Hello!
I don't know if this is Proxmox or Mikrotik issue, but I've stuck with this for good.
I'm getting VLAN ID from another location inside which are another VLANs, so we have QinQ here. All is delivered to rack cabinet, where Proxmox cluster is running. What I want to do is to strip external VLAN ID (let's is say VLAN X1) on Proxmox and push only internal VLANs (lets say VLAN X1.x1) to the rest of the network, outside the rack. This needs to be done on some VM, because is necessary to control VLANs x1, x2, x3, before pushing it to the rest of the network. I've already tried Debian and Mikrotik CHR configured as a bridge to do the job but with no success.
All cluster machines are connected do one switch (Mikrotik CRS354-48G-4S+2Q+), where nodes ethernet ports are getting tagged VLANs and rest of the network is connected by access ports (untagged and PVID option). And to beyond those ports I can't deliver VLAN x1, x2, x3. Interesting thing is that I can see these VLANs as neighbors on their VLAN ID interfaces, but can't ping them. It's seems like QinQ is working inside the Proxmox, but there is no IP traffic outside the Proxmox, when to strip QinQ to regular one tag VLAN.
Here is a way how PVE node is configured (Proxmox 7.1!):
Network configuration of VM on this node (Mikrotik CHR as a bridge):
2890 - VLAN X1 where inside are VLANs x1, x2, x3 (for example VLAN 147), delivered to node as tagged.
21 - VLAN of rest of the network, delivered to node as tagged and out of CRS354 switch by access port (untagged and PVID) to the rest of LAN, where VLANs x1 (like 147) should be catched.
This VM sees VLAN 147 when You put VLAN147 interface. IP address on this VLAN in other city response to ping. It' OK!
Next I'm making a bridge and putting net0 and net1 as a ports of this bridge. From now I can see VLAN 147 IP addresses in "Mikrotik neighbor area" through VLAN 147 interface in the rest of the network devices. That's mean outside Proxmox environment and outside access ports VLAN 21.
BUT... I cannot ping VLAN 147 IP addresses from those devices.
I've tried dozens of different configurations - on Proxmox, on CRS354, inside a CHR VM. Even tried to replace CHR VM with Linux/Debian VM as a bridge. I always get only to the same point... It seems, that QinQ is working to the VM (I can ping VLAN 147 from CHR VM), but I cannot push out this inner VLAN back to other part of network. Before I started I've read that QinQ should work on Proxmox bridge with vlan-aware option off. For me there is no difference here. All in all, success is that I see VLAN 147, but only as neighbor devices, no IP/TCP?ICMP traffic is passing out of PVE/switch.
After two night I was left with no ideas about where else I could look for a way to achieve the goal. Is anybody tried something like this or similar? Maybe even it will not gonna happen with some reason I don't know yet?
Best Regards!
I don't know if this is Proxmox or Mikrotik issue, but I've stuck with this for good.
I'm getting VLAN ID from another location inside which are another VLANs, so we have QinQ here. All is delivered to rack cabinet, where Proxmox cluster is running. What I want to do is to strip external VLAN ID (let's is say VLAN X1) on Proxmox and push only internal VLANs (lets say VLAN X1.x1) to the rest of the network, outside the rack. This needs to be done on some VM, because is necessary to control VLANs x1, x2, x3, before pushing it to the rest of the network. I've already tried Debian and Mikrotik CHR configured as a bridge to do the job but with no success.
All cluster machines are connected do one switch (Mikrotik CRS354-48G-4S+2Q+), where nodes ethernet ports are getting tagged VLANs and rest of the network is connected by access ports (untagged and PVID option). And to beyond those ports I can't deliver VLAN x1, x2, x3. Interesting thing is that I can see these VLANs as neighbors on their VLAN ID interfaces, but can't ping them. It's seems like QinQ is working inside the Proxmox, but there is no IP traffic outside the Proxmox, when to strip QinQ to regular one tag VLAN.
Here is a way how PVE node is configured (Proxmox 7.1!):
Code:
iface enp66s0f0 inet manual
iface enp66s0f1 inet manual
auto enp66s0f0.21
iface enp66s0f0.21 inet manual
auto enp66s0f1.2890
iface enp66s0f1.2890 inet manual
auto vmbr21
iface vmbr21 inet manual
bridge-ports enp66s0f0.21
bridge-stp off
bridge-fd 0
auto vmbr2890
iface vmbr21 inet manual
bridge-ports enp66s0f1.2890
bridge-stp off
bridge-fd 0Network configuration of VM on this node (Mikrotik CHR as a bridge):
Code:
net0: virtio=XX:XX:XX:XX:XX:XX,bridge=vmbr2890
net1: virtio=XX:XX:XX:XX:XX:XX,bridge=vmbr212890 - VLAN X1 where inside are VLANs x1, x2, x3 (for example VLAN 147), delivered to node as tagged.
21 - VLAN of rest of the network, delivered to node as tagged and out of CRS354 switch by access port (untagged and PVID) to the rest of LAN, where VLANs x1 (like 147) should be catched.
This VM sees VLAN 147 when You put VLAN147 interface. IP address on this VLAN in other city response to ping. It' OK!
Next I'm making a bridge and putting net0 and net1 as a ports of this bridge. From now I can see VLAN 147 IP addresses in "Mikrotik neighbor area" through VLAN 147 interface in the rest of the network devices. That's mean outside Proxmox environment and outside access ports VLAN 21.
BUT... I cannot ping VLAN 147 IP addresses from those devices.
I've tried dozens of different configurations - on Proxmox, on CRS354, inside a CHR VM. Even tried to replace CHR VM with Linux/Debian VM as a bridge. I always get only to the same point... It seems, that QinQ is working to the VM (I can ping VLAN 147 from CHR VM), but I cannot push out this inner VLAN back to other part of network. Before I started I've read that QinQ should work on Proxmox bridge with vlan-aware option off. For me there is no difference here. All in all, success is that I see VLAN 147, but only as neighbor devices, no IP/TCP?ICMP traffic is passing out of PVE/switch.
After two night I was left with no ideas about where else I could look for a way to achieve the goal. Is anybody tried something like this or similar? Maybe even it will not gonna happen with some reason I don't know yet?
Best Regards!