With a private network, you can divide your existing network into several logical networks. The servers communicate using local IPs that are not routed on the Internet.
The use of private networks offers you the following advantages:
You can organise your networks according to organisational aspects.
You can easily add or remove your servers.
You can reduce latency and network load.
You can optimise traffic by prioritising data packets.
Each server can only communicate with servers on the same private network.
You can seal off servers with confidential data.
The use of a private network can be useful in the following example cases:
Setting up a private network for departments or project teams
Setting up a private network connected to a load balancer
Setting up a private network for a web server and a database server
You can create a private network consisting of dedicated servers by configuring tagged VLANs. VLANs are virtual local networks. These are combined into one standard in IEEE 802.1Q. With VLANs, you can divide an existing physical network into multiple logical networks with different subnets. The data traffic is encapsulated so that data from one or more VLANs can be transmitted independently of each other.
Tagged VLANs do not have a fixed assignment between the virtual network and a port. The assignment is made by marking the data packets. The data packets are provided with tags in which the VLAN ID is stored. This is done according to IEEE 802.1Q by the respective terminal device. In this case, these are the servers assigned to the private network.
Using the VLAN ID, a switch can recognize to which VLAN the data packet belongs. This allows multiple VLANs to be used via a single switch port.
This article assumes you have a basic knowledge of Linux server administration.
If you do not configure the server correctly, it may no longer be available.
To use the private network for dedicated servers, you must configure all the servers assigned to the network.
How to configure an Ethernet interface of a server with CentOS 7 as an IEEE 802.1Q VLAN trunk:
You have created at least two dedicated servers.
You have assigned the dedicated servers to a private network.
Configuring the Network Interface
In this step, you must configure the network interface for the VLAN or the private network. In the example below, we assume that a host requires access to a VLAN connected to the eth0 network interface. The assigned IP address for the host is 192.168.2.3/24 for VLAN 3509. For other VLANs, the setup is the same.
The name of the network interface must comply with the naming convention supported by vconfig. The input format used and recommended here is ethx.y. Here ethx is the name of the physical interface. The placeholder y is the VLAN ID.
Log on to the server as an administrator.
Use vi to create the configuration file for the network interface for VLAN 3509.
firstname.lastname@example.org:~# vi /etc/sysconfig/network-scripts/ifcfg-eth0.3509
The vi editor has an insert mode and a command mode.
You can enter the insert mode by pressing the i key. In this mode, the entered characters are immediately inserted into the text.
To enter the command mode, press the ESC key. When you use command mode, your keyboard input is interpreted as a command.
Insert the required information in the following form:
To exit vi and save the file, type the command below and then press Enter:
To restart the network interface for the private network, type the following command:
email@example.com: ifup [NAME_OF_THE_PHYSICAL_INTERFACE_AND_VLAN-ID]
Testing the Network Configuration
To test the network configuration, type the following command:
For example, if the network interface was successfully configured, the following message is displayed: eth0.3509 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr: 192.168.2.3 Bcast:220.127.116.11 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
The physical network interface was not found:
After entering the command ifup eth0.3509 an error message is displayed. Example:
Device eth0.3509 does not seem to be present, delaying initialisation.
This message could indicate that either the vlan=yes setting is missing from the ifcfg-eth0.3509 file, or the specified device name does not follow the vconfig naming convention.
To reload the kernel module, enter the command ifup.
No 802.1Q VLAN support available in kernel
If you receive an error message that is identical or similar to the error message below, the kernel module required to deploy VLAN support has not been loaded.
No 802.1Q VLAN support available in kernel for device eth0.2
To reload the kernel module, enter the command ifup.
To check whether the 802.1Q kernel module is currently loaded, type the following command:
lsmod | grep 8021q
If the kernel module 802.1Q is not listed, it was probably not found. To confirm this, enter the following command:
If you then receive the error message below, you are probably using a different kernel than the one you originally installed and have not loaded a matching set of kernel modules:
FATAL: Could not open '/lib/modules/2.6.18-194.el5/kernel/net/8021q/8021q.ko': No such file or directory
If this is the case, there is no directory in /lib/modules that matches the current kernel version.
Further causes for this error are:
The file in question has been deleted.
You are using a kernel in which kernel module 802.1Q is not listed.