Issues Transitioning from VLAN to SDN with Proxmox

[n0one42]

Description:

I am currently in the process of transitioning from my existing VLAN topology to SDN but have encountered issues that I need assistance with.

Current Working Setup:

• Linux Bond: bond0 (802.3ad) (layer 3+4)
• Linux VLAN: VLAN90DMZ (raw device: bond0; VLAN Tag: 90)
• Linux Bridge: vmbr90 (Bridge ports: VLAN90DMZ)

In this setup, passing the vmbr90 to a VM works seamlessly. The VM itself is unaware of any VLAN tags as it operates untagged. Only the Linux VLAN is aware of the tag.

Objective:
I want to replicate this setup using SDN, but it is not working as expected.

Ideal Scenario:

• Maintain my router/switch with tagged ports (e.g., VLAN 90) with DHCP assigning IPs in the range 192.168.1.0/24.
• Default DHCP to use the range 192.168.1.100 - 192.168.1.200 for real servers.
• Utilize SDN for internal VMs, assigning the range 192.168.1.50 - 192.168.1.99.

Problem Encountered:
Despite several attempts, I am unable to convert the current setup to SDN. The VMs do not receive any IP addresses.

Request:
I need guidance on how to transition from my current VLAN topology to SDN while ensuring VMs receive appropriate IP addresses as per the defined ranges. Detailed steps or documentation references would be highly appreciated.

Thank you for your assistance.

Best regards

 

[sw-omit]

So to summarise:
You want to be able to connect a VM to a port (which for the VM itself is untagged) and also have the bond that is your connection to the rest of the network to be untagged, but have the traffic from the VM to your switch be tagged with VLAN90, receiving DHCP from your router outside of proxmox distributing on VLAN90?

If so, that's probably the same setup (minus the DHCP, since I use 99.9% static IPs, but do use DHCP for first-time setup so I know it works).

What I have is the following:
In Networking:
Linux Bond: bond0 (keep as is in your setup)
Linux Bridge: vmbr1 (Bridge Ports: bond0, no tags, optionally IP if you want to reach ProxMox on that untagged line.
In SDN:
Create a Zone of type: VLAN and Bridge Ports vmbr1
In the VNet section, Create your VNETS with the names and vlans, making them NOT VLAN-Aware, assigned to this Zone.

Bonus option; to prevent other admins from using the wrong device, give them their own accounts, and only give them access to this specific SDN-Zone, and not to the localnet zone. If you need help with this, ask and I can see how I set that part up again.

 

[n0one42]

So to summarise:
You want to be able to connect a VM to a port (which for the VM itself is untagged) and also have the bond that is your connection to the rest of the network to be untagged, but have the traffic from the VM to your switch be tagged with VLAN90, receiving DHCP from your router outside of proxmox distributing on VLAN90?

If so, that's probably the same setup (minus the DHCP, since I use 99.9% static IPs, but do use DHCP for first-time setup so I know it works).

What I have is the following:
In Networking:
Linux Bond: bond0 (keep as is in your setup)
Linux Bridge: vmbr1 (Bridge Ports: bond0, no tags, optionally IP if you want to reach ProxMox on that untagged line.
In SDN:
Create a Zone of type: VLAN and Bridge Ports vmbr1
In the VNet section, Create your VNETS with the names and vlans, making them NOT VLAN-Aware, assigned to this Zone.

Bonus option; to prevent other admins from using the wrong device, give them their own accounts, and only give them access to this specific SDN-Zone, and not to the localnet zone. If you need help with this, ask and I can see how I set that part up again.

Thank you for the response. Maybe you just misspelled but it must be tagged from the proxmox server to the switch and not from the vm.
Also bond connections are tagged with different vlans.
VM (untagged) --> bond0 (tagged) --> switch
Here is a better overview of my working system which I try to replicate as an SDN. Despite the DHCP I would want at least to just reproduce this behavior with SDN. Thats said, the vm should directly get from my DHCP an IP.

 

[n0one42]

Therefore I dried multiple versions. This is what comes close to yours except that I still do not get any IP. I also created a Subnets on this VNets.

 

[sw-omit]

With that last setup, if you manually configure an IP on this VM, is it then able to reach the router/internet?
Just to make sure it isn't an issue specifically with DHCP

As it does look exactly like what I have set up and is working, bar the type of bond I'm using (I'm currently using failover, still need to find the time to get it properly set up with multi-active)
I take it the firewall itself is turned off on cluster-level? Or if it is on there, have you tried with the firewall-option turned off on the VM-network-device

 

[n0one42]

This is a fresh proxmox testing server installed yesterday with version 8.2.4 so firewall is disabled at Datacenter level. However, I also disabled it explicitly on this network also.
Setting a static IP still gives me inside the vm:
ping: connect: Network is unreachable. This is pretty annoying.

I also followed the instructions even if I did install directly the latest proxmox version:

apt install libpve-network-perl
apt install dnsmasq
systemctl disable --now dnsmasq
apt install frr-pythontools