On Fri, Feb 28, 2020 at 8:11 PM Daniel Frey <djqf...@gmail.com> wrote: > > Thanks for the detail, I've just ordered an RPi4B to mess around with. > It would be helpful to move DNS etc off my home server as I'm trying to > separate everything into VLANs. >
Keep in mind that Linux supports VLAN tagging, so if you set up your switch to trunk your server you can have containers or even services on multiple VLANs on the same host. I have this configured via systemd-networkd - I'm sure you could do it with various other network managers as well. I just have a bridge for each VLAN and then I can attach container virtual ethernet interfaces to the appropriate VLAN bridge for each container. KVM uses bridges and it should be just as easy to put VMs on the appropriate bridges. If you assign IPs on the host to each VLAN interface then as long as the VLANs don't have conflicting IP addresses you can just attach services to the appropriate VLANs by binding to their addresses. A service that binds to 0.0.0.0 or to multiple addresses would listen on all of them. Now, if your VLANs have conflicting address spaces then I'd probably just stick to containers so that no host actually sees conflicting IPs, otherwise you're probably going to have to go crazy with iproute2 and netfilter to get all the packets going to the right places. And all of that should work from a Pi as well as long as long as you enable CONFIG_VLAN_8021Q. You also need to make sure the tagged VLAN traffic is passed from the switch (which is not what you normally want to do for a non-VLAN-aware host where you would filter out all but one VLAN and remove the tag). I run my DHCP server on a Pi so that it is more independent. -- Rich
