Newbie Question about Bonding and VLAN's - Host or Guest?

T

traveler

New Member
Mar 2, 2022
3
0
1
50
We have just started using PVE and the first question I have is where do I make the network bonds and VLAN's. Should they be created on the PV host or in the Guest VM that actually needs the Bond / VLAN's.

I haven't been able to find a definite answer to this. Will Bonds and VLAN's inside Guest VM actually work properly.

I intend to use a PPPOE Server running inside a Guest VM that utilizes Layer 2 packets to initiate the PPPOE Connection. So L2 communication between the external network and the Guest VM is necessary. Also this traffic will be coming from a Network Bonded Interface and tagged as a VLAN.

Any guidance will be really appreciated.
 
There are a few options on how to approach this, especially regarding VLANs.

The bond should be done on the Proxmox VE host level, then use that bond as "bridge-port" for the vmbr interface.

Regarding VLANs you can either set it directly on the NIC for the VM, this is similar as configuring a VLAN on a switch port as untagged. The VM will not be aware it is in a VLAN. This is useful if that VM only needs to be in one VLAN. If it needs to be in a handful more, adding more NICs to the VM and setting the VLAN IDs for them is also an option.

If the VM needs to have a trunk port, check out the "trunks" option when configuring the "net" device for a VM (https://pve.proxmox.com/pve-docs/qm.1.html), but that needs to be done via the CLI or API.

The other option is to define vmbr interfaces to be in a VLAN. Here you have a few options again. You could create a VLAN device, using the bond, and then using the VLAN device as the bridge port. Or you use the dot notation to mark the VLAN in the bridge port, for example bond0.10 for VLAN 10 on bond0.

If it is okay that the VM will configure the VLANs itself, therefore being able to configure any VLAN, you can enable the "VLAN aware" option in the vmbr interface. With this enabled, the vmbr interface will handle the VLAN tags in the traffic from the VM correctly.
 
Thanks Aaron, is there any performance considerations if I use one or the other approach from the ones you mentioned.

We have a heavily loaded MikroTik CHR based PPPOE concentrator which handles around 2000 PPPOE sessions and pushes around 2 Gbps traffic to and from the Internet.

Bonding will be used on both sides. One bond for outgoing traffic which uplinks to our Internet Core Router. The second bond will be used to receive incoming pppoe traffic over a VLAN to this VM.

My performance question is for the Incoming PPPOE traffic coming over a bonded interface with a VLAN. Where should we define the VLAN for this for best performance.

Thanks once again.
 
If you don't need to use the integrated firewall, disable the "firewall" checkbox in the NIC for the VM. This will avoid having the fwXXX interface for the VM NICs, thus saving a few CPU cycles.

Other than that, I cannot say if there are any considerable performance gains / penalties either way.

If you have a dedicated physical NIC for that traffic, you could think about using PCI pass-through to use the physical NIC directly in the VM. See the admin guide and the extra page on the PVE wiki for more details.
 
Thank you very much. I will proceed accordingly and hopefully report back on our progress.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom