Skip to content

Commit

Permalink
Add example for VLAN sub-interfaces
Browse files Browse the repository at this point in the history 
The example demonstrates the use case of VLANs separating application
traffic from management traffic while still utilizing the underlying
Ethernet port for untagged traffic. This scenario is not addressed
in the vlans-and-lags example.

Signed-off-by: Milan Lenco <milan@zededa.com>
  • Loading branch information
@milan-zededa
milan-zededa committed Nov 20, 2024
1 parent 68dba0e commit df4772a
Show file tree
Hide file tree
Showing 5 changed files with 529 additions and 26 deletions.
103 changes: 103 additions & 0 deletions sdn/examples/vlan-subinterfaces/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
# SDN Example with VLAN sub-interfaces

VLANs enable the segmentation of a physical network into multiple logical networks,
allowing for better traffic control, security, and resource optimization.
On EVE, the use of VLANs helps isolate the management traffic from application traffic
or even to split applications and their traffic into different logical networks.
This allows the external networks to give preferential treatment and apply different
policies as per their requirements.

VLAN configurations supported by EVE:

1. VLAN filtering for switch network instances
2. VLAN sub-interfaces used as uplinks for management traffic or for Local network instances
3. VLAN sub-interfaces over LAGs used as uplinks

In this example, we focus on the second use-case, where VLANs are used to separate management
traffic from the application traffic routed via Local network instances.

Network topology diagram:

```text
+-----+ +----------------+
| EVE |--| VLAN 10 (mgmt) |-----
+-----+ +----------------+ |
|
+------+ +--------------+ +---------+ +------+
| app1 |--| NI1 (local) |--| VLAN 20 |--| eth0 |
+------+ +--------------+ +---------+ +------+
|
+------+ +--------------+ |
| app2 |--| NI2 (local) |---<untagged>-----
+------+ +--------------+
```

Deploy example with:

```shell
make clean && make build-tests
./eden config add default
./eden config set default --key sdn.disable --value false
./eden setup --eve-bootstrap-file $(pwd)/sdn/examples/vlan-subinterfaces/device-config.json
./eden start --sdn-network-model $(pwd)/sdn/examples/vlan-subinterfaces/network-model.json
./eden eve onboard
./eden controller edge-node set-config --file $(pwd)/sdn/examples/vlan-subinterfaces/device-config.json
```

Note that VLAN IP subnets are `172.22.<VLAN-ID>.0/24`. EVE will therefore use IP address from
the subnet `172.22.10.0/24` to access the controller. Network traffic from `app1` will be NATed
to an IP address from `172.22.20.0/24` before it leaves the edge node.
`app2` will be using the underlying `eth0` interface instead of a VLAN sub-interface to access
the untagged portion of the network with subnet `192.168.77.0/24`.

Once deployed, check DHCP-assigned IPs:

```shell
./eden eve ssh
$ ifconfig vlan10
vlan10 Link encap:Ethernet HWaddr 02:FE:22:1A:87:00
inet addr:172.22.10.13 Bcast:172.22.10.255 Mask:255.255.255.0
...

$ ifconfig vlan20
vlan20 Link encap:Ethernet HWaddr 02:FE:22:1A:87:00
inet addr:172.22.20.13 Bcast:172.22.20.255 Mask:255.255.255.0

$ ifconfig eth0
eth0 Link encap:Ethernet HWaddr 02:FE:22:1A:87:00
inet addr:192.168.77.13 Bcast:192.168.77.255 Mask:255.255.255.0
...
```

