Private networks without physical device

Hello all,

i´m verry new to opennebula and tested this great platform with the documentation and a few tutorials.
I´m running opennebula on debian and use xen as an hypervisor.
Currently i have one physical NIC on the Host and the standard xenbr0.

Now i´m on a point where i have to build two virtual private networks (e.g. LAN_blue and LAN_green).
This two virtual networks should be both isolated (so no communication between the LAN_blue(and green) and the real physical network should be able). So i can simulate two physical networks.
After that i want to use this two virtual networks to simulate email communication between them. (each virtual lan should get a mailrelay and a few clients).

how can i build this two networks without communication to the real physical network?

thank you verry much!

welcome s3bbo,

you should be able to do that by creating sub-interfaces on your physical nic.
Let’s say you only have eth0;

  1. create subinterfaces eth0.blue and eth0.red.
  2. create bridge-devices using those new subinterfaces, red and blue, called br_red and br_blue. (pkg needed: bridge-utils)
    • OPTIONAL to separate traffic, use a vlan-tag (pkg vlan needed)
  3. define 2 new networks in Opennebula and use whatever internal IP ranges you want, and use the br_red and br_blue as interfaces while creating the ONE virtual network.

Example
ubuntu/debian:
http://docs.opennebula.org/4.12/design_and_installation/quick_starts/qs_ubuntu_kvm.html#configure-the-network
Centos/RedHat:
http://docs.opennebula.org/4.12/design_and_installation/quick_starts/qs_centos7_kvm.html#configure-the-network

Thank you Roland for your help.

so i have to create a bridges for each single network with
brctl addbr br_red and brctl addbr br_blue ?

but how can i create subinterfaces ? on the physical host or in the VMs?

thank you !

Here is a copy of my interfaces, that should show you how I did it:

VM INTERNAL NETWORK
auto p2p4.1716
iface p2p4.1716 inet manual

auto br1716
iface br1716 inet manual
bridge_ports p2p4.1716
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off

VM EXTERNAL NETWORK
auto p2p4.1717
iface p2p4.1717 inet manual

auto br1717
iface br1717 inet manual
bridge_ports p2p4.1717
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off

So, first step is to define subinterfaces on your host, for example eth0_blue and eth0_red. (p2p4.1716 in my example)
Then define bridge-interfaces, lets say br_red and br_blue (br1717 in my example), and make eth0_blue and eth0_red part of the bridges, using the “bridge-ports” part (see example). I also added a vlan-tag, in this case 1717 and 1716, to separate traffic.

Hope this helps!

oh thank you !
this helped me a lot :slight_smile:

hello,

my OpenNebula server has a similar scenario: one physical NIC, one virtual public network and three virtual private network. I would like to know if I can configure network (CentOS-7) to isolate network traffic between private networks. I know three private networks are, at end, connected to the only physical NIC (eth0), that is connecte to network via br0. Is it possible? Could I have 4 bridges and only one NIC? I’m trying to configure CentOS but I cannot get it to work.

My purpose is to get that even though all private networks (and the public one) are connected to my only one physical NIC, traffic between them were isolated.

Thanks.