Xen + VLAN on Debian

Here’s how I put a Xen DomU on a VLAN in Debian.

eth0 is connected to a trunk port on the switch, and the untagged vlan is used for dom0 connectivity. You shoud already know how to do this part. Tagged VLANs are assigned to bridge groups on the dom0. In your /etc/network/interfaces do the following:

# dom0 management on the untagged vlan
allow-hotplug eth0
iface eth0 inet static
    address 1.2.3.4
    netmask 255.255.255.0
    gateway 1.2.3.4

# vlan 3
auto br_group_a
iface brgroupa inet manual
    bridge_fd 0
    bridge_maxwait 0
    bridge_helo 90
    bridge_stp on
    bridge_ports eth0.3

# vlan 4
auto br_group_b
iface brgroupb inet manual
    bridge_fd 0
    bridge_maxwait 0
    bridge_helo 90
    bridge_stp on
    bridge_ports eth0.4

Debian will create the vlans and bridges from the above if you have the vlan and bridge-utils packages installed (it adds the automagic hooks in /etc/network/if-pre-up.d). Use “brctl show” to view your bridges. Then, to attach a DomU to one of those bridges, define the vif like this in your guest config file:

vif = ['mac=00:00:00:00:00:00, bridge=br_group_a, vifname=vif_server1']

I like to use static MAC addresses, so edit to your taste. That’s pretty much it. Anything attached to that bridge is on the same layer 2 network as the rest of the VLAN. Wasn’t that easier than all the weird convoluted instructions you normally find for Xen networking?

For those of you curious what my switch trunk configuration looks like, it’s a Cisco:

interface FastEthernet0/##
 description my xen server
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport trunk allowed vlan 1,3,4,10,1002-1005
 switchport mode trunk
 no cdp enable
end

VLAN 3 and 4 are for the Xen DomU guests, and VLAN 10 is for the Dom0.