attach a VLAN tag with every packet that is being send ? Or what i am doing wrong in above code ?
Is there a code which is already implemented for sending packets with VLAN?
(In my setup i am not using any router or switch)
Source: (StackOverflow)
Once my machine is VLAN enabled, I'm neither able to prepare new scripts using JMeter-2.9 tool nor able to execute my old scripts which I used to run earlier on the same machine.
Please find below error message I got while running the old scripts:
*Thread Name: 46_Drug Issue 1-1
Sample Start: 2014-11-19 16:22:40 IST
Load time: 1001
Latency: 0
Size in bytes: 1720
Headers size in bytes: 0
Body size in bytes: 1720
Sample Count: 1
Error Count: 1
Response code: Non HTTP response code: java.net.ConnectException
Response message: Non HTTP response message: Connection refused: connect
Response headers:
HTTPSampleResult fields:
ContentType:
DataEncoding: null*
While recording a new test plan in my Windows machine, I'm able to navigate the different pages with HTTP Proxy server enabled in JMeter tool, but no HTTP request is getting recorded in the transaction controller.
Can anyone please suggest, how to overcome this issue ?
Source: (StackOverflow)
Background:
I'm working with scapy to parse IEEE 802.1Q triple tagged frames. I'm generating test frames using scapy and capturing them to a pcap file.
The parsing is done in a separate script by reading in the pcap file. I can successfully work with the 1st 802.1q tag.
Problem:
It's not clear to me how to access at the 2nd and 3rd 802.1q tags. I'm attempting to use haslayer() and getlayer to conditionally examine the frame headers. haslayer(Dot1Q) returns the
values associated with the 1st Dot1Q tag.
Question:
If the type field of the 1st tag is 0x8100, then a 2nd tag is present. Is there a way to advance to the 2nd and 3rd tags? I've looked at the l2.py source and experimented, but no luck yet.
Code:
Send triple tag frame:
sendp(Ether(dst='78:2B:CB:33:4B:9F',src="D4:AE:52:89:BA:FA")/Dot1Q(vlan=1,id=3,prio=2)/Dot1Q(vlan=2,id=3,prio=2)/Dot1Q(vlan=3,id=3,prio=2)/IP(dst='10.25.222.222')/ICMP())
Frame display:
###[ Ethernet ]###
dst = 78:2b:cb:33:4b:9f
src = d4:ae:52:89:ba:fa
type = 0x8100
###[ 802.1Q ]###
prio = 2L
id = 1L
vlan = 1L
type = 0x8100
###[ 802.1Q ]###
prio = 2L
id = 1L
vlan = 2L
type = 0x8100
###[ 802.1Q ]###
prio = 2L
id = 1L
vlan = 3L
type = 0x800
###[ IP ]###
version = 4L
ihl = 5L
tos = 0x0
len = 28
id = 1
flags =
frag = 0L
ttl = 64
proto = icmp
chksum = 0xc55
src = 10.25.123.123
dst = 10.25.222.222
\options \
###[ ICMP ]###
type = echo-request
code = 0
chksum = 0xf7ff
id = 0x0
seq = 0x0
###[ Padding ]###
load = '\x00\x00\x00\x00\x00\x00'
Frame parsing:
pkts=rdpcap(self.file_name)
for pkt in pkts:
try:
if pkt.haslayer(Ether):
src = pkt.getlayer(Ether).src
dst = pkt.getlayer(Ether).dst
type = pkt.getlayer(Ether).type
# Do something
if pkt.haslayer(Dot1Q):
prio = pkt.getlayer(Dot1Q).prio
id = pkt.getlayer(Dot1Q).id
vlan = pkt.getlayer(Dot1Q).vlan
type = pkt.getlayer(Dot1Q).type
# Do something
except:
raise `
Source: (StackOverflow)
I have been banging my head on this one for a few weeks now and am finally submitting to the fact that I just can't figure it out. I have also been working with networking engineers on my team to no avail. My problem is as follows:
I am working on an application that does pretty straight forward UDP group joins on multiple vlans (each vlan is exposed as its own virtual interface, the NIC in this case is a SolarFlare if that is relevant). All of these joins happen on a single socket (where the messages are de-duplicated based on payload sequence numbers). Prior to doing the IP_ADD_MEMBERSHIP I am setting socket options like this:
setsockopt(sock, SOL_SOCKET, SO_TIMESTAMP, &yes, sizeof yes)
setsockopt(sock, IPPROTO_IP, IP_PKTINFO, &yes, sizeof(yes))
setsockopt(sock, IPPROTO_IP, PACKET_AUXDATA, &yes, sizeof(yes))
I need to get at either the interface index via IP_PKTINFO or the vlan id via PACKET_AUXDATA in order to gather statistics downstream. Now, everything initializes without error and I am able to process UDP payloads without issue. Where I run into trouble is when I attempt to access the ancillary / control messages requested above as demonstrated with the simple debug logging:
for (cmsgptr = CMSG_FIRSTHDR(&msg);
cmsgptr != NULL;
cmsgptr = CMSG_NXTHDR(&msg, cmsgptr)) {
printf("Control Message: cmsg_level: %d, cmsg_type %d\n", cmsgptr->cmsg_level, cmsgptr->cmsg_type);
}
For every packet received, this only outputs:
Control Message: cmsg_level: 1, cmsg_type 29
For reference, SOL_SOCKET=1 and SO_TIMESTAMP=29. So, although I am requesting 3 different control message types, only the timestamping is being populated. This behavior is independent of whether I am joining a single UDP group on a single interface or multiple groups on multiple interfaces.
One solution would be to rewrite the application to put each interface on its own socket, and then funnel everything into a queue, but in my experience the context switching kills the performance of the app. According to the manual page ip(7) IP_PKTINFO has been available since Linux kernel 2.2. I am running Ubuntu 14.04.4 which uses kernel 3.13.0-24-generic.
Any help, insight or direction would be greatly appreciated!
Source: (StackOverflow)