connect a VM to a vLan

T

tincboy

Renowned Member
Apr 13, 2010
466
6
83
In our datacenter, we've a local network that is usefull for only selected vms,
Datacenter ask us if we can setup vlan on our servers so the selected VMs can only connect to that specific vlan which it's ID is 439
Does Proxmox support this kind of situation?

Regards
 
Hi, the way I use is to define on host /etc/network/interface ethx.vlanid and then using the gui I define a bridge interface vmbr<<vlanid>> and assign that interface to VM.
I don't know if is it possible to create directly from gui the vlan interface.
 
tincboy said:
In our datacenter, we've a local network that is usefull for only selected vms,
Datacenter ask us if we can setup vlan on our servers so the selected VMs can only connect to that specific vlan which it's ID is 439
Does Proxmox support this kind of situation?

Regards
Click to expand...
Hi,
yes you can do someting like this in /etc/network/interfaces:
Code: 
...
auto eth1
iface eth1 inet static
        address  0.0.0.0
        netmask  0.0.0.0

auto eth1.439
iface eth1.439 inet static
        address  0.0.0.0
        netmask  0.0.0.0


auto vmbr439
iface vmbr439 inet manual
        bridge_ports eth1.439
        bridge_stp off
        bridge_fd 0
If you need that on eth0 you must also use for your normal betwork vlan-tagging (must be also configured on the switch-side). Mixed traffic (with and without tagging) don't work.

Udo
 
Thanks,
I've create two vlan interface and thery are OK now,
But I don't want to build a bridge interface for each one of them separately,
So do you think bonding can help me in thi situation? I mean bond vlan interfaces and then make a bridge on bond0.
 
tincboy said:
Thanks,
I've create two vlan interface and thery are OK now,
But I don't want to build a bridge interface for each one of them separately,
So do you think bonding can help me in thi situation? I mean bond vlan interfaces and then make a bridge on bond0.
Click to expand...
Any suggestion on how to make a bridge on top of two or more vlans?
 
tincboy said:
Any suggestion on how to make a bridge on top of two or more vlans?
Click to expand...
Hi,
that's not clean! The afford of vlans is different networks - it's makes no sense to switch the networks afterwards together.
Why not seperate bridges - they are very cheap ;-)

But an hint - you can bridge many devices with an bridge (nomen est omen)

Udo
 
udo said:
Hi,
that's not clean! The afford of vlans is different networks - it's makes no sense to switch the networks afterwards together.
Why not seperate bridges - they are very cheap ;-)

But an hint - you can bridge many devices with an bridge (nomen est omen)

Udo
Click to expand...
Thanks Udo,
One of datacenters that we are operating in always route IPs only on vlans,
So if we want to have 2 or 3 differenet IP ranges, we have to use more than one vlan,
If we want to create a bridge for every vlan it make our every day work of creating VMs and rebuilding them much harder so it's a very important advantage for us to have more than one vlan on a bridge

When I configure a bridge for more than a vlan the server become unreachable and it lose it's netwok accessibility.
The interface configuration of my server is:

Code: 
# network interface settings
auto lo
iface lo inet loopback
iface eth0 inet manual
        address  0.0.0.0
        netmask  0.0.0.0

auto eth0.976
iface eth0.976 inet static
        address  0.0.0.0
        netmask  0.0.0.0
auto eth0.978
iface eth0.977 inet static
        address  0.0.0.0
        netmask  0.0.0.0
 
auto vmbr0
iface vmbr0 inet static
        address xxx.xxx.xxx.xxx
        netmask 255.255.255.0
        gateway xxx.xxx.xxx.1
        bridge_ports eth0.976 eth0.978
        bridge_stp off

If i just put one vlan in line which starts with "bridge_ports" it works well but making it two or more cause inaccessibility of server.
 
tincboy said:
Any idea or experiance?
Click to expand...
No,
but i can only repeat the affort of seperate networks (bridges) - with "shortcut" networks you decrease your security (a VM can also see traffic from normaly invisible networks...).

I think this must be done in the job to select the right network - if this is to complicate, the "admin" is not the right one (imho).

Udo
 
Thanks Udo,
Finally I've found what is the issue that make the server unreachable after making the vmbr0 on top of 2 vlans,
The issue is VMs don't pick up packets with vlan tags.

So I must remove the vlan tags and covert them to normal lan packets and then send them to VMs, in return when packets are going out of main server I've to add the tag and conver them to actual vlan packets,
So any suggestion on doing such convertion on packets on Proxmox?
 
tincboy said:
Thanks Udo,
Finally I've found what is the issue that make the server unreachable after making the vmbr0 on top of 2 vlans,
The issue is VMs don't pick up packets with vlan tags.

So I must remove the vlan tags and covert them to normal lan packets and then send them to VMs, in return when packets are going out of main server I've to add the tag and conver them to actual vlan packets,
So any suggestion on doing such convertion on packets on Proxmox?
Click to expand...
?????
if you use an vlan-nic on a bridge (eth1.20) the vlan-tag will be removed from traffic that came inside from eth1 (on vlan 20). And add for outgoing traffic. inside the vm you don`t use tagging (it`s a seperate network).
Work without trouble for me.

Udo
 
You must log in or register to reply here.
Top Bottom