Skip to content

Add L2 tenant network creation details and removal process#411

Open
jasnoyaeger wants to merge 2 commits intomainfrom
docs/tenant-l2-removal-process
Open

Add L2 tenant network creation details and removal process#411
jasnoyaeger wants to merge 2 commits intomainfrom
docs/tenant-l2-removal-process

Conversation

@jasnoyaeger
Copy link
Member

@jasnoyaeger jasnoyaeger commented Mar 13, 2026

Summary

  • Documents what gets created when sharing a Layer 2 network to a tenant (NIC on tenant node, Physical network, External network)
  • Adds step-by-step removal/deletion process with correct ordering
  • Corrects navigation paths to match actual UI

Closes #405

Validation Results

Tested the full create → verify → disable → delete → cleanup lifecycle on a live VergeOS 26.1.3 system with a root host and a single-node tenant.

Creation

What was tested Result
Creating L2 network adds NIC to tenant node Node NICs: 1 → 2
Creates Physical network in tenant Physical - <network-name> appeared (Stopped)
Creates External network in tenant <network-name> appeared (Stopped)

Removal

What was tested Result
Disable → Delete flow from host side Completed without errors when following correct order
NIC auto-removed on host-side delete Node NICs: 2 → 1 (automatically cleaned up)
Tenant-side networks remain after host-side delete Both orphaned networks persisted — manual cleanup required
Deletion order matters inside tenant Deleting Physical network before External fails with "another network is referencing this as an interface network" error

Key Findings That Informed Doc Changes

  1. NIC is auto-removed — The issue suggested all three tenant-side components need manual cleanup, but testing showed the NIC on the tenant node is automatically removed when the L2 network is disabled/deleted from the host side. Only the two networks (External and Physical) require manual cleanup.
  2. Deletion order matters — The External network must be deleted before the Physical network inside the tenant, because the External references the Physical as its interface network.
  3. Navigation path corrected — The actual UI path is Network > Layer2 Networks in the left sidebar (expandable menu), not a top-level "Networks" link.
  4. Disable/Delete uses row selection — The workflow is: select checkbox → click Disable/Delete in sidebar (not an edit form toggle as originally drafted).

Test plan

  • Verify mkdocs serve renders the updated page without errors
  • Review the "Automatic Network Creation" section for accuracy
  • Review the "Removing a Tenant Layer 2 Network" section for accuracy
  • Confirm navigation instructions match the VergeOS 26.x UI

🤖 Generated with Claude Code

@jasnoyaeger @claude
📝 docs: add L2 tenant network creation details and removal process
6fdef2c 
Document what gets created when sharing a Layer 2 network to a tenant
(NIC, Physical network, External network) and add step-by-step removal
instructions validated on a live system. Key findings from testing:
- NIC is auto-removed when L2 network is disabled/deleted from host
- Tenant-side networks (External, Physical) must be manually cleaned up
- External network must be deleted before Physical (dependency order)
- Navigation path corrected to Network > Layer2 Networks in left sidebar

Closes #405

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
jcampbellvergeio
jcampbellvergeio suggested changes Mar 13, 2026
View reviewed changes
@jasnoyaeger @claude
📝 docs: address Jeff Campbell's PR 411 review feedback
eaab10c 
- Add L2 External network prerequisite in root system with link
- Fix Network dropdown guidance (select external L2 only, not all networks)
- Update warning to reference Tenant L2 Networks instead of Virtual Switch Ports
- Correct network status from Running to Stopped after auto-creation
- Fix naming examples (e.g., "External VLAN 400", "Physical - External VLAN 400")
- Update VM NIC attachment to External network only (not Physical)
- Replace VM network placement with gateway instructions linking to Internal Networks
- Remove firewall rules references (not applicable to L2 networks)
- Fix tenant navigation paths to Networks → List
- Change "Click" to "Double-Click" for opening tenant in removal steps
- Add "External VLAN Network in Root" best practice
- Add prerequisite note at top of Configuration Steps section

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
jcampbellvergeio
jcampbellvergeio suggested changes Mar 16, 2026
View reviewed changes
docs/product-guide/tenants/layer-2-networks.md
2. **Physical Network** - Backend network infrastructure. Appears in the tenant's network list with the name of the network you're passing through, prepended by "**Physical -**"
1. **NIC Interface on the Tenant Node** - A new virtual NIC is added to the tenant node, connected to the specified VLAN
2. **Physical Network** - Backend network infrastructure that the NIC plugs into. Appears in the tenant's network list with the name of the network you're passing through, prepended by "**Physical -**"
3. **External Network** - Plugs into the Physical network above. Appears in the tenant's network list with the name of the network you're passing through
Copy link
Contributor

@jcampbellvergeio jcampbellvergeio Mar 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add to this: The External Network will not have a VLAN tag on it. The Interface is already tagged for this VLAN. Leave this network untagged. (i have received multiple tickets where the customer confused this and thought it needed a tag and tagged it)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jcampbellvergeio jcampbellvergeio jcampbellvergeio requested changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Docs: Add Layer2 Tenant Network recreation process and troubleshooting to provide-layer2-to-tenant

2 participants

@jasnoyaeger @jcampbellvergeio