No network access in containers when using VLANs

[completion]

Hello,
I am trying to migrate my setup over to use VLANs. I have set up each vlan to be 10.1.[VLAN].1/24. I have it where the web ui is on VLAN 2 but when I try to add a container, the container does not properly connect to the network. I am using OVS. I am trying to set the container to vlan 17.

Container network settings:


# /etc/network/interfaces

auto lo
iface lo inet loopback

auto eno2
iface eno2 inet manual
        ovs_type OVSPort
        ovs_bridge vmbr0
        ovs_options other_config:rstp-path-cost=20000

auto vlan2
iface vlan2 inet static
        address 10.1.2.10/24
        gateway 10.1.2.1
        ovs_type OVSIntPort
        ovs_bridge vmbr0
        ovs_options tag=2

auto vlan17
iface vlan17 inet static
        address 10.1.17.99/24
        ovs_type OVSIntPort
        ovs_bridge vmbr0
        ovs_options tag=17

auto vmbr0
iface vmbr0 inet manual
        ovs_type OVSBridge
        ovs_ports eno2 vlan2 vlan17
        ovs_options up ovs-vsctl set Bridge ${IFACE} rstp_enable=true

From the container I can ping the IntPort vlan17 address (10.1.17.99) but nothing else. Everything works properly if I change the container's VLAN tag to 2... but I need it on vlan 17.

Any help would be appreciated, I'm about at my wits end trying to figure this out.

Thanks

 

[wolfgang]

Hi,

Why do you use OVS?
Rstp is not necessary if you use one nic on the bridge?
Anyway, Linux bridge can provide RSTP with ifupdown2.

The openVswitch packages are not maintained by Proxmox.

 

[completion]

I seem to be unable to figure out how to set it up with a linux bridge.

I am trying to replicate the example from the wiki Network Configuration page for setting vlans up with a VLAN aware Linux bridge.

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet manual
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

auto vlan2
iface vlan2 inet static
        address 10.1.2.10/24
        gateway 10.1.2.1
        vlan-raw-device vmbr0

I was unable to get the 'vmbr0.2' naming scheme to work (error 'vlan-raw-device: invalid format - invalid network interface name' for 'vmbr0.2') but I think it is otherwise correct. When I reload/apply config I get these warnings:

warning: vmbr0: error getting dependent interfaces (misconfiguration of bridge attribute(s) on existing non-bridge interface (vmbr0))
warning: vmbr0: error getting dependent interfaces (misconfiguration of bridge attribute(s) on existing non-bridge interface (vmbr0))
warning: vmbr0: error getting dependent interfaces (misconfiguration of bridge attribute(s) on existing non-bridge interface (vmbr0))
warning: vmbr0: error getting dependent interfaces (misconfiguration of bridge attribute(s) on existing non-bridge interface (vmbr0))
warning: vmbr0: invalid use of bridge attribute (bridge-ports) on non-bridge stanza
warning: vmbr0: invalid use of bridge attribute (bridge-stp) on non-bridge stanza
warning: vmbr0: invalid use of bridge attribute (bridge-fd) on non-bridge stanza
warning: vmbr0: invalid use of bridge attribute (bridge-vlan-aware) on non-bridge stanza
warning: vmbr0: invalid use of bridge attribute (bridge-vids) on non-bridge stanza

Thanks

Edit; Rebooting makes the warnings go away

 

[wolfgang]

For the Vlan vdev you need "ifupdown2"
But be sure that Proxmox VE repositories are working correctly.
Because if they don't work you get the Debian 'ifupdown2' package and this is not compatible with our setup.

apt update && apt install ifupdown2

And here are the correct interfaces
You missed the vlan-id

auto lo
iface lo inet loopback

auto eno1
iface eno1 inet manual

auto vmbr0
iface vmbr0 inet manual
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

auto vlan2
iface vlan2 inet static
        address 10.1.2.10/24
        gateway 10.1.2.1
        vlan-id 2
        vlan-raw-device vmbr0