VLANs issue and VLANs thinking

P

pestevao

New Member
May 8, 2024
4
0
1
Hello,

I'm having a strange issue.
I have defined a first vlan for managment and everything is fine.
The issue appears when I define a second vlan. No matter what the managment changes to the second defined vlan. I can create more vlans but it keeps the access on the second one. I have the ip of the first vlan on every place that it should be (namely /etc/hosts, /etc/issue, etc).
Only deleting all the vlans it returns to the ip of the first defined one... what the???

The second question in more a organization or functional one.
I will have multiple vlans for vms use.
I was thinking that it may be usufull defining multiple vlan on the host, only with the tag but no ip. So I can attach the vlans to the vms on give the ips there.
Will it work? Like this the vlan at the host will tag the traffice, but the IP will be attached to the vms configs for easier reading and less prune to erros (in defining the vlan tag on each vm).

Thank you.
 
Hi, for first question please paste your /etc/network/interfaces file.

For your second question, answer is absolutely yes, you don't have to give ip address to vlans on hypervisor host, you should specify network for virtual machine, connect vm to bridge and add vlan tag, and at the end give specific ip to virtual machine only (ip belonging to some vlan).
BR, Igor
 
Hello,

Follow the interfaces code.
Code: 
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto enp65s0f0
iface enp65s0f0 inet manual

auto enp129s0f0np0
iface enp129s0f0np0 inet manual

auto enp129s0f1np1
iface enp129s0f1np1 inet manual

auto enp65s0f1
iface enp65s0f1 inet manual

iface bond0 inet manual
        bond-slaves enp65s0f0 enp65s0f1
        bond-miimon 100
        bond-mode active-backup
        bond-primary enp65s0f0

auto bond1
iface bond1 inet manual
        bond-slaves enp129s0f0np0 enp129s0f1np1
        bond-miimon 100
        bond-mode active-backup
        bond-primary enp129s0f0np0

iface vmbr0 inet manual
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

auto vmbr1
iface vmbr1 inet manual
        bridge-ports bond1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

auto gestao
iface gestao inet static
        address 10.9.3.1/25
        gateway 10.9.3.126
        vlan-id 3
        vlan-raw-device vmbr0

auto vlan4
iface vlan3804 inet static
        address 10.9.4.129/25
        vlan-raw-device vmbr1

source /etc/network/interfaces.d/*

Everything work great on https://10.9.3.1:8006 until I add the vlan4. When I do it the previous access stops and I have to access trought https://10.9.4.129:8006 and this work. Access via ssh keeping on working with 10.9.3.1 and plus on the 10.9.4.129 too.

Append the netstat output. Seems to be listen on :8006 on all ips but...

Code: 
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:85            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 10.9.4.129:46640         10.9.4.253:25            TIME_WAIT
tcp        0      0 10.9.3.1:22              10.1.40.144:59477       ESTABLISHED
tcp6       0      0 ::1:25                  :::*                    LISTEN
tcp6       0      0 :::111                  :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 :::3128                 :::*                    LISTEN
tcp6       0      0 :::8006                 :::*                    LISTEN

Thank you, Pedro
 
I was thinking that it may be usufull defining multiple vlan on the host, only with the tag but no ip. So I can attach the vlans to the vms on give the ips there
Click to expand...

yes, define the vmbridges as vlan aware and take a look in the configuration wizard of the VMs network devices, to assign the vlan tags.

You won't be able to pass the vlan devices directly to the VMs.

Therefore, as an alternative approach, to the first one, create a vlan on top of the bonds/ethernet devices and
create a vmbridge aggregating the vlan devices. Than your VMs traffic will be tagged and untagged, when the packages are passed through the network devices underneath. For that reason you must not tag them in the VM's device configuration tab like in the first solution.

BR, Lucas
 
Can you try with this:

auto vlan3804
iface vlan3804 inet static
address 10.9.4.129/25
vlan-raw-device vmbr1

BR, Igor
 
I always prefer style like this, if many vm get attached to same bridge/vlan combo
Code: 
auto gestao
iface gestao inet manual
    address 10.9.3.1/25
    gateway 10.9.3.126
    bridgeports bond0.3
    bridge-stp on
    bridge-fd 0

auto vlan4
iface vlan4 inet manual
    address 10.9.4.129/25
    bridgeports bond1.4
    bridge-stp on
    bridge-fd 0
 
Is this typo here of why are auto and iface line using different interface names?
Click to expand...
Yes it was a typo.
It is vlan4 in both lines.

fba said:
I always prefer style like this, if many vm get attached to same bridge/vlan combo
Code: 
auto gestao
iface gestao inet manual
    address 10.9.3.1/25
    gateway 10.9.3.126
    bridgeports bond0.3
    bridge-stp on
    bridge-fd 0

auto vlan4
iface vlan4 inet manual
    address 10.9.4.129/25
    bridgeports bond1.4
    bridge-stp on
    bridge-fd 0
Click to expand...
Ooooh right
And like this I can attach the vlan4 for example directly to a VM and this already add vlan tag "automatically" to the VM traffic?

igorfilipovic said:
Can you try with this:

auto vlan3804
iface vlan3804 inet static
address 10.9.4.129/25
vlan-raw-device vmbr1

BR, Igor
Click to expand...
It keeps the same behaviour (in truth is the same cleaning my typo as said above).
First ip works until I add the new one.
From that moment on the managment Gui only answers through the new ip.
More: if I add some more vlans / ips the only that always answer to Gui is the second added one. :confused:
 
You must log in or register to reply here.
Top Bottom