Configuring an OpenvSwitch with vports in Proxmox

M

mztriz

New Member
Nov 25, 2014
5
0
1
All,

I have Proxmox running off WiFi (I wish it wasn't this way but it's out of necessity). What I'm trying to do is create a way for me to be able to use the local network within my proxmox network. Currently, everything is running off of NAT from wlan0 and all internal machines have the same local IP address -- which is not very useful to me at all. I'm trying to fix this with ovs.

My ovs setup:
Code: 
[wlan0]  [IP Stack]  
|                   |
[maplebridge] --- vport1                        
                      --- vport2

ovs-vsctl add-br maplebridge #Create my bridge
ip link set maplebridge up # Turn on bridge
ovs-vsctl add-port maplebridge wlan0 # Add wlan0
ip addr del 192.168.1.136/24 dev wlan0 # Remove config from wlan0
dhclient maplebridge # DHCP IP addr to maplebridge
ip tuntap add mode tap vport1 # Create vport1
ip tuntap add mode tap vport2 # Create vport2
ip link set vport1 up # Turn on vport1
ip link set vport2 up # Turn on vport2
ovs-vsctl add-port maplebridge vport1 -- add-port maplebridge vport2 # Add ports to bridge

root@henesys:/home/mztriz# ovs-vsctl show
55601e1b-928a-454b-9e7f-d5c24ed47fe9
Bridge maplebridge
Port maplebridge
Interface maplebridge
type: internal
Port "vport2"
Interface "vport2"
Port "vport1"
Interface "vport1"
Port "wlan0"
Interface "wlan0"
ovs_version: "2.3.0"



Contents of /etc/network/interfaces:
root@henesys:/home/mztriz# cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto wlan0
iface wlan0 inet static
address 192.168.1.136
netmask 255.255.255.0
gateway 192.168.1.1
wpa-ssid ""
wpa-psk ""

allow-ovs maplebridge
iface maplebridge inet dhcp
ovs_type OVSBridge
ovs_ports vport1 vport2

allow-br0 vport1
iface vport1 inet manual
ovs_bridge vport1
ovs_type OVSPort

allow-br0 vport2
iface vport2 inet manual
ovs_bridge vport2
ovs_type OVSPort



This is what I see in the web interface under Network:
image 1

This is what happens if I try to set one of my VMs to use the network adapter vport1:
image 2

What am I doing wrong?
 

Attachments

  • Selection_001.png
    Selection_001.png
    66.3 KB · Views: 53
  • Selection_002.png
    Selection_002.png
    51 KB · Views: 41
Last edited:
Hello mztriz

mztriz said:
I have Proxmox running off WiFi (I wish it wasn't this way but it's out of necessity). What I'm trying to do is create a way for me to be able to use the local network within my proxmox network. Currently, everything is running off of NAT from wlan0 and all internal machines have the same local IP address -- which is not very useful to me at all. I'm trying to fix this with ovs.
Click to expand...

Regarding wlan in general: I know from my experience that wireless is always problematic in any kind of bridges - from which type ever (LINUX, OVS, VMware, VBox,...). Therefore I avoid them categorically. Even I don´t know if and how it may work in your case. Have a look here:

http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob_plain;f=FAQ;hb=HEAD and search for "Q: I can't seem to use Open vSwitch in a wireless network."

About an alternative for your case see more below.

But first a look at what you intended to do:

mztriz said:
My ovs setup:
Code: 
[wlan0]  [IP Stack]  
|                   |
[maplebridge] --- vport1                        
                      --- vport2

ovs-vsctl add-br maplebridge #Create my bridge
ip link set maplebridge up # Turn on bridge
ovs-vsctl add-port maplebridge wlan0 # Add wlan0
ip addr del 192.168.1.136/24 dev wlan0 # Remove config from wlan0
dhclient maplebridge # DHCP IP addr to maplebridge
ip tuntap add mode tap vport1 # Create vport1
ip tuntap add mode tap vport2 # Create vport2
ip link set vport1 up # Turn on vport1
ip link set vport2 up # Turn on vport2
ovs-vsctl add-port maplebridge vport1 -- add-port maplebridge vport2 # Add ports to bridge
Click to expand...

1. What is the reason for vport1 and vport2? If they should be the connections to your VMs: not necessary! You can assign the virtual NICs directly to your "maplebridge"!

2. You created the bridge by ovs-commands - why not with Proxmox GUI? Then your /etc/inetwork/interfaces would look like this (independetly of the mentioned above obstacles):

Code: 
auto maplebridge
iface maplebridge inet static
    address  192.168.1.136
    netmask  255.255.255.0
    ovs_type OVSBridge
    ovs_ports vport1 vport2 wlan0

allow-maplebridge wlan0
iface wlan0 inet manual
    ovs_type OVSPort
    ovs_bridge maplebridge
    
allow-maplebridge vport1
iface vport1 inet manual
    ovs_type OVSIntPort
    ovs_bridge maplebridge
    
allow-maplebridge vport2
iface vport2 inet manual
    ovs_type OVSIntPort
    ovs_bridge maplebridge

and if you add a VM´s NIC (example: VM ID 871 net0) you will see it by ovs-vsctl show like this:

Code: 
    Bridge "maplebridge"
        Port "tap871i0"
            Interface "tap871i0"
        Port "vport1"
            Interface "vport1"
                type: internal
        Port "vport2"
            Interface "vport2"
                type: internal
        Port "wlan0"
            Interface "wlan0"
        Port "maplebridge"
            Interface "maplebridge"
                type: internal

But as already mentioned, I have my doubts if it will work with "wlan0". What to do?

