Open vSwitch and VLAN trunking

M

MimCom

Active Member
Apr 22, 2011
204
3
38
Southwest NM
I have OVS mostly working inside the host, with CTs and KVM guests able to communicate on various VLANs and subnets. I do not seem to be able to get these tagged VLAN packets to enter or leave the host on the physical Ethernet, which should trunk them to the upstream switch, which will then appropriately segregate and deliver them to other parts of the network.

I have found several online examples of ovs-vsctl syntax which are not referenced in the man pages. Specifically, there is an option to set trunk mode for a port and to specify what VLANs it will pass.

I have several ports configured on the switch, three of which are in VLAN 11. These ports can communicate with each other on VLAN 11, but none of them can communicate with hosts on VLAN 11 outside the box.

root@pve1:~# ovs-vsctl show
242741ec-4345-4cd5-933b-049e02f893b1
Bridge "vmbr0"
Port "vmbr0"
Interface "vmbr0"
type: internal
Port "veth103.0"
tag: 11
Interface "veth103.0"
type: internal
Port "tap100i1"
Interface "tap100i1"
Port "eth0"
Interface "eth0"
Port "tap100i0"
tag: 11
Interface "tap100i0"
Port "open88"
Interface "open88"
type: internal
Port "vlan11"
tag: 11
Interface "vlan11"
type: internal
ovs_version: "2.0.90"


Issuing the command

ovs-vsctl set port eth0 vlan_mode=trunk

Did not change the output of ovs-vsctl show at all (possibly trunk mode is the default setting?)



Explicitly enumerating the VLANs to be trunked

ovs-vsctl set port eth0 vlan_mode=trunk trunk=0,1,11

does change the output of the show command

root@pve1:~# ovs-vsctl show
242741ec-4345-4cd5-933b-049e02f893b1
Bridge "vmbr0"
Port "vmbr0"
Interface "vmbr0"
type: internal
Port "veth103.0"
tag: 11
Interface "veth103.0"
type: internal
Port "eth0"
trunks: [0, 1, 11]
Interface "eth0"
Port "open88"
Interface "open88"
type: internal
Port "vlan11"
tag: 11
Interface "vlan11"
type: internal
ovs_version: "2.0.90"

but tagged packets are still not flowing out onto the wire.

Can anyone guide me here on getting tagged packets to traverse the physical Ethernet interface?

thanks~
 
Last edited:
(possibly trunk mode is the default setting?)
Click to expand...

yes !

Explicitly enumerating the VLANs to be trunked

ovs-vsctl set port eth0 vlan_mode=trunk trunk=0,1,11
Click to expand...

only needed if you wan to secure/limit the vlans on the trunk


It should works out of the box normally.
Are you sure that your physical switch is also configured in trunk mode ?
 
I was growing suspicious about the switch, so I did some testing between the two routers on newly-created VIFs. No connectivity through the Cisco, but everything worked using an unmanaged TrendNet switch. This morning I moved the Proxmox host and both internal router NICs to the unmanaged switch and now everybody can talk.

Is there something about Trunk Mode (factory-defaulted config) on a Cisco SG300 that strips tags?
 
>> Cisco SG300

SG300-Router01(config)# int gi1
SG300-Router01(config-if)# switchport mode trunk
SG300-Router01(config-if)# switchport trunk allowed vlan add 11

about vlan0, this is strange, because vlan 0 is no vlan.
(I'm not sure that you can mix tagged and untagged frames on sg300)


 
spirit said:



Explicitly enumerating the VLANs to be trunked
Click to expand...

ovs-vsctl set port eth0 vlan_mode=trunk trunk=0,1,11
Click to expand...


only needed if you wan to secure/limit the vlans on the trunk
Click to expand...

Check, understood.

Any idea how I can remove the specific trunks and allow all? trunks=all and trunks=* are not valid expressions. Changing to vlan_mode=access did not remove them either. The vlan_mode= option does not appear to be well documented (no mention in the man pages, not much online.)
 
Hi:
But even after I have set the port in trunk mode, the ethernet interface still can not successfully transmit the packets with vlan tags out from the host server. I am afraid that I have to configure the interface into the trunk mode at first. Do you think so, and knows how to do it?
Thank you very much!
 
ywxu said:
Hi:
But even after I have set the port in trunk mode, the ethernet interface still can not successfully transmit the packets with vlan tags out from the host server. I am afraid that I have to configure the interface into the trunk mode at first. Do you think so, and knows how to do it?
Thank you very much!
Click to expand...

Hi, you don't need to configure openvswitch in trunk mode, this is the default mode.

But of course, you need to configure your physical switch to allow vlan tag. (trunk mode in cisco for example)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back