Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/markitobonito/cloud_repositorio/llms.txt

Use this file to discover all available pages before exploring further.

VLANManager operates exclusively on the network node (default 10.0.10.3) to configure Open vSwitch VLAN gateway ports, Linux network namespaces for DHCP, and iptables rules for internet access. All commands are executed via RemoteExecutor.execute_direct() over SSH.

Constructor

__init__(remote_executor, network_node_ip="10.0.10.3")

remote_executor
RemoteExecutor
required
Used to run all commands on the network node.
network_node_ip
string
default:"10.0.10.3"
IP address of the network node where OVS and iptables are managed.
from remote_executor import RemoteExecutor
from vlan_manager import VLANManager

executor = RemoteExecutor()
vlan_mgr = VLANManager(executor, network_node_ip="10.0.10.3")

Methods

create_vlan_with_gateway(vlan_id, cidr, gateway_ip, dhcp_enabled=True)bool

Creates an OVS internal port tagged with vlan_id on br-int, assigns the gateway IP, and optionally configures a DHCP namespace.
vlan_id
integer
required
VLAN tag to configure on the OVS port.
cidr
string
required
Network CIDR used to derive the subnet mask, e.g. "192.168.101.0/24".
gateway_ip
string
required
IP address assigned to the gateway port, e.g. "192.168.101.1".
dhcp_enabled
boolean
default:"true"
When True, calls _setup_dhcp() after the gateway port is created.
The following commands are run on the network node: 
sudo ovs-vsctl --may-exist add-port br-int gw_vlan101 tag=101 \
  -- set interface gw_vlan101 type=internal
sudo ip addr add 192.168.101.1/24 dev gw_vlan101 2>/dev/null || true
sudo ip link set dev gw_vlan101 up
Returns True when the gateway port is up and (if requested) DHCP is confirmed running. Returns False on any SSH or OVS error. 
ok = vlan_mgr.create_vlan_with_gateway(
    vlan_id=101,
    cidr="192.168.101.0/24",
    gateway_ip="192.168.101.1",
    dhcp_enabled=True,
)

_setup_dhcp(vlan_id, cidr, gateway_ip)bool

Internal method that creates a dnsmasq DHCP server inside a dedicated Linux network namespace. Documented here for operators who need to understand or debug the DHCP setup.
vlan_id
integer
required
VLAN to configure DHCP for.
cidr
string
required
Network CIDR, e.g. "192.168.101.0/24". Used to derive the DHCP server IP ({base}.2) and lease range ({base}.10{base}.250).
gateway_ip
string
required
Passed to dnsmasq as DHCP option 3 (router).
Execution sequence
1

Create namespace

sudo ip netns add ns-dhcp-vlan{vlan_id} — errors are suppressed if the namespace already exists.
2

Create OVS DHCP port

sudo ovs-vsctl --may-exist add-port br-int dhcp_v{vlan_id} tag={vlan_id} -- set interface dhcp_v{vlan_id} type=internal
3

Move port to namespace

sudo ip link set dhcp_v{vlan_id} netns ns-dhcp-vlan{vlan_id}
4

Assign IP inside namespace

Assigns {base}.2/{mask} to dhcp_v{vlan_id} and brings up both the port and loopback inside the namespace.
5

Start dnsmasq

Kills any existing dnsmasq in the namespace, then starts a new instance:
--interface=dhcp_v{vlan_id}
--bind-interfaces
--dhcp-range={base}.10,{base}.250,24h
--dhcp-option=3,{gateway_ip}      # default route
--dhcp-option=6,8.8.8.8           # DNS
--log-facility=/tmp/dnsmasq_vlan{vlan_id}.log
6

Verify

Runs pgrep dnsmasq inside the namespace. Returns False if no PID is found.
Returns True when dnsmasq is confirmed running, False otherwise.

enable_internet_for_vlan(vlan_id, cidr, outgoing_iface="ens3")bool

Enables IP forwarding and adds iptables MASQUERADE rules so VMs on the given VLAN can reach the internet through the network node.
vlan_id
integer
required
VLAN whose traffic should be NATed.
cidr
string
required
Source CIDR for the MASQUERADE rule, e.g. "10.60.7.0/24".
outgoing_iface
string
default:"ens3"
Outgoing interface on the network node that connects to the upstream network.
The following commands are run on the network node: 
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -s 10.60.7.0/24 -o ens3 -j MASQUERADE
sudo iptables -A FORWARD -i gw_vlan400 -o ens3 -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
Returns True on success, False on SSH error or exception. 
vlan_mgr.enable_internet_for_vlan(
    vlan_id=400,
    cidr="10.60.7.0/24",
    outgoing_iface="ens3",
)

delete_vlan(vlan_id)bool

Tears down all resources associated with a VLAN: kills dnsmasq, deletes the namespace, and removes both OVS ports.
vlan_id
integer
required
VLAN to remove.
The following commands are run as a single SSH call on the network node: 
sudo ip netns exec ns-dhcp-vlan{vlan_id} pkill dnsmasq 2>/dev/null || true
sudo ip netns delete ns-dhcp-vlan{vlan_id} 2>/dev/null || true
sudo ovs-vsctl --if-exists del-port br-int gw_vlan{vlan_id}
sudo ovs-vsctl --if-exists del-port br-int dhcp_v{vlan_id}
sudo ip link del gw_vlan{vlan_id} 2>/dev/null || true
Returns True on success, False on SSH error or exception. 
vlan_mgr.delete_vlan(101)
delete_vlan() is not fully idempotent. While most commands use --if-exists or 2>/dev/null || true, calling it on a VLAN that was never created can still produce OVS warning output. Do not call this method on VLAN IDs that were never configured by create_vlan_with_gateway().

Build docs developers (and LLMs) love

Get started for freeTalk to us