I would make a new subnet (e.g. 192.168.2.0/24) inside of Proxmox, i.e. remove "wlan0" from the "maplebridge". All VMs are now connected with one virtual LAN, but not with wlan.
The traffic has to be routed via internal NAT in Proxmox, the NAT has to be activated when the bridge starts up (to be added in /etc/network/interfaces):

Code: 
auto maplebridge
iface maplebridge inet static
    address  192.168.1.136
    netmask  255.255.255.0
    ovs_type OVSBridge
    #ovs_ports vport1 vport2  ---- probably not necessary any more!!
    pre-up iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o wlan0 -j MASQUERADE

Now you have NAT behind a NAT - but works perfectly.

Kind regards

Mr.Holmes
 
Thank you Mr. Holmes,

I really appricate the detailed response.
I think I have a much clearer picture of how this works together (total networking n00b).

Here's what I've done:

I took your final suggestion of creating NAT over NAT via an OVS bridge through the Proxmox GUI.
In the GUI the only choices for naming bridges are vmbrX. I created vmbr1 with IP 10.0.2.1 (hopefully this means my bridge is the gateway device :confused:) , subnet 255.255.255.0, selected auto start and configured no gateway or bridge ports.

I then modified the Proxmox host /etc/network/interfaces config to look like the following:
Code: 
auto lo
iface lo inet loopback

auto wlan0
iface wlan0 inet static
        address  192.168.1.136
        netmask  255.255.255.0
        gateway  192.168.1.1
        wpa-ssid ""
        wpa-psk ""

auto vmbr1
iface vmbr1 inet static
    address  192.168.1.136
    netmask  255.255.255.0
    ovs_type OVSBridge
    pre-up iptables -t nat -A POSTROUTING -s 10.0.2.0/24 -o wlan0 -j MASQUERADE

Now when I select vmbr1 as the network device on a VM I can set the IP addr as 10.0.2.xxx. This part is working! Thanks!!
I can SSH from within the 10.0.2.xxx network to my other VMs. SUCCESS!

I do have a few issues though (I'm sure I didn't set it up all correctly :/).
First, if I try to ping 10.0.2.1 it just times out. I don't think my gateway is working properly. I will say I tried to set a gateway in the Proxmox GUI but no matter what I entered it said wlan0 had the gateway address. Second, if I try to get outside of the VM network I no longer have a public IP address.

Thoughts?

Thanks!
 
Last edited:
Hello mztriz

mztriz said:
I took your final suggestion of creating NAT over NAT via an OVS bridge through the Proxmox GUI.
In the GUI the only choices for naming bridges are vmbrX. I created vmbr1 with IP 10.0.2.1 (hopefully this means my bridge is the gateway device ) , subnet 255.255.255.0, selected auto start and configured no gateway or bridge ports.

I then modified the Proxmox host /etc/network/interfaces config to look like the following:
Code: 
auto lo
iface lo inet loopback

auto wlan0
iface wlan0 inet static
        address  192.168.1.136
        netmask  255.255.255.0
        gateway  192.168.1.1
        wpa-ssid ""
        wpa-psk ""

auto vmbr1
iface vmbr1 inet static
    address  192.168.1.136
    netmask  255.255.255.0
    ovs_type OVSBridge
    pre-up iptables -t nat -A POSTROUTING -s 10.0.2.0/24 -o wlan0 -j MASQUERADE

Now when I select vmbr1 as the network device on a VM I can set the IP addr as 10.0.2.xxx. This part is working! Thanks!!
I can SSH from within the 10.0.2.xxx network to my other VMs. SUCCESS!

I do have a few issues though (I'm sure I didn't set it up all correctly :/).
First, if I try to ping 10.0.2.1 it just times out. I don't think my gateway is working properly. I will say I tried to set a gateway in the Proxmox GUI but no matter what I entered it said wlan0 had the gateway address. Second, if I try to get outside of the VM network I no longer have a public IP address.
Click to expand...

Sorry, I made a small mistake in my previous post: if you separate wlan0 and bridge the bridge must have a different IP (Why? they are in different LANs now: one is the wlan with the default router somewhere to internet, the other your local to the VMs, which is just a virtual one); like this:

Code: 
auto lo
iface lo inet loopback

auto wlan0
iface wlan0 inet static
        address  192.168.1.136
        netmask  255.255.255.0
        gateway  192.168.1.1
        wpa-ssid ""
        wpa-psk ""

auto vmbr1
iface vmbr1 inet static
    address  [COLOR=#ff0000]10.0.2.1[/COLOR]
    netmask  255.255.255.0
    ovs_type OVSBridge
    pre-up iptables -t nat -A POSTROUTING -s 10.0.2.0/24 -o wlan0 -j MASQUERADE

And 10.0.2.1 is your default route for all VMs!

Kind regards

Mr.Holmes
 
Thanks Mr. Holmes.

I was thinking the 192.168.1.136 address on the vmbr1 bridge was to link to wlan0 and give it control:/ I'm not even sure why I didn't just test it with the with the 10.0.2.1 address... dumb... lol.

Anyway, I appricate you looking over this. The VM network is now working and internet is also working after I setup ipv4 forwarding with sysctl.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back