| 1 |
On Fri, Feb 28, 2020 at 8:11 PM Daniel Frey <djqfrey@×××××.com> wrote: |
| 2 |
> |
| 3 |
> Thanks for the detail, I've just ordered an RPi4B to mess around with. |
| 4 |
> It would be helpful to move DNS etc off my home server as I'm trying to |
| 5 |
> separate everything into VLANs. |
| 6 |
> |
| 7 |
|
| 8 |
Keep in mind that Linux supports VLAN tagging, so if you set up your |
| 9 |
switch to trunk your server you can have containers or even services |
| 10 |
on multiple VLANs on the same host. |
| 11 |
|
| 12 |
I have this configured via systemd-networkd - I'm sure you could do it |
| 13 |
with various other network managers as well. I just have a bridge for |
| 14 |
each VLAN and then I can attach container virtual ethernet interfaces |
| 15 |
to the appropriate VLAN bridge for each container. KVM uses bridges |
| 16 |
and it should be just as easy to put VMs on the appropriate bridges. |
| 17 |
|
| 18 |
If you assign IPs on the host to each VLAN interface then as long as |
| 19 |
the VLANs don't have conflicting IP addresses you can just attach |
| 20 |
services to the appropriate VLANs by binding to their addresses. A |
| 21 |
service that binds to 0.0.0.0 or to multiple addresses would listen on |
| 22 |
all of them. Now, if your VLANs have conflicting address spaces then |
| 23 |
I'd probably just stick to containers so that no host actually sees |
| 24 |
conflicting IPs, otherwise you're probably going to have to go crazy |
| 25 |
with iproute2 and netfilter to get all the packets going to the right |
| 26 |
places. |
| 27 |
|
| 28 |
And all of that should work from a Pi as well as long as long as you |
| 29 |
enable CONFIG_VLAN_8021Q. You also need to make sure the tagged VLAN |
| 30 |
traffic is passed from the switch (which is not what you normally want |
| 31 |
to do for a non-VLAN-aware host where you would filter out all but one |
| 32 |
VLAN and remove the tag). |
| 33 |
|
| 34 |
I run my DHCP server on a Pi so that it is more independent. |
| 35 |
|
| 36 |
-- |
| 37 |
Rich |
Archives