Bond + Vlan Interface

R

Ramalama

Renowned Member
Dec 26, 2020
917
239
68
36
How you guys would do it, since there is many ways to the same result, im searching simply the best solution.
- I need a separate Cluster network/interface (vlan 1720)
- I need a separate Backup network/interface (vlan 1721)

Code: 
iface enp1s0f0np0 inet manual

iface enp1s0f1np1 inet manual

auto bond0
iface bond0 inet manual
        bond-slaves enp1s0f0np0 enp1s0f1np1
        bond-miimon 100
        bond-mode 802.3ad
        bond-xmit-hash-policy layer3+4

auto vmbr0
iface vmbr0 inet static
        address 172.17.1.19/24
        gateway 172.17.1.1
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 10-11 1700-1708 1710-1712 1797

Thats the basic configuration, now the question is, how do i create the other interfaces for cluster and backup?
Simply a bond interface like:
Code: 
iface bond0.1720 inet static
    address 172.17.20.10/24

iface bond0.1721 inet static
    address 172.17.21.10/24

Or another bridge? Or what? There are too many solutions for this, im just not sure whats the correct one, best approach.
I think the simple bond0.1720 with the address is the simplest and the bridge is not needed anyway since no vm needs that network...

Cheers
 
Last edited:
how about the other way around... from standards its ok to have a bond with slave vlan interfaces eg eth0.101 eth.1.101
 
With this setup
Code: 
iface enp1s0f0np0 inet manual

iface enp1s0f1np1 inet manual

auto bond0
iface bond0 inet manual
        bond-slaves enp1s0f0np0 enp1s0f1np1
        bond-miimon 100
        bond-mode 802.3ad
        bond-xmit-hash-policy layer3+4

auto vmbr0
iface vmbr0 inet static
        address 172.17.1.19/24
        gateway 172.17.1.1
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 10-11 1700-1708 1710-1712 1797

And assuming your other networking is setup correctly (primary router, firewall, etc. are able to pass vlan traffic correctly) you should just need to set the vlan number on the vm/ct nic config under "VLAN Tag".

I use bonds with vlans and I bounce vms/cts between vlans all the time using that method. There are no other sub-interfaces configured in my interfaces file.
 
Hello,

Looking at your configuration, the best and most scalable approach is to use a VLAN-aware bridge on top of your bond0. This way, you avoid creating unnecessary sub-interfaces or additional bridges, as all your VLANs will be managed by one primary bridge.

This method is cleaner and is the recommended practice for Proxmox.

Recommended Configuration​


Here is the adjusted configuration for your /etc/network/interfaces file to accommodate the Cluster and Backup networks using VLANs.

# /etc/network/interfaces

auto lo
iface lo inet loopback

# Physical interfaces
iface enp1s0f0np0 inet manual
iface enp1s0f1np1 inet manual

# LACP Bond Configuration
auto bond0
iface bond0 inet manual
bond-slaves enp1s0f0np0 enp1s0f1np1
bond-miimon 100
bond-mode 802.3ad
bond-xmit-hash-policy layer3+4

# Main bridge is made "VLAN-aware"
auto vmbr0
iface vmbr0 inet manual
bridge-ports bond0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094 # Allows a wide range of VLANs, can be customized

# Proxmox Management Interface
# The IP you had on vmbr0 is moved to a tagged sub-interface.
# Assuming your management network is on a VLAN, e.g., 1700. Please adjust if not.
auto vmbr0.1700
iface vmbr0.1700 inet static
address 172.17.1.19/24
gateway 172.17.1.1

# VLAN 1720: Interface for the Cluster Network
auto vmbr0.1720
iface vmbr0.1720 inet static
address 172.17.20.10/24
# A cluster network usually doesn't require a gateway

# VLAN 1721: Interface for the Backup Network
auto vmbr0.1721
iface vmbr0.1721 inet static
address 172.17.21.10/24
# A backup network also usually doesn't require a gateway
 
  • Like
Reactions: deda_lebeda
deda_lebeda said:
not sure about support
Code: 
bond-xmit-hash-policy layer3+4
isn't recommended just
Code: 
layer2+3
?
Click to expand...
perfectly fine (if your switch supports it, which it usually does) and even recommended if you're running e.g. Ceph across that bond
 
You must log in or register to reply here.
Top Bottom