Debian/Devuan network configuration for a bridged tap on a bonded interface with VLAN Pseudo-HOW-TO

Use ifupdown2 instead of ifupdown, it is much easier to accomplish with the newer software!

To set up a bridged tap interface over several bonded ethernet ports including VLAN tags, you may use the description below.

Before you start, you should test each individual technique of the setup to make sure your switch is configured right:

• Ethernet bonding
  Also read the Linux Ethernet Bonding Driver HOWTO especially about the various options for the "mode" setting. You may also need to reconfigure your switch depending on the mode and "xmit_hash_policy" policy you choose.
  
  
• VLAN Setup
  To accept VLAN tagged packets, you also need to reconfigure your switch.
  
  
• Bridging a tap device
  To set up a network bridge, you need to install the bridge-utils package.

What you need:

• Debian GNU/Linux
• a managed switch supporting VLANs
• multiple physical network ports

Install Software:

• apt-get update
• apt-get install bridge-utils ifenslave-2.6 vlan

Configure:

The example below assumes two physical interfaces, eth0 and eth1. If you want to bond more interfaces, just add a stanza for each nic you want to have bonded. As a link aggregation protocol LACP 802.3ad has been chosen, you are free to change this. The tap0 interface has been configured for the user "kvm-user".

1. Backup your existing /etc/network/interfaces
2. Edit /etc/network/interfaces and add the following stanzas adopted to your environment:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The physical network ports
allow-hotplug eth0
auto eth0
iface eth0 inet manual
	bond-master bond0

allow-hotplug eth1
auto eth1
iface eth1 inet manual
	bond-master bond0

# The bonding interface
iface bond0 inet manual
        bond-mode 802.3ad
        bond-miimon 150
        bond-downdelay 300
        bond-updelay 300
        bond-use-carrier 1
        bond-xmit-hash-policy layer2+3

# An interface in VLAN 172 
auto vlan172
iface vlan172 inet static
        vlan_raw_device bond0
        address 172.27.172.10
        netmask 255.255.255.0
        network 172.27.172.0
        boradcast 172.27.172.255
        gateway 172.27.172.1
        dns-nameservers 172.27.172.1
        dns-search vlan172.example.net

# The interface used for the bridge
auto vlan192
iface vlan192 inet manual
        vlan_raw_device bond0
        pre-up ip tuntap add dev tap0 mode tap user kvm-user
        pre-up ip link set tap0 up
        post-down ip link set tap0 down
	post-down ip tuntap del dev tap0 mode tap

auto br0
iface br0 inet static
        pre-up ip link set vlan192 up
        pre-up ip link set tap0 up
        bridge_ports vlan192 tap0
        bridge_waitport 5
        bridge_waitmax 10
        bridge_fd 0
        bridge_stp off
        address 192.168.100.100
        netmask 255.255.255.0
        network 192.168.100.0
        boradcast 192.168.100.255
        gateway 192.168.100.1
        dns-nameservers 192.168.100.1
        dns-search kvm.example.net
        post-down ip link set tap0 down
        post-down ip link set vlan192 down

3. Test...

Tips:

• deleting the bridge: ip link set br0 down; brctl delbr br0
• taking all interfaces down/up: ifdown -a or ifup -a
• checking the status: ip addr show
• ping is your friend