1

I have a host with two physical interfaces, which are in a bond0 and that bond0 is connected to bridge br0. On that bridge I have VLAN subinterfaces (without IP addresses). I need somehow to connect KVM guests via trunk (they will have only one interface, but will need multiple VLANs) to that bridge. But every guest will need different VLANs and I don't want to send all of them to every guest for security purposes - guests will have different admins and we don't want them just to create a subinterface to accept traffic for that VLAN.

So I was thinking of creating a separate bridge for each individual guest, but I cannot connect them to the "main" bridge br0 itself (as I understand it's not allowed to connect bridge to bridge). Is there some way to manage it via NetworkManager maybe? Or is there any other utility for this?

All the solutions I found only concern one VLAN to guest, or multiple interfaces on guest which I cannot use.

Glorfindel
  • 805
  • 2
  • 10
  • 19
neechee-nka
  • 11
  • 1
  • 2
    the linux standard bridge has been VLAN-capable for years, see e.h. [here](https://unix.stackexchange.com/questions/556735/linux-vlan-aware-bridges-and-trunk-ports), you just need to set /sys/class/net/eth0_bridge/bridge/vlan_filtering to 1. Doesn't it's capabilities cover your workflow needs? Ths [Howto](https://blog.sdn.clinic/2018/12/vlan-aware-bridges-on-linux/) looks completish. – Alex Stragies Jul 05 '20 at 19:43
  • Sorry for late response, thank you, it did solve my problem, I had to setup the guest NICs accordingly so it took me few days to figure it out. But the VLANs which are passed in the trunk (on the host) via command `#bridge vlan add vid ... dev ...` are not permanent. I also could not find in which files the changes are made (so I could just copy them when creating the server with Ansible etc). Is there any permanent solution? – neechee-nka Jul 13 '20 at 08:39

0 Answers0