VLAN
A virtual LAN, commonly known as a vLAN or as a VLAN, is a method of creating independent logical networks within a physical network. Several VLANs can co-exist within such a network. This helps in reducing the broadcast domain and administratively separating logical segments of LAN (like company departments) which should not exchange data using LAN (they still can by routing).
A VLAN consists of a network of computers that behave as if connected to the same wire - even though they may actually be physically connected to different segments of a LAN. Network administrators configure VLANs through software rather than hardware, which makes them extremely flexible. One of the biggest advantages of VLANs emerges when physically moving a computer to another location: it can stay on the same VLAN without the need for any hardware reconfiguration.
VLAN 1 is the default VLAN; it can never be deleted. All untagged traffic falls into this VLAN by default.
Advantages of VLAN
- Increases the number of broadcast domains but reduces the size of each broadcast domain, which in turn reduces network traffic and increases network security (both of which are hampered in case of single large broadcast domain)
- Reduces management effort to create subnetworks
- Reduces hardware requirement, as networks can be logically instead of physically separated
- Increases control over multiple traffic types.
Common VLAN configurations for container
VLAN can be used in following ways:
- Create VLAN device on physical network interface (eth0) and move it (VLAN device) to container:
host # vconfig add eth0 <vlan_id> host # vzctl set <CTID> --netdev_add eth0.<vlan_id> --save
- Create VLAN device inside container on veth device
ve # vconfig add eth0 <vlan_id>
The second option is available only in kernel with virtualized VLAN (since 2.6.18-028test005 version).