OpenVSwicth Bridge + Internal Ports + Untagged traffic

Y

Yannick

New Member
Aug 14, 2013
15
0
1
HI all,

I'm trying to configure my proxmox following example1 from the wiki (https://pve.proxmox.com/wiki/Open_vSwitch) but it's not working and I need some help to solve this.
First, if think the wiki contains an error in this part, in example 1, it mentionned

Code: 
[COLOR=#000000][FONT=monospace]ovs_options tag=55

but I think it must be

[/FONT][/COLOR]
Code: 
[COLOR=#000000][FONT=monospace]ovs_options tag=1[/FONT][/COLOR]

otherwise I don't understand the link with tag=1 on eth0

This is my interface file

Code: 
# network interface settingsallow-vmbr0 vlan1
iface vlan1 inet static
        address  PUBLIC_IP
        netmask  PUBIC_MASK
        gateway  PUBLIC_GW
        ovs_type OVSIntPort
        ovs_bridge vmbr0
        ovs_options tag=1
        ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif


auto lo
iface lo inet loopback


allow-vmbr0 eth0
iface eth0 inet manual
        ovs_type OVSPort
        ovs_bridge vmbr0
        ovs_options tag=1
		ovs_options vlan_mode=native-untagged


iface eth2 inet manual


iface eth3 inet manual


auto eth1
iface eth1 inet dhcp


auto vmbr0
iface vmbr0 inet manual
        ovs_type OVSBridge
        ovs_ports eth0 vlan1

with this configuration, I can not have Internet Access.

Thanks for help,
Regards,
Yannick
 
My goal is to forward all untagged traffic from eth0 to vlan1 in my openvswitch.
So physical switch is not concerned by this
 
The example was wrong, you are right the vlan should have been set to 1.

You are missing the allow-ovs and allow-vmbr0 entries that need to exist prior to the entries. Also, you bridge definition should be first, before any interfaces that are part of the bridge.
 
It's always not working, what is wrong in this config ?

# network interface settings
auto lo
iface lo inet loopback


auto vmbr0
allow-ovs vmbr0
iface vmbr0 inet manual
ovs_type OVSBridge
ovs_ports eth0 vlan1


auto eth0
allow-vmbr0 eth0
iface eth0 inet manual
ovs_bridge vmbr0
ovs_type OVSPort
ovs_options vlan_mode=native-untagged
ovs_options tag=1

allow-vmbr0 vlan1
iface vlan1 inet static
ovs_type OVSIntPort
ovs_bridge vmbr0
ovs_options tag=1
ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
address PUBLIC_IP
netmask PUBLIC_MASK
gateway PUBLIC_GW


auto eth1
iface eth1 inet dhcp


iface eth2 inet manual


iface eth3 inet manual


auto vmbr1
iface vmbr1 inet manual
ovs_type OVSBridge
Click to expand...
 
Can you elaborate on what way it is not working?

Are all the interfaces visible in ifconfig -a?

Also, instead of using 2 ovs_options lines, you could combine it into one, perhaps having 2 entries is causing only one to be used:
Code: 
 ovs_options tag=1 vlan_mode=native-untagged
 
Always not working.
Yes all interfaces are visible in ifconfig -a.

hum, the server is an Online Server (French Hosting Provider). The traffic is filter by IP and Mac and I see that the mac address of eth0 is affected to vmbr0 not to the vlan1 interface that could be the issue. So it's possible that the traffic is banned by the hosting provider (no incoming/outgoing traffic).

It's working if I set the public ip directly on the vmbr0 (vmbr0 has the same Mac Address as eth0).


Thanks,
Yannick
 
sure, if you're mac restricted at your provider's switch, that could cause major issues.

Also, it's possible your vlan_mode would be more appropriately 'access' like:
Code: 
ovs_options tag=1 vlan_mode=access

for your eth0 definition
 
no. not working too !.

I think that I must keep the public IP address directly on vmbr0 and use another vswicth for vm connectivity.

or must found a method to affect the mac address on vlan 1 interface.

Thanks,
Yann
 
If your ISP has MAC restrictions, then it probably doesn't make sense for your physical ethernet interface to be part of a bridge at all. You should just assign your ip address to the physical ethernet interface. With MAC restrictions, your VMs wouldn't be able to be on that vlan either.

You'll obviously need to set up some sort of NATing if you need to allow egress out the MAC-restricted interface.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back