Adding VLAN tags to ports of an unmanaged openvswitch bridge

joko · October 4, 2017, 12:10pm

Hello,

I would like to add automatically specific VLAN tags on some LXD containers which use an openvswitch bridge. The bridge is not managed by LXD, but for the time being it is not a heavy constraint. Is such thing possible?

Supposedly I could run something like:

ovs-vsctl set port vethP5V71N@if171 tag=200

or if I have access to the actual initialization:

ovs-vsctl add-port br0 vethP5V71N@if171 tag=200

Gilbert_Standen · October 30, 2017, 5:29pm

Hi joko,

It appears there was no reply so here is what we do hth. First visit our github Orabuntu-LXC which is build on LXC and OpenvSwitch.

There you will see that we use the following entries in the config file of the lxc container as shown:

lxc.network.script.up = /etc/network/if-up.d/openvswitch/ora73c10-pub-ifup-sw1
lxc.network.script.down = /etc/network/if-down.d/openvswitch/ora73c10-pub-ifdown-sw1
lxc.network.veth.pair = ora73c10

where

root@oowul:/var/lib/lxc/ora73c10# cat /etc/network/if-up.d/openvswitch/ora73c10-pub-ifup-sw1
!/bin/bash
ovsBr=‘sw1’
ovs-vsctl add-port ${ovsBr} $5
ovs-vsctl set port $5 tag=10
root@oowul:/var/lib/lxc/ora73c10# cat /etc/network/if-down.d/openvswitch/ora73c10-pub-ifdown-sw1
!/bin/bash
ovsBr=‘sw1’
sudo ovs-vsctl del-port ${ovsBr} $5
function CheckPortExists
{
sudo ovs-vsctl show | grep “$5” | grep Port | sed ‘s/^[ \t]//;s/[ \t]$//’ | cut -f2 -d’ ’ | sed ‘s/"//g’
}
PortExists=$(CheckPortExists)
if [ “$PortExists” = “$5” ]
then
sudo ovs-vsctl del-port ${ovsBr} $5
fi
sudo ip link del $5
root@oowul:/var/lib/lxc/ora73c10#

These commands will put the vlan tag on the openvswitch port at runtime when the container comes up and will optionally with the user of lxc.network.veth.pair give the veth pair a meaningful name other than the machine generated vethXyZwuV cyborg-type random name.

Note, as I recall this may not work on LXD and I had logged some tickets and notes that LXD does not seem to have a streamlined way to do VLAN tagging (it must be added after the interface is up, by some semi-manual or scripted add-on outside of LXD config I think).

Reference here: https://github.com/lxc/lxd/issues/3414

Anyway, maybe this will help.
Thanks,

Gilbert