Check that `app1` can access HTTP server deployed for VLAN 20 (`httpserver-20.sdn`),
but not HTTP server deployed for VLAN 10 (`httpserver-10.sdn`) or for the untagged
network (`httpserver-untagged.sdn`):

```shell
./eden eve ssh
CONSOLE="$(eve list-app-consoles | grep cee082fd-3a43-4599-bbd3-8216ffa8652d | grep CONTAINER | awk '{print $4}')"
eve attach-app-console "$CONSOLE"

app1$ curl httpserver-20.sdn/helloworld
Hello world from HTTP server for VLAN 20
app1$ curl httpserver-10.sdn/helloworld
curl: (7) Failed to connect to httpserver-10.sdn port 80 after 44 ms: Couldn't connect to server
app1$ curl httpserver-untagged.sdn/helloworld
curl: (7) Failed to connect to httpserver-untagged.sdn port 80 after 48 ms: Couldn't connect to server
```

Check that `app2` can access HTTP server deployed for the untagged network (`httpserver-untagged.sdn`),
but not HTTP server deployed for VLAN 10 (`httpserver-10.sdn`) or for VLAN 20 (`httpserver-20.sdn`):

```shell
./eden eve ssh
CONSOLE="$(eve list-app-consoles | grep 45ff198d-b295-4ff2-bf69-76977af809fd | grep CONTAINER | awk '{print $4}')"
eve attach-app-console "$CONSOLE"

app2$ curl httpserver-untagged.sdn/helloworld
Hello world from HTTP server for untagged network
app1$ curl httpserver-10.sdn/helloworld
curl: (7) Failed to connect to httpserver-10.sdn port 80 after 47 ms: Couldn't connect to server
app1$ curl httpserver-20.sdn/helloworld
curl: (7) Failed to connect to httpserver-20.sdn port 80 after 47 ms: Couldn't connect to server
```

