Errors changing a VM to use vlan ID

[nz_monkey]

Hi There,

I am attempting to use Q-in-Q in our environment. I am basically bridging a vlan to vmbr0. When I add a vlan capable VM on to vmbr0 I am able to communicate on vlan10, however when I try to configure a VM to natively use vlan10 on vmbr0 and then start it I get the following error:

[COLOR=#000000][FONT=tahoma]no physical interface on bridge 'vmbr0'[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]/var/lib/qemu-server/pve-bridge: could not launch network script[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]kvm: -netdev type=tap,id=net0,ifname=tap101i0,script=/var/lib/qemu-server/pve-bridge,vhost=on: Device 'tap' could not be initialized[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]TASK ERROR: start failed: command '/usr/bin/kvm -id 101 -chardev 'socket,id=qmp,path=/var/run/qemu-server/101.qmp,server,nowait' -mon 'chardev=qmp,mode=control' -vnc unix:/var/run/qemu-server/101.vnc,x509,password -pidfile /var/run/qemu-server/101.pid -daemonize -name Win2k8-Test -smp 'sockets=2,cores=2' -nodefaults -boot 'menu=on' -vga std -no-hpet -k en-us -m 4096 -device 'piix3-usb-uhci,id=uhci,bus=pci.0,addr=0x1.0x2' -device 'usb-tablet,id=tablet,bus=uhci.0,port=1' -device 'virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3' -drive 'file=/var/lib/vz/images/101/vm-101-disk-1.raw,if=none,id=drive-virtio0,aio=native,cache=none' -device 'virtio-blk-pci,drive=drive-virtio0,id=virtio0,bus=pci.0,addr=0xa' -drive 'if=none,id=drive-ide3,media=cdrom,aio=native' -device 'ide-cd,bus=ide.1,unit=1,drive=drive-ide3,id=ide3,bootindex=200' -netdev 'type=tap,id=net0,ifname=tap101i0,script=/var/lib/qemu-server/pve-bridge,vhost=on' -device 'virtio-net-pci,mac=02:07:FB:17:AB:D8,netdev=net0,bus=pci.0,addr=0x12,id=net0,bootindex=300' -rtc 'driftfix=slew,base=localtime' -global 'kvm-pit.lost_tick_policy=discard'' failed: exit code 1[/FONT][/COLOR]

Which looks like there is a requirement for a "physical" interface on the bridge.

Is there anyway to work around this? I really need to get Q-in-Q working from the VM's.

 

[dietmar]

It does not really make sense to use vlans if there is no connection to the outside. Instead, you can use a separate private bridge?

 

[nz_monkey]

Hi Dietmar

I think you have misunderstood.
I have a bond0 interface. I have created a vlan on this vlan 101 making the interface bond0.101.

I then added bond0.101 to vmbr0

This means all traffic on vmbr0 will egress the host tagged with vlan 101

I am now wanting to be able to use vmbr0 on a VM with a further tag of 10 in this example.

Meaning packets egressing the host from that vm would have two tags, first 101 then 10

This should be a valid configuration but Proxmox is not matching bond#.# as a valid physical interface on the vmbr0 bridge.

 

[dietmar]

I would remove the tag on bond0 - looks strange to me to tag twice.

 

[nz_monkey]

I need to. Its called Q in Q vlan tagging or 802.1ad and is very common in large networks

 

[nz_monkey]

Without this i would have to create all vlans used on my pve hosts on all the switches between them, what a mission. With QinQ i can vastly reduce the amount of config that needs to be done on intermediary switches

 

[dietmar]

This will not work with our current setup.

 

[nz_monkey]

FYI I got this working by changing the matching regex inside Network.pm

 

[Navillus]

Just going to leave this here (mostly for me) a temporary fix to /usr/share/perl5/PVE/Network.pm

My company uses a tinc layer 2 VPN between multiple hosts (same datacentre but cheap dedicated servers) and the physical interface on the VPN is called "retint". Unfortunately, changing the regex in the existing code didn't work for me.

Please note: this does not have protection for multiple physical interfaces on one bridge. There is nothing in the way of error handling.

opendir (DIR,$dir);
while (my $item = readdir(DIR)) {
next if ($item =~ /^(veth)/);
next if ($item =~ /^(!eth|!retint)/);
$iface = $item;
}

# PVE::Tools::dir_glob_foreach($dir, '((eth|bond|tap|retint)\d+)', sub {
# my ($slave) = @_;
# print "@_";
# print "$slave";
# die "more then one physical interfaces on bridge '$bridge'\n" if $iface;
# $iface = $slave;## });# print "$iface";


die "no physical interface on bridge '$bridge'\n" if !$iface;
my $ifacevlan = "${iface}.$tag";

 

[Buddah]

Just going to leave this here (mostly for me) a temporary fix to /usr/share/perl5/PVE/Network.pm

My company uses a tinc layer 2 VPN between multiple hosts (same datacentre but cheap dedicated servers) and the physical interface on the VPN is called "retint". Unfortunately, changing the regex in the existing code didn't work for me.

Putting this here in case it can help anyone else. We found Proxmox 3.2 stopped starting VM's with the same errors as above. The following REGEX changes lets the network script accept dotted QinQ interfaces as being valid inside a bridge.


diff /usr/share/perl5/PVE/Network.pm.ORIG /usr/share/perl5/PVE/Network.pm
142c142
< PVE::Tools::dir_glob_foreach($dir, '((eth|bond)\d+)', sub {
---
> PVE::Tools::dir_glob_foreach($dir, '((eth|bond)\d+(\.\d+)?)', sub {

Cheers,
Matt