[SOLVED] Confused about Linux bridge, VLAN aware, and default VLAN

[DuckSeason]

Hello everyone, VMware refugee here trying to learn/play with Proxmox. I'm confused about how Linux bridges that are VLAN aware work with the default VLAN.

If I configure a Linux bridge and assign it an IP both the host and a guest/VM using the bridge work great (config below):
auto vmbr1
iface vmbr1 inet static
address 192.168.140.50/24
gateway 192.168.140.253
bridge-ports bond0
bridge-stp off
bridge-fd 0

I turn on the checkbox to make it VLAN aware the host becomes isolated but the guest/VM using the bridge continues to work (config below):
auto vmbr1
iface vmbr1 inet static
address 192.168.140.50/24
gateway 192.168.140.253
bridge-ports bond0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

What am I missing to allow the host to use the default VLAN on a Linux bridge that is VLAN aware?

 

[Dunuin]

What default VLAN? The PVE host should send/receive untagged packets according to how you set up your vmbr1.
If you want the PVE host to be using a specific VLAN you will have to create a new VLAN interface and set the IP/gateway there. Like vmbr1.100 if you want the host to be part of VLAN 100. See: https://pve.proxmox.com/wiki/Network_Configuration#sysadmin_network_vlan

 

[louie1961]

Here's how I have mine setup. I have a default VLAN on my switch of 1, but I don't use that on Proxmox at all

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4092

auto vmbr0.50
iface vmbr0.50 inet static
address 10.10.50.2/24
gateway 10.10.50.1

IP addresses have been changed to protect the innocent ;-) But let's pretend I have 5 VLANs, 10, 20, 30, 40, and 50 and VLAN 10 uses an IP range of 10.10.10.0/24, VLAN20 uses an IP range of 10.10.20.0/24 and so on. VLAN50 is my VLAN for managing my servers and switches and VLANs 10-40 are the VLANS my VMs and containers run on. With this setup I go to 10.10.50.2:8006 to access my Proxmox web interface, but I would go to a 10.10.10.0 or a 10.10.20.0 range to SSH into my VMs etc. Each of my VLANs is identified in pfSense, and I have a DHCP server on each VLAN, using the same IP address ranges (10.10.10.0, etc)

Note that I never use the switch default VLAN (1) on Proxmox

 

[DuckSeason]

I saw lots of examples of setting up additional VLANs, pretty standard networking stuff. What was less clear is how do you use the default VLAN (VLAN 1) or untagged traffic on a bridge that is set to be VLAN aware with the Proxmox host (since VMs attached to the bridge work fine). Basically I want the host to use untagged traffic, but I haven't found an example of that particular situation. I realize that this isn't typically what people do when they can do VLANs, but this should work.

I have tried multiple things to get VLAN 1 or untagged traffic to work, but none of them seemed to work (define a .1 interface, change bridge-vids to only list the VLANs I'm using, a few other things I can't remember right now). I'm certain that I'm missing something easy, just not reading the right article.

 

[Dunuin]

auto vmbr1
iface vmbr1 inet static
address 192.168.140.50/24
gateway 192.168.140.253
bridge-ports bond0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

That works fine here. Got a LACP bond with the switches ports set to VLAN61 untagged + multiple VLANs tagged and the PVE then will send/receive untagged packets that the switch will receive and tag with that VLANID 61.

 

[DuckSeason]

That works fine here. Got a LACP bond with the switches ports set to VLAN61 untagged + multiple VLANs tagged and the PVE then will send/receive untagged packets that the switch will receive and tag with that VLANID 61.

Not exactly what I'm doing (using VLAN1 for untagged), but yeah what I have should work fine from what I understand. Just making the bridge VLAN aware shouldn't break the host from using it with untagged traffic.

 

[Astraea]

I use both tagged and untagged VLANs but am using the OVS networking that is available within Proxmox, as I always seemed to have issues when I started out with Proxmox and Linux Bridges for networking and haven't gone back to try I again.

 

[DuckSeason]

After a bunch of going back and forth I think I figured it out. I had two problems:

1. I had applied an SDN configuration to the host. Even though the SDN configuration was removed I hadn't rebooted the host. When you look at the VLAN list for the interface (using "bridge vlan" command) VLAN 1 was no longer part of vmbr1 and wouldn't come back until I rebooted (ifreload -a isn't enough)
2. The SDN configuration I had applied had VLAN 1 defined in it. Since the SDN configuration runs after the physical interface setup the SDN creates a .1 interface for VLAN 1 which conflicts. Remove VLAN 1 from my SDN configuration and everything works fine as well

So, in the end I'm smarter now and need to rejigger my management network a bit. I was trying to ensure that even if a switch dies and I have to fallback to unmanaged switches that I could still manage my hosts, don't have enough interfaces to dedicate one to management.