Setting Up a Private Network for Dedicated Servers (CentOS 7)

With a private network, you can divide your existing network into several logical networks. The servers communicate using local IPs that are not routed on the Internet.

The use of private networks offers you the following advantages:

  • You can organise your networks according to organisational aspects.

  • You can easily add or remove your servers.

  • You can reduce latency and network load.

  • You can optimise traffic by prioritising data packets.

  • Each server can only communicate with servers on the same private network.

  • You can seal off servers with confidential data.

The use of a private network can be useful in the following example cases:

  • Setting up a private network for departments or project teams

  • Setting up a private network connected to a load balancer

  • Setting up a private network for a web server and a database server


You can create a private network consisting of dedicated servers by configuring tagged VLANs. VLANs are virtual local networks. These are combined into one standard in IEEE 802.1Q. With VLANs, you can divide an existing physical network into multiple logical networks with different subnets. The data traffic is encapsulated so that data from one or more VLANs can be transmitted independently of each other.

Tagged VLANs do not have a fixed assignment between the virtual network and a port. The assignment is made by marking the data packets. The data packets are provided with tags in which the VLAN ID is stored. This is done according to IEEE 802.1Q by the respective terminal device. In this case, these are the servers assigned to the private network.

Using the VLAN ID, a switch can recognize to which VLAN the data packet belongs. This allows multiple VLANs to be used via a single switch port.

Please Note
  • This article assumes you have a basic knowledge of Linux server administration.

  • If you do not configure the server correctly, it may no longer be available.

  • To use the private network for dedicated servers, you must configure all the servers assigned to the network.

How to configure an Ethernet interface of a server with CentOS 7 as an IEEE 802.1Q VLAN trunk:

Requirements
  • You have created at least two dedicated servers.

  • You have assigned the dedicated servers to a private network.

Determining the VLAN ID

The VLAN ID is required for configuring the network card.

How to determine the VLAN ID:

  • Open the Cloud Server.

  • In the Infrastructure > Server section, select the desired server.

  • Scroll to the Private Networks menu item.

  • Make a note of the VLAN ID.

    Example: VLAN: 3509

Configuring the Network Interface

In this step, you must configure the network interface for the VLAN or the private network. In the example below, we assume that a host requires access to a VLAN connected to the eth0 network interface. The assigned IP address for the host is 192.168.2.3/24 for VLAN 3509. For other VLANs, the setup is the same.

Please Note

The name of the network interface must comply with the naming convention supported by vconfig. The input format used and recommended here is ethx.y. Here ethx is the name of the physical interface. The placeholder y is the VLAN ID.

  • Log on to the server as an administrator.

  • Use vi to create the configuration file for the network interface for VLAN 3509.
    root@example.com:~# vi /etc/sysconfig/network-scripts/ifcfg-eth0.3509

Additional Information

The vi editor has an insert mode and a command mode.

You can enter the insert mode by pressing the i key. In this mode, the entered characters are immediately inserted into the text.

To enter the command mode, press the ESC key. When you use command mode, your keyboard input is interpreted as a command.

  • Insert the required information in the following form:
    VLAN=yes
    DEVICE= [NAME_OF_THE_PHYSICAL_INTERFACE_AND_VLAN-ID]
    BOOTPROTO=static
    ONBOOT=yes
    IPADDR=[IP-ADDRESS]
    NETMASK=[MAC-ADDRESS]

    Example:
    VLAN=yes
    DEVICE=eth0.3509
    BOOTPROTO=static
    ONBOOT=yes
    IPADDR=192.168.2.3
    NETMASK=255.255.255.0

  • To exit vi and save the file, type the command below and then press Enter:
    :wq

  • To restart the network interface for the private network, type the following command:
    root@example.com: ifup [NAME_OF_THE_PHYSICAL_INTERFACE_AND_VLAN-ID]
    Example:
    ifup eth0.3509

Testing the Network Configuration

To test the network configuration, type the following command:
ifconfig [NAME_OF_THE_PHYSICAL_INTERFACE_AND_VLAN-ID]
Example:
ifconfig eth0.3509


For example, if the network interface was successfully configured, the following message is displayed: eth0.3509    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr: 192.168.2.3  Bcast:12.168.2.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

Troubleshooting

The physical network interface was not found:

After entering the command ifup eth0.3509 an error message is displayed. Example:

Device eth0.3509 does not seem to be present, delaying initialisation.

This message could indicate that either the vlan=yes setting is missing from the ifcfg-eth0.3509 file, or the specified device name does not follow the vconfig naming convention.

To reload the kernel module, enter the command ifup.

 
No 802.1Q VLAN support available in kernel

If you receive an error message that is identical or similar to the error message below, the kernel module required to deploy VLAN support has not been loaded.

No 802.1Q VLAN support available in kernel for device eth0.2

To reload the kernel module, enter the command ifup.

To check whether the 802.1Q kernel module is currently loaded, type the following command:

lsmod | grep 8021q

If the kernel module 802.1Q is not listed, it was probably not found. To confirm this, enter the following command:

modprobe 8021q

If you then receive the error message below, you are probably using a different kernel than the one you originally installed and have not loaded a matching set of kernel modules:

FATAL: Could not open '/lib/modules/2.6.18-194.el5/kernel/net/8021q/8021q.ko': No such file or directory

If this is the case, there is no directory in /lib/modules that matches the current kernel version.

Further causes for this error are:

  • The file in question has been deleted.

  • You are using a kernel in which kernel module 802.1Q is not listed.