2

I have read a few posts here on NOT using tagged vlans in KVM because of the emulated e1000 drivers, but I have a situation where I need to use tagged vlans. Because of this we used SR-IOV enabled machines and adapters since this allows us to install the full Virtual Function driver from Intel (and this allows our powershell/wmi scripts to manage the vlans).

I am not a KVM/Linux admin, I understand Windows and VMWare a lot more, but our linux guy who set this all up is no longer available and I have to figure out why we can't get tagged vlans to pass through the KVM bridges(yeah, I know, sr-iov means we should be completely bypassing bridges or vswitches and such... but I am not exactly sure how it works in KVM). Is there configuration that I need to change on the KVM hosts to allow the vlan tagging to pass through? I am willing to research but am not sure where to even start.

I willpost configurations and such as necessary, by request, to facilitate this discussion if tagged vlan support is actually something I can do in kvm.

Greg Mason
  • 187
  • 1
  • 1
  • 9
  • I'd walk through [the docs](https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization_Host_Configuration_and_Guest_Installation_Guide/sect-Virtualization_Host_Configuration_and_Guest_Installation_Guide-SR_IOV-How_SR_IOV_Libvirt_Works.html) and make sure that the virtual function was configured correctly. – Michael Hampton Aug 28 '13 at 22:25

1 Answers1

2

I have read a few posts here on NOT using tagged vlans in KVM because of the emulated e1000 drivers, but I have a situation where I need to use tagged vlans. Because of this we used SR-IOV enabled machines and adapters since this allows us to install the full e1000 driver from the manufacturer (and this allows our powershell/wmi scripts to manage the vlans).

Why not simply use virtio? e1000 is emulated, this is why virtio has been created in the first place.

So, if you simply need to have VLAN tagged traffic inside VMs, you simply tag it in the VMs. The common practice though, is to build the bridge on top of a tagged interface or bond on the host, and attach the VMs that need to be on that VLAN to that bridge.

dyasny
  • 18,802
  • 6
  • 49
  • 64
  • I mispoke, we installed the Intel Virtual Function driver for the port, which comes with the full wmi support for creating the VLANs in the VM itself. Also, we can't use the virtio because its a paravirtualized driver, we need the reduced latency that SR-IOV gives us. – Greg Mason Aug 29 '13 at 22:01
  • That's a different thing, just using SRIOV's complexity to have VLANs is quite redundant, but if you're running latency-bound loads, it starts making sense. If you use a Cisco UCS, you can switch to an even better tech - VMFEX. I any case, the way this works, is you create a macvtap device which gets attached to the VIF, not bridges involved. You need to edit the libvirt domxml file, get the VF's PCI bus address and attach to it directly. – dyasny Aug 29 '13 at 22:17
  • Ugh... well thank you so much for your responses :) It is sort of the answer I was afraid to hear. We don't have Cisco switches in this use case for internal reasons but we do have an equivalent solution. Looks like our existing automation is going to take an initial hit to get this accomplished. – Greg Mason Aug 31 '13 at 19:30