I have an application that needs both VLANs and bonding at the same time
and I'm having trouble getting it to work.
System is Dell R610 and Devuan 2.0 ("ASCII"). The machine is operating
as a firewall and has duplicated Ethernet on the outside and inside.
Duplication is for resilience, not performance.
The bonding driver works fine on the outside and works fine on the
inside for a single, non-VLAN, network - however my problem is that I
need to implement the legacy inside network on VLAN 1, a new internal
network on VLAN 10 and a guest network on VLAN 99, hence I need "VLAN
over bonding".
I have a similar setup at home where I just have straight Ethernet
interfaces (no bonding) and the VLANs work fine on eth1.1, eth1.145,
eth1.99 etc.
I have module '8021q' loaded and package 'vlan' installed (to get
'vconfig' executable).
Interface bond0 is the 'outside' and doesn't use VLAN and is fine.
Interface bond1 is the 'inside' and needs to be brought up without any
untagged IP and three VLAN interfaces are needed:
bond1.1 for legacy 192.168.1.0/24 traffic
bond1.10 for new 10.10.0.0/16 traffic
bond1.99 for secure guest traffic on 192.168.99.0/24
I have tried various incantations of configs in /etc/network/interfaces
and don't seem to be able to get the VLAN over Bond to work. I have
tried with and without hints like "vlan-raw-device bond1" and
with/without explicit 'vconfig' entries to try to force configuration of
the VLANs and just about every combination seen on StackExchange etc.
With /etc/network/interfaces as shown (below) the system boots, doesn't
output any errors, bond1 comes up with no IPv4 address, and only an
FE80:: link-local IPv6 address.
Doing:
cat /proc/net/vlan/status
shows that no VLANs are configured.
Am I missing something or are the network startup scripts not able to
configure VLAN over Bond? They work just fine for VLAN over plain Eth?
Mike
PS. IP addresses redacted/changed to protect the innocent.
#
# Loopback
#
auto lo
iface lo inet loopback
#
# Outside (Internet)
#
auto bond0
iface bond0 inet static
address 195.xx.yy.2
netmask 255.255.255.192
gateway 195.xx.yy.1
bond-mode 1
bond-miimon 100
bond-slaves eth0 eth1
bond-primary eth0
iface bond0 inet6 static
pre-up modprobe ipv6
address 2999:2222:1999::2
netmask 64
gateway 2999:2222:1999::1
#
# Inside bonding interface
#
auto bond1
iface bond1 inet manual
pre-up modprobe 8021q
post-up vconfig add bond1 1
post-up vconfig add bond1 10
post-up vconfig add bond1 99
bond-mode 1
bond-miimon 100
bond-slaves eth2 eth3
bond-primary eth2
#
# Inside VLAN1 - Legacy 192.168.1.0/24
#
iface bond1.1 inet static
address 192.168.1.1
netmask 255.255.255.0
vlan-raw-device bond1
iface bond1.1 inet6 static
pre-up modprobe ipv6
address 2999:2222:1999:8000::1
netmask 64
vlan-raw-device bond1
#
# Inside new VLAN10 - 10.10.0.0/16
#
iface bond1.10 inet static
address 10.10.0.1
netmask 255.255.0.0
vlan-raw-device bond1
iface bond1.10 inet6 static
pre-up modprobe ipv6
address 2999:2222:1999:8010::1
netmask 64
vlan-raw-device bond1
#
# VLAN99 - Insecure/Guest use
#
iface bond1.99 inet static
address 192.168.99.1
netmask 255.255.255.0
vlan-raw-device bond1
iface bond1.99 inet6 static
pre-up modprobe ipv6
address 2999:2222:1999:9900::1
netmask 64
vlan-raw-device bond1
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
