LXC problem with VLANS

[stefano.zaniboni]

Hi all,
i'm trying to add a second vNIC to my LXC containers: on my router (usg) i've created a second network against the principal with a vlan tag 10. I've configured on my switch (unifi switch) to propagate on all ports the vlans. On my proxmox node i've checked the network option 'Vlan aware' on vmbr0 and on my container i've added a second nic specifying the vlan tag.
If i try with

ip a

inside the container (ubuntu image) and this is the output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
41: eth0@if42: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4e:84:69:cf:dc:c5 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.2.25/24 brd 192.168.2.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::4c84:69ff:fecf:dcc5/64 scope link
       valid_lft forever preferred_lft forever
46: eth0.10@if47: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether b2:dc:c8:b3:e0:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.0.0.5/22 brd 10.0.3.255 scope global dynamic eth0.10
       valid_lft 83095sec preferred_lft 83095sec
    inet6 fe80::b0dc:c8ff:feb3:e08d/64 scope link
       valid_lft forever preferred_lft forever

But when i try to ping via interface eht0.10 this doesn't work. If i remove the eth0 from proxmox menu and reboot the container with the vlan interface only it works.
Someone can help me?
Thank you

 

[Alwin]

Name the interface eth1 and set the vlan tag separately through the config. Inside the container, you will only see the eth1 without the vlan notation, but the traffic will be tagged on the host. You should see a separate bridge and interface with the vlan notation.

 

[stefano.zaniboni]

Hi @Alwin thank you for your answer: i've renamed the interface (now it's called eth1) but i don't understand next steps. Must i have remove the vlan tag in the proxmox web interface? Can you guide me for the right steps? Thank you.

Stefano

 

[Alwin]

Keep the tag.
https://pve.proxmox.com/pve-docs/chapter-pct.html#pct_container_network

 

[stefano.zaniboni]

Now this is my situation.



Via dhcp i have received a lease:

steve@ZABBIX:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
51: eth0@if52: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4e:84:69:cf:dc:c5 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.2.25/24 brd 192.168.2.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::4c84:69ff:fecf:dcc5/64 scope link
       valid_lft forever preferred_lft forever
56: eth1@if57: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether b2:dc:c8:b3:e0:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.0.0.5/22 brd 10.0.3.255 scope global dynamic eth1
       valid_lft 46959sec preferred_lft 46959sec
    inet6 fe80::b0dc:c8ff:feb3:e08d/64 scope link
       valid_lft forever preferred_lft forever

But still if use

ping -I eth1 8.8.8.8

i receive

steve@ZABBIX:~$ ping -I eth1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 10.0.0.5 eth1: 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3065ms

steve@ZABBIX:~$

 

[Alwin]

This is beyond the network settings of the Proxmox node. The container got an IP, so the vlan works. Check routing and firewall(s) that could block the icmp request.