Check failure on line 103 in sdn/examples/vlan-subinterfaces/README.md

View workflow job for this annotation

GitHub Actions / yetus 

markdownlint:MD047/single-trailing-newline Files should end with a single newline character
269 changes: 269 additions & 0 deletions sdn/examples/vlan-subinterfaces/device-config.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,269 @@
{
"deviceIoList": [
{
"ptype": 1,
"phylabel": "eth0",
"phyaddrs": {
"Ifname": "eth0"
},
"logicallabel": "ethernet0",
"assigngrp": "eth0",
"usage": 1
}
],
"vlans": [
{
"logicallabel": "mgmt-vlan",
"interfaceName": "vlan10",
"lowerLayerName": "ethernet0",
"vlanId": 10
},
{
"logicallabel": "app-vlan",
"interfaceName": "vlan20",
"lowerLayerName": "ethernet0",
"vlanId": 20
}
],
"networks": [
{
"id": "6605d17b-3273-4108-8e6e-4965441ebe01",
"type": 4,
"ip": {
"dhcp": 4
}
},
{
"id": "b970ac70-2ef7-4c6b-8bb8-ff8626321313",
"type": 4,
"ip": {
"dhcp": 2
}
}
],
"systemAdapterList": [
{
"name": "mgmt-vlan",
"uplink": true,
"networkUUID": "6605d17b-3273-4108-8e6e-4965441ebe01"
},
{
"name": "app-vlan",
"networkUUID": "6605d17b-3273-4108-8e6e-4965441ebe01"
},
{
"name": "ethernet0",
"networkUUID": "6605d17b-3273-4108-8e6e-4965441ebe01"
}
],
"networkInstances": [
{
"uuidandversion": {
"uuid": "9ca83da9-94e8-48b4-9ae8-3f188c5c694a",
"version": "1"
},
"displayname": "ni1",
"instType": 2,
"activate": true,
"port": {
"type": 1,
"name": "app-vlan"
},
"ipType": 1,
"ip": {
"subnet": "10.50.10.0/24",
"gateway": "10.50.10.1",
"dns": [
"10.50.10.1"
],
"dhcpRange": {
"start": "10.50.10.2",
"end": "10.50.10.254"
}
}
},
{
"uuidandversion": {
"uuid": "0125b9fa-9054-446d-9e9a-1b99175d24a7",
"version": "1"
},
"displayname": "ni2",
"instType": 2,
"activate": true,
"port": {
"type": 1,
"name": "ethernet0"
},
"ipType": 1,
"ip": {
"subnet": "10.50.77.0/24",
"gateway": "10.50.77.1",
"dns": [
"10.50.77.1"
],
"dhcpRange": {
"start": "10.50.77.2",
"end": "10.50.77.254"
}
}
}
],
"apps": [
{
"uuidandversion": {
"uuid": "cee082fd-3a43-4599-bbd3-8216ffa8652d",
"version": "1"
},
"displayname": "app1",
"fixedresources": {
"memory": 512000,
"maxmem": 512000,
"vcpus": 1,
"virtualizationMode": 1
},
"drives": [
{
"image": {
"uuidandversion": {
"uuid": "398710ca-bf4f-46b0-b012-0d4e32214ba4",
"version": "1"
},
"name": "lfedge/eden-eclient:8a279cd",
"iformat": 8,
"dsId": "f204830d-cce1-4316-aa5e-3e8567cd09a9"
}
}
],
"activate": true,
"interfaces": [
{
"name": "eth0",
"networkId": "9ca83da9-94e8-48b4-9ae8-3f188c5c694a",
"acls": [
{
"matches": [
{
"type": "ip",
"value": "0.0.0.0/0"
}
],
"id": 1
}
]
}
],
"volumeRefList": [
{
"uuid": "d8fe3e53-cc6c-4cee-8562-b406a1a8ada7",
"mount_dir": "/"
}
]
},
{
"uuidandversion": {
"uuid": "45ff198d-b295-4ff2-bf69-76977af809fd",
"version": "1"
},
"displayname": "app2",
"fixedresources": {
"memory": 512000,
"maxmem": 512000,
"vcpus": 1,
"virtualizationMode": 1
},
"drives": [
{
"image": {
"uuidandversion": {
"uuid": "3eec1356-a469-43e3-80e2-67467d06deaf",
"version": "1"
},
"name": "lfedge/eden-eclient:8a279cd",
"iformat": 8,
"dsId": "f204830d-cce1-4316-aa5e-3e8567cd09a9"
}
}
],
"activate": true,
"interfaces": [
{
"name": "eth0",
"networkId": "0125b9fa-9054-446d-9e9a-1b99175d24a7",
"acls": [
{
"matches": [
{
"type": "ip",
"value": "0.0.0.0/0"
}
],
"id": 1
}
]
}
],
"volumeRefList": [
{
"uuid": "cee944a3-ae6f-4887-9d8d-adcc0ed02370",
"mount_dir": "/"
}
]
}
],
"volumes": [
{
"uuid": "d8fe3e53-cc6c-4cee-8562-b406a1a8ada7",
"origin": {
"type": 2,
"downloadContentTreeID": "63d3b01f-f44f-4007-ba33-6e720bd52992"
},
"displayName": "app1-volume"
},
{
"uuid": "cee944a3-ae6f-4887-9d8d-adcc0ed02370",
"origin": {
"type": 2,
"downloadContentTreeID": "63d3b01f-f44f-4007-ba33-6e720bd52992"
},
"displayName": "app2-volume"
}
],
"contentInfo": [
{
"uuid": "63d3b01f-f44f-4007-ba33-6e720bd52992",
"dsId": "f204830d-cce1-4316-aa5e-3e8567cd09a9",
"URL": "lfedge/eden-eclient:8a279cd",
"iformat": 8,
"displayName": "eden-eclient"
}
],
"datastores": [
{
"id": "f204830d-cce1-4316-aa5e-3e8567cd09a9",
"dType": 5,
"fqdn": "docker://index.docker.io"
}
],
"configItems": [
{
"key": "newlog.allow.fastupload",
"value": "true"
},
{
"key": "timer.config.interval",
"value": "10"
},
{
"key": "timer.download.retry",
"value": "60"
},
{
"key": "debug.default.loglevel",
"value": "debug"
},
{
"key": "debug.disable.dhcp.all-ones.netmask",
"value": "false"
}
]
}
Loading

0 comments on commit df4772a

Please sign in to comment.