VLAN tagging in the WEKA system
With tagged VLANs, WEKA clusters can participate in secure, scalable, and isolated communication between clients and backend servers.
Overview
WEKA support for IEEE 802.1Q VLAN encapsulation ("tagged VLAN IDs" or "tagged VLANs") enables isolation and segregation of network traffic while still granting connectivity between WEKA clients and backend servers.
Each WEKA cluster is limited to one VLAN, as each container can be assigned one VLAN per NIC. This provides granular control over network configurations while maintaining compatibility with existing workflows.
When paired with the WEKA Kubernetes Operator for backends, each tenant cluster and tenant client shares the same VLAN.
Tagged VLAN ID support is also extended to WEKA clients.
Enable WEKA tagged VLAN support
To enable WEKA tagged VLAN support, add the desired VLAN IDs to the switch ports connected to WEKA backends. It is common to include one untagged VLAN and multiple tagged VLAN IDs.
After configuring the switch, update the Linux system interfaces to recognize the VLAN IDs and verify connectivity.
Procedure
Assign a VLAN tag to a network interface Associate a VLAN tag with a NIC using the following command:
Example:
Add a VLAN interface Infer the VLAN tag by adding a VLAN interface:
Example:
Apply configuration changes Restart all containers to apply the VLAN configuration updates.
Mount filesystems with tagged VLANs
Basic VLAN tagging
Mount a filesystem with a specified NIC and VLAN tag:
Example:
Extended network configuration
Include gateway, IP, and netmask for advanced configurations:
Example:
Syntax guidelines:
Include additional named parameters (for example,
gw@,ip@,netmask@) directly in the command syntax.Alternatively, use the legacy style by specifying name-value pairs after the positional parameters.
Separate all parameters using
/.
This syntax is also supported for the weka local setup container --net ... command.
Last updated