Issues with VM VLAN tags

[lee.fishlock]

Hi all

I'm very new to Proxmox and reviewing it as a VMware alternative. Trying to 'de-vmware' myself away from the VMware terminology is a bit of a process but I'm slowly figuring things out so please excuse anything dumb I've done
I'm stuck on getting VMs to talk to the internet and have a feeling my traffic isn't leaving the bridge correctly.

To complicate things (and with some irony given my reason for looking at proxmox) my current environment is a PoC/lab that is running nested inside VMware machines (only infra I have easy access to at the moment). Below is a summary:

• 3 PVE hosts (VMware VMs) running a single NIC each, connected to a trunking port group carrying vlans 58, 99 and 100
• Single bridge (vmbr0) on each PVE host with vlan awareness enabled
• Separate linux vlan interfaces on each host for management (vlan58), clustering (vlan99) and test NFS storage (vlan100)
• Test VMs connected to vmbr0 and tagged on vlan58 (vlan58 has DHCP available, internet access and the PVE hosts also use this for management and can reach the internet ok)

My network config is as follows:

auto lo
iface lo inet loopback

iface ens160 inet manual
        mtu 9000

auto vmbr0
iface vmbr0 inet manual
        bridge-ports ens160
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
        mtu 9000
#vSwitch

auto vmbr0.58
iface vmbr0.58 inet static
        address 10.1.30.201/16
        gateway 10.1.255.254
        mtu 9000
#MGMT

auto vmbr0.99
iface vmbr0.99 inet static
        address 192.168.99.201/24
        mtu 9000
#Cluster

auto vmbr0.100
iface vmbr0.100 inet static
        address 192.168.100.201/24
        mtu 9000
#Storage

When assigning vlan58 to a VM NIC and even assigning a static IP, I'm not getting any connectivity either to the internet or the other proxmox hosts that are on the same subnet (apart from the one the VM is on, which tells me it's getting stuck at the bridge). If I understand correctly, tagging the VM NIC with vlan58 should be passing that through to the bridge, after which it should be treated the same as my proxmox host that has a vlan interface on vlan58 and has full connectivity to the internet and other hosts.

Have I missed something dumb? I'm not eliminating an issue on the VMware side either as this is an unfortunate complication, however the fact the hosts can communicate using the port group tells me there shouldn't be an issue there.

Just from a couple of days reading this forum I've picked up heaps from the helpful people on here so any insight is greatly appreciated!

 

[BadAtIT]

What are you using for DNS servers? If you are using an internal DNS it wont be able to resolve A or AAAA records unless you have configured it. Try using cloudflare or google DNS servers, 1.1.1.1 or 8.8.8.8

 

[lee.fishlock]

Thanks for the reply. I'm not bothering to look at DNS yet and don't even have DNS configured on my test machines as I'm not even able to get connectivity via IP address so I think it's a layer2 issue somewhere

 

[lee.fishlock]

For more context, below is the vm network config, so it's tagged on vlan 58 on vmbr0

root@pve-01:~# cat /etc/pve/qemu-server/100.conf
boot: order=scsi0;ide2;net0;ide0
cores: 2
cpu: x86-64-v2-AES
ide0: none,media=cdrom
ide2: none,media=cdrom
memory: 4096
meta: creation-qemu=8.1.2,ctime=1705317749
name: WinTest
net0: virtio=BC:24:11:25:CD:16,bridge=vmbr0,tag=58
numa: 0
ostype: l26
scsi0: pve-nfs-gold:100/vm-100-disk-0.qcow2,iothread=1,size=60G
scsihw: virtio-scsi-single
smbios1: uuid=c49c96d2-a615-4f0d-8695-8b1ec125712c
sockets: 1
vmgenid: 39aa9e30-6457-488c-aebc-0660ea90a541

As a test I created another bridge (vmbr1) with vlan awareness disabled, and attached it to a normal vlan58 port group in VMware (ie not a trunking port group). When I attach the VM nic to this bridge I'm able to connect to the rest of the network and internet fine, so definitely seems I've missed or muffed something in my vlan/tag/bridge setup