Linux vlan over bridge demo, VLAN bond bridge

bond_vlan_bridge.md

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/sec-vlan_on_bond_and_bridge_using_ip_commands

To use VLANs over bonds and bridges, proceed as follows:

1. Add a bond device as root:

ip link add bond0 type bond
ip link set bond0 type bond miimon 100 mode active-backup
ip link set em1 down
ip link set em1 master bond0
ip link set em2 down
ip link set em2 master bond0
ip link set bond0 up

2. Set VLAN on the bond device:

ip link add link bond0 name bond0.2 type vlan id 2
ip link set bond0.2 up

3. Add the bridge device and attach VLAN to it:

ip link add br0 type bridge
ip link set bond0.2 master br0
ip link set br0 up

config.sh

# enslave eth1 with bridge
dev=eth1
cidr=$(ip -4 add show dev $dev | grep inet | grep -v 127.0.0.1 | awk '{print $2}' | head -n 1)
br=docker
gateway=$(ip r | grep default | awk '{print $3}')
mac=$(cat /sys/class/net/${dev}/address)
echo dev $dev, br $br, gateway $gateway, cidr $cidr, mac $mac
ip link add $br type bridge
ip link set $br address $mac
ip addr del $cidr dev $dev; ip addr add $cidr dev $br;ip link set $dev master $br; ip link set $br up; ip route del default via $gateway dev $dev; ip route add default via $gateway dev $br

# rollback eth0 as a slave of bridge br0
cidr=172.19.0.42/20
dev=eth0
br=br0
gateway=172.19.0.1
ip link set $dev nomaster; ip addr del $cidr dev $br; ip addr add $cidr dev $dev; ip route del default via $gateway dev $br; ip route add default via $gateway dev $dev

veth.sh

ip=10.0.0.2
ip netns add ctn
ip link add v1 type veth peer name v2
tc qdisc replace dev v2 root pfifo limit 100; ifconfig v2 txqueuelen 0; tc qdisc del dev v2 root;
tc qdisc replace dev v1 root pfifo limit 100; ifconfig v1 txqueuelen 0; tc qdisc del dev v1 root;
ip link set v1 mtu 1500
ip link set v2 mtu 1500
ip link set v2 up
ip link set v1 netns ctn
ip netns exec ctn ip add add $ip/32 dev v1
ip netns exec ctn ip link set v1 up
ip netns exec ctn ip link set lo up
ip netns exec ctn ip r add 169.254.0.1 dev v1 scope link
ip netns exec ctn ip r add default via 169.254.0.1 dev v1 scope global
ip netns exec ctn ip n add 169.254.0.1 dev v1 lladdr `cat /sys/class/net/v2/address`
ip route add $ip dev v2

vlan.sh

# Creates a vlan with vlan id $vlanid ontop of $eth
# and connect to a network namespace with the help of
# a bridge and a veth pair
function vlan() {
    vlan="$eth.$vlanid"
    ns="ns$vlanid"
    br="br$vlanid"
    
    ip link add link $eth name $vlan type vlan id $vlanid
    ip link add dev $br type bridge
    ip link set $vlan master $br
    ip link set dev $vlan up
    ip link set dev $br up
    mkdir -p /var/run/netns
    ip netns add $ns
    ip link add q$ns type veth peer name r$ns
    ip link set q$ns master $br
    ip link set q$ns up
    ip link set r$ns netns $ns
    ip netns exec $ns ip link set dev r$ns name eth0
    ip netns exec $ns ip link set eth0 up
    ip netns exec $ns ip addr add $ipcidr dev eth0
}

# on host 1
vlanid="3"
eth="eth0"
ipcidr="192.168.3.2/16"
vlan

# on host 2
vlanid="3"
eth="eth0"
ipcidr="192.168.3.3/16"
vlan

# on host 1
ip netns exec ns2 ping 192.168.3.2

# successful result example
root@2f169f9a6c9f:/# ip netns exec ns3 ping 192.168.3.3
PING 192.168.3.3 (192.168.3.3) 56(84) bytes of data.
64 bytes from 192.168.3.3: icmp_seq=1 ttl=64 time=0.058 ms
64 bytes from 192.168.3.3: icmp_seq=2 ttl=64 time=0.065 ms
64 bytes from 192.168.3.3: icmp_seq=3 ttl=64 time=0.118 ms
64 bytes from 192.168.3.3: icmp_seq=4 ttl=64 time=0.095 ms
64 bytes from 192.168.3.3: icmp_seq=5 ttl=64 time=0.079 ms


root@cb37293169b9:/# tcpdump -vv -n -s 0 -e -i eth0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
12:21:48.523443 46:ca:7f:bd:fd:6c > f2:48:df:b4:d3:2a, ethertype 802.1Q (0x8100), length 102: vlan 3, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 2544, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.3.2 > 192.168.3.3: ICMP echo request, id 101, seq 1, length 64
12:21:48.523466 f2:48:df:b4:d3:2a > 46:ca:7f:bd:fd:6c, ethertype 802.1Q (0x8100), length 102: vlan 3, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 31975, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.3.3 > 192.168.3.2: ICMP echo reply, id 101, seq 1, length 64
12:21:49.522451 46:ca:7f:bd:fd:6c > f2:48:df:b4:d3:2a, ethertype 802.1Q (0x8100), length 102: vlan 3, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 2787, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.3.2 > 192.168.3.3: ICMP echo request, id 101, seq 2, length 64
12:21:49.522473 f2:48:df:b4:d3:2a > 46:ca:7f:bd:fd:6c, ethertype 802.1Q (0x8100), length 102: vlan 3, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 32023, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.3.3 > 192.168.3.2: ICMP echo reply, id 101, seq 2, length 64
12:21:50.521451 46:ca:7f:bd:fd:6c > f2:48:df:b4:d3:2a, ethertype 802.1Q (0x8100), length 102: vlan 3, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 2980, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.3.2 > 192.168.3.3: ICMP echo request, id 101, seq 3, length 64
12:21:50.521522 f2:48:df:b4:d3:2a > 46:ca:7f:bd:fd:6c, ethertype 802.1Q (0x8100), length 102: vlan 3, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 32269, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.3.3 > 192.168.3.2: ICMP echo reply, id 101, seq 3, length 64