How do you work with VLANs (NIC vs Subnet)?

lzap · December 6, 2021, 10:21am

Hello,

one can define VLANID on Subnet and it is possible also to create a virtual nic with (VLAN) tag when creating a new host. It is, however, unclear how this was meant. In some templates, we require tag to be present on NIC:

[lzap@nuc foreman]$ ag "\.tag" app/views/unattended
app/views/unattended/provisioning_templates/snippet/kickstart_kernel_options.erb
93:  if iface.virtual? && iface.tag.present? && iface.attached_to.present?
103:      options.push("vlanid=#{iface.tag}")
105:      options.push("vlan=vlan#{iface.tag}:#{iface.attached_to}")

app/views/unattended/provisioning_templates/provision/kickstart_default.erb
161:  if iface.virtual? && iface.tag.present? && iface.attached_to.present?
163:      network_options.push("--vlanid=#{iface.tag}")
165:      network_options.push("--interfacename=vlan#{iface.tag}")

In others, we actually use NIC tag or fallback to Subnet tag (via method vlanid):

[lzap@nuc foreman]$ ag vlanid app/views/unattended
app/views/unattended/provisioning_templates/snippet/kickstart_kernel_options.erb
103:      options.push("vlanid=#{iface.tag}")

app/views/unattended/provisioning_templates/snippet/kickstart_ifcfg_generic_interface.erb
56:<%- if @interface.virtual? && (!@subnet.nil? && (@subnet.has_vlanid? || @interface.vlanid.present?)) -%>
70:<%- elsif @interface.virtual? && !@subnet.nil? && !@subnet.has_vlanid? && @interface.identifier.include?(':') -%>

app/views/unattended/provisioning_templates/provision/kickstart_default.erb
163:      network_options.push("--vlanid=#{iface.tag}")

app/views/unattended/provisioning_templates/PXELinux/preseed_default_pxelinux.erb
37:  if @host.provision_interface.vlanid.present?
38:    options << "netcfg/use_vlan=true netcfg/vlan_id=#{@host.provision_interface.vlanid}"

I would like to push forward making this consistent across templates, however, we have

Use NIC tag and ignore Subnet (preferably when tag was pre-filled from Subnet in the UI): https://github.com/theforeman/foreman/pull/8735
Inherit tag from Subnet: https://bugzilla.redhat.com/show_bug.cgi?id=2000620

I would like to ask you what you think? Which way we should be going? I lean towards @gvde 's proporal to simply use NIC tag and having Subnet VLANID to be more of “informative” with possibility to pre-fill tag into NIC in the UI.

gvde · December 6, 2021, 10:42am

That pull request on github is still on my todo once I have some more time and need to provision something again…

My answer is in the pull request: https://github.com/theforeman/foreman/pull/8735#discussion_r701853962

A subnet is layer 3. A vlan is layer 2. So to be exact, the one has nothing to do with the other. The VLAN tagging for provisioning configures the NIC of the host and that must match the network switch it’s connected to, i.e. 802.1q tagged or untagged.

A subnet is layer 3 and doesn’t really bother about vlans. Of course, in reality, I guess most people assign subnets to specific vlans to separate them and thus the vlan id may be some useful information in a subnet definition, e.g. to prefill the vlan tag for the provision interface…

lzap · December 6, 2021, 1:26pm

Yeah, I struggle to understand why TAG was ever introduced into the Subnet model. Maybe with some kind of inheritance of auto-fill in mind?

gvde · December 6, 2021, 1:44pm

Well, I understand it and I like it, even if it doesn’t belong together conceptionally. We have 100+ subnets in our networks I’d like it, if foreman would suggest the correct vlan tag after I pick the subnet I want…

lzap · December 6, 2021, 2:05pm

Yeah I understand, well, the code looks like inheritance was somehow planned or half-way through baked in. No signs about pre-filling tags from the subnet. But that can all change

Would love to hear other opinions.