Connect some VMs with untagged and some tagged VLANs

Y

yakatz

New Member
Dec 19, 2022
7
1
3
We have tons of VLANs available on our servers. Most VMs are connected to a single VLAN and we created multiple bridges for that, but there are a few VMs that we would like to pass all traffic to and do the tagging in the VM.


Code: 
root@srv00:~# cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface idrac inet manual

auto eno1
iface eno1 inet manual

auto eno2
iface eno2 inet manual

auto bond0
iface bond0 inet manual
        bond-slaves eno1 eno2
        bond-miimon 100
        bond-mode 802.3ad
        bond-xmit-hash-policy layer2+3

auto bond0.2514
iface bond0.2514 inet manual

auto vmbr2514
iface vmbr2514 inet static
        address 10.72.14.207/24
        gateway 10.72.14.1
        bridge-ports bond0.2514
        bridge-stp off
        bridge-fd 0

auto vmbr0
iface vmbr0 inet manual
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0

auto vmbr884
iface vmbr884 inet static
        address 10.88.4.2/24
        bridge-ports bond0.884
        bridge-stp off
        bridge-fd 0
#proxmox traffic

auto vmbr885
iface vmbr885 inet static
        address 10.88.5.2/24
        bridge-ports bond0.885
        bridge-stp off
        bridge-fd 0
#ceph traffic

auto vmbr886
iface vmbr886 inet static
        address 10.88.6.2/24
        bridge-ports bond0.886
        bridge-stp off
        bridge-fd 0
#ceph osd traffic

It seems like not all tagged traffic is actually making it to the VMs on vmbr0 - for example, if I set the interface in proxmox to be virtio=XX:XX:XX:XX:XX:XX,bridge=vmbr0,tag=441, the guest is able to see traffic on that VLAN (using tcpdump), but if I set the interface to be virtio=XX:XX:XX:XX:XX:XX,bridge=vmbr0, traffic for some other VLANs shows up, but not that VLAN.

How can I make every VLAN accessible on vmbr0?
 
I finally got back to this - it doesn't seem to be working properly.

I configured a network interface on a vm connected to vmbr0.
1699508575127.png

From that machine, I can't ping the gateway. When I run tcpdump on the host, I can see ARP requests and responses, but the ARP response never gets back to the guest.

tcpdump on the host:
1699508640342.png

Host network config:
1699508864932.png

Ping on the guest:
1699508725728.png

If I change the interface in proxmox to be tagged and in the VM to be untagged, it works.
The reason I want to do this is I have a network monitoring application that is VLAN aware, so I want the VLANs to all be accessible.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back