How can I connect a bridge to another bridge?

[WhiteTiger]

I have to simulate a network where two offices are connected by an optical fiber, therefore a connection between a switch and a switch.
But it doesn't seem to me that in Proxmox it is possible to connect two bridges since only the bridge - NIC association is allowed

 

[Dunuin]

Maybe you could let PVE route between the two bridges? Thats how you to it with WIFI cards where the WIFI card doesn't support to be attached to a bridge.

 

[WhiteTiger]

This is an example scheme

    eno1
      |
      V
   vmbr1 <---------->  vmbr2
      |                 |
      V                 V
   VM1-VM2           VM3-VM4

VM3 and VM4 are connected to vmbr2, but are accessible to eno1, through vmbr1.
I can't figure out if it is possible to create the link between vmbr1 and vmbr2.

 

[VictorSTS]

AFAIK, you cant connect bridges.

If both offices will be connected at layer 2, it makes no sense to me to use a different bridge in Proxmox to emulate such environment: simply connect all VM's to the same vmbr0, which will effectively emulate a layer2 connection among all VMs.

 

[spirit]

it's possible to link 2 bridge with a veth pair

if you use ifupdown2 :

auto veth_vmbr1
iface veth_vmbr1 inet manual
    link-type veth
    veth-peer-name veth_vmbr2

auto veth_vmbr2
iface veth_vmbr2 inet manual
     link-type veth
     veth-peer-name veth_vmbr1

auto vmbr1
iface vmbr1 inet manual
     bridge_ports veth_vmbr1 ...
     ...

auto vmbr2
iface vmbr2 inet manual
     bridge_ports veth_vmbr2 ...
     ...

 

[Neocult]

Can confirm the veth pair setup works great. The tipp helped me out a great deal.

It might be necessary to have more than one bridge for purposes of different address spaces (public IPs (e.g.. single IPs and different Subnets) and private ones and still have internal traffic be working. I consider that to be a setup that should occur quite often (not every VM/Container should need a dedicated public IP, but should be reachable locally and may interact with public machines on the same Proxmox host). Therefore an example from production.

eth0 for primary ip
vmbr0 for a public subnet
vmbr1 for private address space

veth_vmbr0 and veth_vmbr1 entries like @spirit listed
auto veth_vmbr1 iface veth_vmbr1 inet manual link-type veth veth-peer-name veth_vmbr2 auto veth_vmbr2 iface veth_vmbr2 inet manual link-type veth veth-peer-name veth_vmbr1

Example for public address subnet (Subnet mask according to public subnet available and ipv6 to have subnets on :0000::x, :1000::x, :2000:x etc.)
auto vmbr0 iface vmbr0 inet static address 178.63.125.161/29 bridge-ports veth_vmbr0 bridge-stp off bridge-fd 0 iface vmbr0 inet6 static address PUBLICIPV6NET::2/68 up ip -6 route add PUBLICIPV6NET::/68 dev vmbr0

Example for private address space vmbr1 (I reduced the Subnetmask to /16 10.0.0.0 to 10.0.255.255 and as well for ipv6 to have subnets on :1000 :2000 and NAT MASQUERADING with ACTIVE FIREWALL)
auto vmbr1 iface vmbr1 inet static address 10.0.0.1/16 bridge-ports veth_vmbr1 bridge-stp off bridge-fd 0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/16' -o eno1 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/16' -o eno1 -j MASQUERADE post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1 post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1 iface vmbr1 inet6 static and so on) address PUBLICIPV6NET:1000::1/68 up ip -6 route add PUBLICIPV6NET:1000::/68 dev vmbr1

To make the setup complete, loopback and primary ethernet adapter need to be added on top (HERE EXAMPLE FOR ROUTED SETUP)
auto lo iface lo inet loopback auto enp7s0 iface enp7s0 inet static address PUBLIC IP/32 gateway PUBLIC GATEWAY post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up echo 1 > /proc/sys/net/ipv4/conf/enp7s0/proxy_arp