Named VLANs in Ubuntu 14.04 Trust Thar

Whenever I configure a VLAN on a Linux host interface, I like to name it. “dmz” is a much better name for an interface than “eth0.11” when you’re working with routes, or iptables, etc.

In the past I’ve used a fairly simple configuration stanza in /etc/network/interfaces to achieve this:

auto dmz
iface dmz inet manual
  up ip link set eth0 up
  up vconfig add eth0 11
  up ip link set eth0.11 name dmz
  up ip addr add 1.2.3.4/24 dev dmz
  up ip link set dmz up
  down vconfig rem dmz

However recent changes in the ifupdown package, and in the kernel, have meant I’ve had to expand and modify this stanza somewhat, here’s the new version for 14.04 (and 12.04 since the ubuntu11 version of the ifupdown package):

auto dmz
iface dmz inet manual
  pre-up ip link set eth0 up
  pre-up vconfig add eth0 11
  pre-up ip link set eth0.11 name dmz
  up ip addr add 1.2.3.4/24 dev dmz
  up ip link set dmz up
  post-down ip link set dmz name eth0.11
  post-down vconfig rem eth0.11

Here’s why.

In the ubuntu11 patch of the ifupdown package they added a directive for manual interfaces that gets automatically run on up:

ip link set dev %iface% [[mtu %mtu%]] [[address %hwaddress%]] up

This is so you can set the mtu and/or mac address using configuration directives (although I don’t see why you wouldn’t just do it manually if you wanted to, it’s a manual interface after all) however in the case of my original config, the interface named “dmz” doesn’t exist yet since our “up” lines are run _after_ the systems up line above.

So we need to instantiate the vlan and rename it in pre-up.

Finally, there seems to be a bug in sysfs (and/or the kernel) where an interface is renamed then removed. I don’t know if this is specific to VLANs, but it caused a couple of kernel Oopses and broken network stacks before I figured out what was going on.

When you rename a vlan, a symlink is created in /sys which maps the original name to the new one. If you “vconfig rem dmz” that symlink (which would normally be deleted) is left hanging, or pointing to a non-existent file. This appears to upset the kernel quite a bit, but only if the interface is removed, then you attempt to add it again (ifdown, ifup)

The answer is to rename the interface back to its original name before removing the VLAN. This ensures the symlink is removed properly and the interface can be downed and upped and downed repeatedly without problems.

Luke.

ubuntutrustytahrvlan