17 October 2010

VLAN Tagged Interfaces (Solaris)

In order to use VLAN tagged interfaces in Solaris, one simply needs to
have an interface capable of handling VLAN tagging (can be determined by
the man page of the interface driver, ex: man bge, as well as man dladm).
Providing an interface supportive of VLAN tagging, one may configure the
interface in question.  (Note, it is assumed that the network port on
the switch, etc, has already been configured to support multiple VLANs.
If not, please discuss with Network Engineering.)  A VLAN tagged interface
is configured and managed primarily the same way that a standard interface
is, though with minor differences.  To configure the interface, there
are several bits of information one must be aware of:

- configured VLAN
  - the host's physical network interface to which the VLAN tagged
  - the host's physical network interface to which the VLAN tagged
    connection is connected to
  - the network configured relative to said VLAN

As an example, the connection going to bge1 is a VLAN tagged connection.
The vlan configured is 487, supporting network 192.19.20.0/24.  The following
commands will initialize the new interface to support this:

  /usr/sbin/ifconfig bge1 plumb
  /usr/sbin/ifconfig bge1 up
  /usr/sbin/ifconfig bge487001 plumb
  /usr/sbin/ifconfig bge487001 192.19.20.54 netmask 255.255.255.0 broadcast + up

The first line simply creates the bge1 interface (assuming it is not
already available) with the second line bringing bge1 online, though
unconfigured.  The third line creates a VLAN tagged interface on bge1
for VLAN 487.  Line four configures the new interface (bge487001) to
IP address 192.19.20.54 with a class c netmask.  The naming involved in
this interface is the determinable factor in which vlan the interface
is associated with.  A break down of how this name is composed is:

  driver-name + VLAN_ID * 1000 + device-instance

                        thus

        bge + 487 * 1000 + 1 = bge487001

This restriction of interface naming in Solaris allows for one to
easily determine what the parent interface is (bge1) and to what VLAN
the interface functions on (487).  Of note, in order to use the VLAN
tagged interface, the parent interface (bge1) must be online (up).

To bring a VLAN tagged interface up at boot time, it is handled the
same way that any other Solaris network interface would be managed.
In the above scenario, there would be a file at /etc/hostname.bge1 and
another at /etc/hostname.bge487001.  The contents of hostname.bge1 would
essentially configure the interface to a null IP address and bring it up:

        0.0.0.0
        up

The contents of hostname.bge487001 would contain the following:

        HOSTNAME
        netmask 255.255.255.0 broadcast + up

(HOSTNAME in line 1 is relative to the hostname to which the intended IP
address assigned would resolve as through /etc/hosts, etc.  Alternatively,
one may simply present an IP address instead of HOSTNAME.)

Notes

During VLAN configuration, you have to specify the physical point of attachment, 
or PPA, of the VLAN. You obtain the PPA value by using this formula:

        driver-name + VID * 1000 + device-instance

Note that the device-instance number must be less than 1000.

For example, you would create the following PPA for a ce1 interface to be 
configured as part of VLAN 456:

        ce + 456 * 1000 + 1 = ce456001
see also:
    VLAN Tagging and Vanity Naming in Solaris 11

10 comments:

Matthew said...

your maths is slightly out ... 487 * 1000 = 487000.

Therfore the interface would be bge4870001

troy said...

Matthew,

I appreciate the comment. Specifically though, the math is '487 * 1000 + 1', thus 487000 as you have, and add (not append) the device instance to that value. So the value is as I've shown, 487001, begetting bge487001. To show this, after setting up another interface (e1000g2) on another Solaris host for vlan 487, I've run 'dladm show-link | grep 487':

  host [0] dladm show-link | grep 487
  e1000g487002    type: vlan 487  mtu: 1500      device: e1000g2

Hope this helps.

-troy

arimanaen said...

like this guide, help me to troubleshoot customer problem. Thank you.

troy said...

arimanaen,

That's great to hear. I'm glad the post was useful for you.

--troy

Anonymous said...

i just didn't know how to tagg an interface and with your help, now i can and it works the firs time i try.thanks a lot ;o).

troy said...

Anonymous,

You're very welcome, I'm glad the write up was useful.

--troy

Anonymous said...

Useful info and simple and clear explanation...

Thanks You Troy.

--Yogesh

troy said...

You're welcome, Yogesh.

--troy

Anonymous said...

Hi! i have an interface already konfigured without vlan in an LDOM

now the customer need to use vlan(s) on that interface ..

what is the best way to do it

troy said...

Anonymous,

Regarding LDOM and vlan handling, I'm really not sure as my experience with LDOMs is limited. I'd say if the guest has full control over the interface, than I wouldn't expect it to be much different, if at all, than detailed here. I suspect this isn't the case though. Is there anything in the docs on relevant? If you find an answer to this, I'd like to hear it as well. Sorry I couldn't be of further assistance.

--troy