17.16. Setting vLAN Tags
virtual local area network (vLAN) tags are added using the
virsh net-edit
command. This tag can also be used with PCI device assignment with SR-IOV devices. For more information, see Section 16.2.3, “Configuring PCI Assignment with SR-IOV Devices”.
<network> <name>ovs-net</name> <forward mode='bridge'/> <bridge name='ovsbr0'/> <virtualport type='openvswitch'> <parameters interfaceid='09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f'/> </virtualport> <vlan trunk='yes'> <tag id='42' nativeMode='untagged'/> <tag id='47'/> </vlan> <portgroup name='dontpanic'> <vlan> <tag id='42'/> </vlan> </portgroup> </network>
Figure 17.30. vSetting VLAN tag (on supported network types only)
If (and only if) the network type supports vlan tagging transparent to the guest, an optional
<vlan>
element can specify one or more vlan tags to apply to the traffic of all guests using this network. (openvswitch and type='hostdev' SR-IOV networks do support transparent vlan tagging of guest traffic; everything else, including standard linux bridges and libvirt's own virtual networks, do not support it. 802.1Qbh (vn-link) and 802.1Qbg (VEPA) switches provide their own way (outside of libvirt) to tag guest traffic onto specific vlans.) As expected, the tag attribute specifies which vlan tag to use. If a network has more than one <vlan>
element defined, it is assumed that the user wants to do VLAN trunking using all the specified tags. If vlan trunking with a single tag is required, the optional attribute trunk='yes' can be added to the vlan element.
For network connections using openvswitch it is possible to configure the 'native-tagged' and 'native-untagged' vlan modes. This uses the optional nativeMode attribute on the
<tag>
element: nativeMode may be set to 'tagged' or 'untagged'. The id attribute of the element sets the native vlan.
<vlan>
elements can also be specified in a <portgroup>
element, as well as directly in a domain's <interface>
element. If a vlan tag is specified in multiple locations, the setting in <interface>
takes precedence, followed by the setting in the <portgroup>
selected by the interface config. The <vlan>
in <network>
will be selected only if none is given in <portgroup>
or <interface>
.