Pseudo-HOW-TO:
Devuan network configuration using ifupdown2 for a bridged tap on a bonded interface with VLAN

This guide uses ifupdown2 to configure the network interfaces. Compared to traditional ifupdown the configuration gets much easier. If you want to stick to ifupdown, use the old version of this guide. Please note: Due to a bug in ifupdown you may not be able to change the bond mode to anything else than mode 0 (Balanced-Round-Robin). So you better continue reading and see the ease of use of ifupdown2.

Before you start, you should configure your switch right!

The following technologies are combined in this Pseudo-How-To:

• VLAN
  To accept VLAN tagged packets, you need to configure your switch accordingly in addition to your host.
  
  
• Ethernet bonding
  Read the Linux Ethernet Bonding Driver HOWTO especially about the various options for the "mode" setting. You may also need to configure your switch for LACP. An intresting setting is the "xmit_hash_policy".
  
  
• Bridging a tap device
  A network bridge with a tap interface can be used for kvm guests.

What you need:

• Devuan GNU/Linux or similar
• a managed switch supporting VLANs
• multiple physical network ports

Install Software:

• apt-get update
• apt-get install ifupdown2 iproute2 bridge-utils vlan
• apt-get remove --purge resolvconf

Configure:

The example below assumes two physical interfaces, eth0 and eth1. If you want to bond more interfaces, just add a stanza for each nic you want to have bonded. As a mode failover has been chosen (mode active-backup). With this you can connect each physical interface of your machine to a different switch. Please feel free to change this to a link aggregation protocol like LACP 802.3ad or similar. Each mode has different options.

The tap0 interface has been configured for the user "libvirt-qemu" to use with kvm virtual machines.

1. Backup your existing /etc/network/interfaces
2. Edit /etc/network/interfaces and add the following stanzas adopted to your environment:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback


# physical network ports for the bond
iface eth0
iface eth1


# bonding interface
iface bond0
        bond-mode active-backup
        bond-slaves eth0 eth1
	bond-miimon 150
        bond-downdelay 300
        bond-updelay 300
        bond-use-carrier 1
        bond-xmit-hash-policy layer3+4
	pre-up echo eth0 > /sys/class/net/bond0/bonding/primary

# interface in VLAN 10 - host's own net
auto vlan10
iface vlan10
	bridge-ports bond0.10
	bridge-stp on
        address 10.0.0.10/24
        gateway 10.0.0.1


# KVM Guest-Networks

# bridge 1st VM's NIC in VLAN 500
auto br0
iface br0
	bridge-ports bond0.500 tap0
	bridge-stp off
        address 10.5.0.5/24
        gateway 10.5.0.1
        pre-up ip tuntap add dev tap0 mode tap user libvirt-qemu
        pre-up ip link set tap0 up
        post-down ip link set tap0 down
	post-down ip tuntap del dev tap0 mode tap


# bridge 2nd VM's NIC in VLAN 511
auto br1
iface br1
        bridge-ports bond0.511 tap1
        bridge-stp off
        address 10.5.11.5/24
        gateway 10.5.11.1
        pre-up ip tuntap add dev tap1 mode tap user libvirt-qemu
        pre-up ip link set tap1 up
        post-down ip link set tap1 down
	post-down ip tuntap del dev tap1 mode tap

3. Edit /etc/resolv.conf and set your name servers, domain, and search domain. See the manual.
4. Test...

Tips:

• deleting the bridge: ifdown br0
• taking all interfaces down/up: ifdown -a or ifup -a
• checking the status: ip addr show
• ping is your friend
• the docs *do* help too