| 1 |
On 2/28/20 5:38 PM, Rich Freeman wrote: |
| 2 |
> On Fri, Feb 28, 2020 at 8:11 PM Daniel Frey <djqfrey@×××××.com> wrote: |
| 3 |
>> |
| 4 |
>> Thanks for the detail, I've just ordered an RPi4B to mess around with. |
| 5 |
>> It would be helpful to move DNS etc off my home server as I'm trying to |
| 6 |
>> separate everything into VLANs. |
| 7 |
>> |
| 8 |
> |
| 9 |
> Keep in mind that Linux supports VLAN tagging, so if you set up your |
| 10 |
> switch to trunk your server you can have containers or even services |
| 11 |
> on multiple VLANs on the same host. |
| 12 |
> |
| 13 |
> I have this configured via systemd-networkd - I'm sure you could do it |
| 14 |
> with various other network managers as well. I just have a bridge for |
| 15 |
> each VLAN and then I can attach container virtual ethernet interfaces |
| 16 |
> to the appropriate VLAN bridge for each container. KVM uses bridges |
| 17 |
> and it should be just as easy to put VMs on the appropriate bridges. |
| 18 |
> |
| 19 |
> If you assign IPs on the host to each VLAN interface then as long as |
| 20 |
> the VLANs don't have conflicting IP addresses you can just attach |
| 21 |
> services to the appropriate VLANs by binding to their addresses. A |
| 22 |
> service that binds to 0.0.0.0 or to multiple addresses would listen on |
| 23 |
> all of them. Now, if your VLANs have conflicting address spaces then |
| 24 |
> I'd probably just stick to containers so that no host actually sees |
| 25 |
> conflicting IPs, otherwise you're probably going to have to go crazy |
| 26 |
> with iproute2 and netfilter to get all the packets going to the right |
| 27 |
> places. |
| 28 |
> |
| 29 |
> And all of that should work from a Pi as well as long as long as you |
| 30 |
> enable CONFIG_VLAN_8021Q. You also need to make sure the tagged VLAN |
| 31 |
> traffic is passed from the switch (which is not what you normally want |
| 32 |
> to do for a non-VLAN-aware host where you would filter out all but one |
| 33 |
> VLAN and remove the tag). |
| 34 |
> |
| 35 |
> I run my DHCP server on a Pi so that it is more independent. |
| 36 |
> |
| 37 |
|
| 38 |
Yes, I'm aware linux does VLANs... I set up netifrc to do this (I |
| 39 |
already have some "smart" switches set up - not full layer 3.) I thought |
| 40 |
about running containers but if I ever have to do something like |
| 41 |
emergency maintenance on my server the whole LAN would be down. Seems |
| 42 |
like a no-brainer to have a tiny device like an RPi to do this. |
| 43 |
|
| 44 |
I'm not so sure I'll try installing Gentoo on it though, it doesn't |
| 45 |
really seem suitable for compiling tasks. I'm pretty sure the kit I |
| 46 |
ordered has a card with Raspbian on it, I'll check that out first. |
| 47 |
|
| 48 |
Dan |
Archives