There are a lot of old blog posts out there to getting KVM guests to use different vlans via openvswitch. There are a lot that tell you to create fake bridges or create the ports via ovs-vsctrl and add tell libvirt to use that created interface or portgroup. Then there are almost no blogs that really say, when you setup openvswitch, this is how you make the interface settings stick. The correct way to do it is this basic flow
When the guest starts if the interface for the vlan isn’t created it will auto create it in openvswitch for you. So this works with Ubuntu 14.04 This also assumes bonding is setup via LACP on the host. It works the same if you just have a single interface like eth0. Just remove all the bond options. So my starting ifconfig for my bond0 device looks something like
bond0 Link encap:Ethernet HWaddr 00:25:90:ed:dc:f0
inet addr:10.128.7.121 Bcast:10.128.7.255 Mask:255.255.255.0
inet6 addr: fe80::f1:41ff:fe72:a331/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:713943 errors:0 dropped:0 overruns:0 frame:0
TX packets:390750 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:49037015 (49.0 MB) TX bytes:674651803 (674.6 MB)
So the first thing we want to do is install openvswitch-switch apt-get install openvswitch-switch
Now we need to create a bridge in openvswitch ovs-vsctrl add-br br0
Now we need to add our working interface to the bridge. THIS WILL CAUSE YOUR CONNECTION TO DROP. Do not run this command if you don’t have remote KVM access or on the console. ovs-vsctrl add-port br0 bond0
Now that we have a bridge setup we need to give it IP information
ifconfig bond0 0
ifconfig br0 10.128.7.121 netmask 255.255.255.0
route add default gw 10.128.7.1
So now your bridge interface is up and it uses bond0 still. We gave it the same IP information. Now lets setup your the following file so the system reboots correctly
# The loopback network interface
auto lo
iface lo inet loopback
auto p1p1
iface p1p1 inet manual
bond-master bond0
auto p1p2
iface p1p2 inet manual
bond-master bond0
auto bond0
allow-br0 bond0
iface bond0 inet manual
bond-mode 4
bond-miimon 100
bond-lcap-rate 1
xmit_hash_policy layer3+4
bond-slaves none
ovs_bridge br0
ovs_type OVSPort
pre-up ifconfig $IFACE up
post-down ifconfig $IFACE down
address 0.0.0.0
auto br0
allow-ovs br0
iface br0 inet static
address 10.128.7.121
netmask 255.255.255.0
gateway 10.128.7.1
dns-nameservers 10.128.7.4 10.128.7.5
ovs_type OVSBridge
ovs_ports br0
pre-up ifconfig $IFACE up
post-down ifconfig $IFACE down
The big things to add/change are as follows
Now that’s all set you can run reboot and the bridge should come up just fine Now lets create a network. Here is my sample network file. It creates a network with an un-tagged port and 2 other ports that get tagged with vlans 2 and 3
<network>
<name>vlans</name>
<uuid>4216c8df-349d-4a32-a6ae-533135a9d682</uuid>
<forward mode='bridge'/>
<bridge name='br0'/>
<virtualport type='openvswitch'/>
<portgroup name='vlan-01' default='yes'>
</portgroup>
<portgroup name='vlan-02'>
<vlan>
<tag id='2'/>
</vlan>
</portgroup>
<portgroup name='vlan-03'>
<vlan>
<tag id='3'/>
</vlan>
</portgroup>
</network>
So you’ll want to change the name of the network group and also the vlan info. My first vlan is un-tagged. and the next two are tagged. So create a file called vlans.xml and put that in now we can load it in libvirt
virsh net-define ./vlans.xml
virsh net-start vlans
virsh net-autostart vlans
Once that is all setup you can define an interface like
<interface type='network'>
<source network='vlans' portgroup='vlan-02'/>
</interface>
So my example if I show my running set looks like
root@vmnode2:~# ovs-vsctl show
19655270-bcee-4b57-b2d5-5a180da422a8
Bridge "br0"
Port "vnet1"
tag: 3
Interface "vnet1"
Port "br0"
Interface "br0"
type: internal
Port "bond0"
Interface "bond0"
Port "vnet0"
tag: 2
Interface "vnet0"
ovs_version: "2.0.1"
This way we don’t have to tell the guests to tag their traffic going out and we just have openvswitch tag the traffic. One gotcha might be your hardware switch has to know about the vlan ids even if you trunk the port the KVM host is connected to. In cisco that is like
vlan 2
name WebVlan
exit
Simple as that.