Connecting Proxmox Node with Multiple VLANs configured to a switch: Independent VLAN Lookup or Shared VLAN Lookup?

[SInisterPisces]

I'm configuring a Mikrotik CSS-class switch (SwitchOS) for use with a Proxmox node.

One of the options on the switch is whether I want Independent VLAN lookup or Shared VLAN lookup. None of my other switches have asked me this; I'm not sure what they default to.

After communing with the switch docs, I've figured out this much:

Independent VLAN Lookup.

    Enable or disable independent VLAN lookup in the Host table for packet forwarding.
    Default: Off.
    Notes
        When to enable: "Will you have the SAME interface on the same device accessing multiple VLANs with the same MAC address?"
        N.B.: "hypervisors will ensure every vnic should have a unique MAC..."
        Only turn this on if something isn't working downstream.

So, VM and LXC vNICs all get their own MACs by default. But on the PVE host, every defined VLAN on a VMBR bridge shares the VMBR bridge MAC.

1. I'm running VM and LXC containers on multiple VLANs.
2. Two of my VLANs on VMBR1 each have different IPs on them that can reach the Proxmox host (management and storage networks), using the same MAC.
3. Given that the VLAN virtual interfaces themselves share the same MAC, should I turn on independent VLAN lookup?
4. What happens if I don't? Do things break, or just not perform as well?

 

[Cyberishf]

VM and LXC vNICs all get their own MACs by default

Yes and they do not change when they cross a network bridge or any number of bridges. The bridge interface MAC addresses are not relevant when forwarding a packet as a bridge is meant to be "transparent" to the sending and receiving hosts.

I think the only thing that will happen on your switch with IVL enabled is that it'll use slightly more RAM.

 

[SInisterPisces]

Yes and they do not change when they cross a network bridge or any number of bridges. The bridge interface MAC addresses are not relevant when forwarding a packet as a bridge is meant to be "transparent" to the sending and receiving hosts.

I think the only thing that will happen on your switch with IVL enabled is that it'll use slightly more RAM.

Thanks! I was hoping this was what was going on with the VM and LXC containers.

What about the Proxmox host itself? Say, I have two VLANs: management and storage, and the Proxmox host has an IP on each of those (one for the management web GUI/SSH, and the other to hit my shared storage on TrueNAS). Both of those IPs/virtual interfaces on the Proxmox host have the same MAC.

I think in the case of the management and storage virtual interfaces with IPs, those MACs are visible to the network outside the Proxmox node (that is, not transparent)? Is that right?