Issue with openvz, direct access to network device and vlans

[TrevorJ]

Dear All,


I am using the following command to move a phyiscal Ethernet device from the host to a container.


vzctl set <CTID> --netdev_add ethx --save


x = host Ethernet interface, i.e. eth7


This works well and I can see the device directly in the container.


However, I am unable to assign vlans to the device.


I have tried using the debian-6.0-standard_6.0.6_i386.tar.gz and debian-6-turnkey-core_12-1_i386.tar.gz templates.


On the CT's I have installed vlan support with apt-get install vlan.


When I try to initialise a vlan interface on the physical device (which I moved from the host to the CT, I get the following error message)



WARNING: Could not open /proc/net/vlan/config. Maybe you need to load the 8021q module, or maybe you are not using PROCFS??
ERROR: trying to add VLAN #103 to IF -:eth7:- error: Package not installed
Failed to bring up eth7.103.


When I check on both templates I see that /proc/net/vlan does not exist.



So I decided to check the host (Proxmox 2.3-13) and discovered /proc/net/vlan was missing, even though the vlan package is installed.



So I ran modprob 8011q on the host and /proc/net/vlan/config appeared on the host and CT's.



I can now bring up a vlan interface inside a CT, but get a strange error message:-



Added VLAN with VID == 103 to IF -:eth7:-

Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config

ERROR: trying to add VLAN #103 to IF -:eth7:- error: File exists


Should I be worried about this? Why does Proxmox not load the 8011q module when it boots?



Should I add modprobe 8011q to /etc/modprobe.d/xxxxx.conf on the host?

xxxxx = a file name of my choosing.

 

[tom]

see https://bugzilla.proxmox.com/show_bug.cgi?id=129

but you can use KVM if you need vlan.

 

[TrevorJ]

Hi Tom,

Thanks for the fast reply.

I have tried the KVM route using VT-D and PCI/PCI-E passthrough. It was a little unstable and the not as fast as a CT.

Proxmox appears to have vlan support for KVM, does it not use the vlan package and 8011q module? If yes, then is there a problem loading it using modprobe on the host? It seems to run fine.

 

[tom]

you do not need VT-D for kvm. go for for virtio NIC and you should be happy with the performance, as long as you use a reasonable new kernel inside your KVM guest.

we have not VLAN support for OpenVZ, means I never tested manual configs and I cannot give big advice here.

 

[TrevorJ]

Hi Tom,

I have tested a Virtio vs VT-D vs CT. I am running an L2TP server and when the load gets above 500 Mbps the performance drops. In addition, the TCP throughput is not as good on the Virtio interface.

How is the KVM allocated a vlan from the host, using the web configurator? Surely it uses 8011q and therefore the module should be loaded at boot?

Many Thanks,

Trevor

 

[tom]

what guest OS do you run for your KVM tests?

and also search the forum for vlan examples and explanation, there are a lot of interesting posts.

 

[mir]

You can connect a CT to a vlan, but only implicitly. See example below:

auto vlan10
iface vlan10 inet manual
        vlan-raw-device ethX

auto vmbr10
iface vmbr10 inet manual
        bridge_ports vlan10
        bridge_stp off
        bridge_fd 0

Assign your CT nic to vmbr10 and your CT will then be communicating over vlan10 in this case.

 

[dietmar]

Surely it uses 8011q and therefore the module should be loaded at boot?

Yes, it uses 8011q. The tools we use automatically load the module on demand.

 

[torontob]

Mir,

How does this work? I have vmbr0 and by implicitly you mean adding this in ifcfg-eth.4000 for example where 4000 is the vlan tag ID?

Thanks,