There is a frustrating lack of information on how to set up multiple VLAN interfaces on a KVM host out there. I made my way through it in production today with great applications of thud and blunder; here’s an example of a working 01-netcfg.yaml with multiple VLANs on a single (real) bridge interface, presenting as multiple bridges.
Everything feeds through properly so that you can bring KVM guests up on br0 for the default VLAN, br100 for VLAN 100, or br200 for VLAN 200. Adapt as necessary for whatever VLANs you happen to be using.
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eno1:
dhcp4: no
dhcp6: no
eno2:
dhcp4: no
dhcp6: no
vlans:
br0.100:
link: br0
id: 100
br0.200:
link: br0
id: 200
bridges:
br0:
interfaces:
- eno1
- eno2
dhcp4: no
dhcp6: no
addresses: [ 10.0.0.2/24 ]
gateway4: 10.0.0.1
nameservers:
addresses: [ 8.8.8.8,1.1.1.1 ]
br100:
interfaces:
- br0.100
dhcp4: no
dhcp6: no
addresses: [ 10.0.100.1/24 ]
br200:
interfaces:
- br0.200
dhcp4: no
dhcp6: no
addresses: [ 10.0.200.1/24 ]
Just wanted to say thank you for posting this! I’ve been banging my head on this for past few hours and this help me sort out my issues. 🙂
Thanks for sharing this! I’ve been a little puzzled as to how to configure netplan with VLANs for my KVM box in 18.04, and this did the trick.
Thanks a lot for sharing this. Agree it is very difficult to find useful info on netplan.
This was exactly what I needed to setup my pfSense(guest) on Ubuntu(host) with KVM. Below is my config.
vlans:
vlan10:
accept-ra: no
id: 10
link: br-lan0
bridges:
br-wan:
interfaces: [eth1]
dhcp4: no
dhcp6: no
parameters:
stp: false
br-lan0:
interfaces: [eth0]
dhcp4: no
dhcp6: no
parameters:
stp: false
br-lan10:
interfaces: [vlan10]
addresses: [192.168.10.10/24]
gateway4: 192.168.10.1
nameservers:
addresses: [192.168.10.1]
parameters:
stp: false
Hey Jim, I always have trouble in Ubuntu using KVM, with bridge network, the problem is that the VM’s can’t reach the network, only the host, they don’t get DHCP, etc.
To fix it I have to set the following configuration on sysctl.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 1
From my understanding this make bridge incoming and outgoing packet skip iptables, the problem is that if y set this values in the sysctl configuration. It doesn’t work, because at boot, when sysctl is loaded, the bridge hasn’t been created and therefore it ignores that part of the configuration. To solve this, everytime the host boots, I have to call `sysctl -p /etc/sysctl.d/bridge.conf` and then it works.
So I wanted to ask you how do you deal with this, I’m guessing I’m configuring something wrong.
Here’s an article that talks about it https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf
One recommended solution is a udev rule, to call sysctl once the bridge device shows, up.
Any Help appreciated, I enjoy all JupyterBroadcasting podcast you show up! And now 2.5 Admins!
Hi,
thanks for posting.
Is it possible to leave br0 without ip because I am connecting server to switches with dot1q trunk so default vlan will not work.
bridges:
br0:
interfaces:
– eno1
– eno2
Thank you for this. It is very useful.
So, if I understood this correctly, Everything that is on br0 only (10.0.0.2/24) is untagged or part of a native VLAN and everything which comes in as br0.100(10.0.100.1/24) or br0.200(10.0.200.1/24) is VLANs 100 and 200 respectively, correct?
Will the guests see the three bridges as three separate interfaces which are available?
And my last question is, does the host need to have IPs in all the VLANs, or could the address fields be left empty for the guests to get their own IPs, in these VLANs, but not the host?