Tuesday, January 26, 2010

Using VLANs with Virtualbox

After a number of hours wasted trying to figure out why my VLANs stopped working, it's probably a good idea to make note of what I found.

I have a lot of different Virtualbox VMs created that I use for testing different things. A while back I created a VM image to act as a PPPoE server (Debian squeeze guest running on a lenny host). For reasons that made sense to me at the time, I created VLANs on the guest operating system rather than on the host system (and attaching virtual network adaptors to the guest VM). I hadn't used this VM in several months until today; when I fired up the VM for some PPPoE testing. Unsurprisingly, the VM didn't have any network connectivity on boot. I figured it would probably take some finagling to get things working exactly the way they were working before. However the topology was correct, the switch set up properly, and still no PPPoE.

After several hours of screwing around with different VirtualBox versions, different combinations of host/guest VLAN configurations, etc. I identified the following behaviors:

  1. On a clean reboot of the host, the VLANs on the virtual machine work fine.
  2. As soon as I add a VLAN to the ethernet interface on the host, connectivity to the guest fails.
  3. If I remove the VLAN from the host, guest connectivity is restored.
The wheels started spinning and I remembered that at some point in the past I had a bridge interface configured on my host machine. I had recently removed the bridge in order to simplify my configuration. Some quick testing confirmed that when my host machine is configured with a virtual bridge interface, VLANs on the host can happily coexist with VLANs on the guest. My network configuration necessary to set this up is as follows.
  1. Add a bridge interface br0 to the host.
  2. Add ethernet adaptor eth0 to bridge br0.
  3. Add the host VLAN interfaces to bridge br0.
  4. Configure appropriate IP addressing for the host to br0.
  5. Attach the VirtualBox VM network interface to eth0.
In this configuration, both the host and the guest are able to create tagged VLAN interfaces without conflicting.

Sunday, January 24, 2010

Did your Kerberos authenticated NFS mounts all just break?

Here's why. A recent update to the krb5 packages disabled weak ciphers, DES in particular. I'm all for stronger security, but when it breaks my system, I get a bit crabby. I was the dummy here, I saw there message during the update process about possible NFS breakage due to the weak ciphers being disabled. I ignored the messages because I was in a hurry and I figured it would be a two minute fix. An hour and a half later I now have it fixed. Here is a link to the bug report that helped me. The fix is to re-enable the weak ciphers in your /etc/krb5.conf filein the libdefaults section.

allow_weak_crypto = true