Getting Started with VLANs
Traducciones al EspañolEstamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
Linode VLANs (Virtual Local Area Network) are a completely free solution available to Linode Services used for enabling private networking in the cloud. Here are a few key features of VLANs:
Privacy and Security. Linodes on the same account and in the same region can be added to a VLAN, allowing for private and secure communications between those Linodes. The public internet can also be disabled on a Linode to provide even more security.
Note
VLANs are separate from Private IP Addresses. Private IPs are accessible to all Linodes in that same data center and can only be further restricted by firewall rules or additional internal configuration.Performance. A VLAN is configured as a Layer 2 networking device on a Linode and provides low latency for latency-sensitive applications.
No additional charges. VLANs are available at no cost and network transfer over a VLAN does not count towards monthly transfer quotas.
Configuring VLANs
VLANs are relatively simple to manage and do not require much configuration beyond attaching (or detaching) a VLAN to a Linode. VLANs can be configured when creating new Linodes or by modifying the network interfaces on the Configuration Profile of an existing Linode.
Configuring the Network Interface
VLANs are managed within the network interfaces on a Linode. Each Linode has 3 configurable network interfaces, which are referred to as eth0, eth1, and eth2. The purpose of a network interface is to provide access to either the public internet or a VLAN:
Public Internet: Configuring a network interface for the Public Internet enables the public (and private) IP address(es) for that Linode. If no network interface is configured as Public Internet, the Linode will not be able to access the internet or other Linodes within the data center’s main private network.
VLAN: Configuring a network interface for a VLAN enables the Linode to communicate over a specified VLAN.
None: Selecting None will deactivate that network interface.
CautionThe Public Internet must always be set to use the network interfaceeth0
.
Selecting a VLAN
When configuring a network interface, a VLAN can be selected by entering its Label. VLANs that already exist on an account can be quickly selected through a drop down list. If the label doesn’t correspond with an existing VLAN, a new VLAN is created.
Assigning an IPAM Address
IPAM (IP Address Management) is the system that allows users to assign and manage IP addresses for each VLAN configured on a Linode. When attaching a VLAN to a Linode, an IPAM Address can be specified in address/netmask format. This should be a unique IP address that doesn’t already exist within the VLAN or on the public internet. It is common to use an address within the 10.0.0.0/8 range (10.0.0.0 – 10.255.255.255). For example, here are typical IPAM addresses for two Linodes connected to the same VLAN:
- Linode 1:
10.0.0.1/24
- Linode 2:
10.0.0.2/24
Just like public and private IP addresses, IPAM addresses for a VLAN are automatically configured on a Linode through Network Helper. If Network Helper is disabled or if no IPAM address is provided, the Linode will not automatically be able to communicate over the VLAN. In some cases, advanced users may disable Network Helper or refrain from providing an IPAM address. When doing so, the Linode’s internal network configuration files must be manually adjusted with the desired settings. See Manually configuring a VLAN on a Linode for instructions.
NoteThe Linode must be rebooted for any changes within its network interfaces to take effect. This reboot allows Network Helper to run so it can automatically adjust the necessary network configuration files on the Linode.
Attaching a VLAN When Creating a Linode
On the top left of the Linode Cloud Manager, click Create and select Linode.
Fill out all desired configuration options in the form that appears, until reaching the Attach a VLAN section. See the Getting Started with Linode guide for more information.
Note
VLANs are not available in all regions. If the Attach a VLAN section isn’t visible, see the Availability section on the VLANs Overview page.Within the Attach a VLAN section, enter the Label of the VLAN or select from a list of the VLANs that currently exist on the account. If the VLAN does not yet exist, it is automatically created when creating the Linode.
Enter an IPAM Address. If this field left blank, the Linode will not be able to communicate with other Linodes on that VLAN until one of the following is true:
- An IPAM address is added to the
eth1
interface within the Linode’s Configuration Profile - An IP address is manually assigned to the network interface within the Linode’s internal configuration files.
See the Assigning an IPAM Address section on this page for more information about IPAM and examples of valid IPAM addresses.
- An IPAM address is added to the
Adjust any remaining configuration options as needed and select the Create Linode button to create the Linode.
By default, the public IP address (and, if added, the private IP address) of the Linode is configured on the eth0 network interface. The VLAN, if one was attached, is configured on the eth1 network interface. These network interfaces can be removed or modified by editing the Configuration Profile.
Attaching a VLAN to an Existing Linode
Within the Linode Cloud Manager, click the Linodes link in the sidebar and select a Linode.
Navigate to the Configurations tab on the Linode’s details page.
Click the Edit button next to the configuration profile you’d like to modify.
An Edit Configuration screen will appear. Scroll down to the Network Interfaces section.
Click the dropdown menu under the desired network interface and select VLAN. Typically
eth1
oreth2
would be used when adding the first or second VLAN to a Linode, respectively - if the Linode’seth0
network interface provides access to the public internet.A secondary menu will appear next to the selected interface for entering the VLAN’s label and the IPAM address for the Linode.
Enter the Label of the VLAN or select an existing VLAN from the drop down menu. If a custom label is entered and the VLAN does not yet exist, it is automatically created when saving the configuration profile.
Enter an IPAM Address. If this field is left blank, the Linode will not be able to communicate with other Linodes on that VLAN until an IP address is manually assigned to the network interface within the Linode’s internal configuration files.
See the Assigning an IPAM Address section on this page for more information about IPAM and examples of valid IPAM addresses.
Click on the Save Changes button towards the bottom of this form to save the changes.
Once the configuration profile has been updated, select the Boot or Reboot button next to the edited configuration profile on the following page. This will reboot using the edited configuration profile and apply the new VLAN configuration to the Linode.
Testing connectivity
Once a VLAN has been attached to more than one Linode, verify that you can communicate between those Linodes over the VLAN’s private network.
If the Linode has a public network configured, connect to your Linode via SSH
ssh username@192.0.2.0
If the Linode does not have a public network configured, connect to your Linode via Lish following the steps in the Using the Lish Console guide.
Ping another Linode within the VLAN’s private network using the IPAM address assigned to it.
ping 10.0.0.1
The output should display ICMP packets successfully transmitted and received from this Linode to the secondary Linode in the Private Network.
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.733 ms 64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.294 ms ^C --- 10.0.0.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 18ms rtt min/avg/max/mdev = 0.294/0.513/0.733/0.220 ms
Limitations
VLANs are region-specific. Once created, a VLAN can only be attached to other Linodes within the same data center.
An account can have up to 10 VLANs per region.
A Linode can belong to a maximum of 3 VLANs. Since there are 3 configurable network interfaces on each Linode, up to 3 VLANs can be attached. If one of those network interfaces is configured for the public internet, there are 2 remaining network interfaces for use with VLANs.
VLANs cannot be manually renamed by the user. If a VLAN’s label must be changed, a new VLAN can be created and all required Linodes can be attached to that new VLAN.
VLANs cannot be manually deleted by the user. There is no need to manually delete a VLAN. If a VLAN is no longer needed, simply detach it from all Linodes. After this, it will automatically be deleted within a short timeframe.
Network Helper is required for automatic configuration. If Network Helper has been disabled, the Linode will not automatically be able to communicate over the VLAN’s private network. In this case, advanced users can manually adjust their Linode’s internal network configuration files with the appropriate settings for their VLAN. See Manually configuring a VLAN on a Linode for instructions.
The Public Internet must always use the eth0 network interface. While VLANs themselves can function without issue on the
eth0
interface, the public internet on Linode will not be networked correctly on other interfaces.
This page was originally published on