Thanks mostly to Mr. Holmes, I now have my basic OVS configuration working on PVE.
There appear to be some challenges when using VLANs with CTs. To summarize:
Assigning venet IP addresses would really be the best option, but does not appear work with VLANs.
Assigning a veth interface and configuring inside the CT has limitations:
Standard linux syntax for VLANs in ifconfig scripts do not appear work in CTs.
I created a veth named eth0.55 for ct103 using the PVE GUI. It did create the port, but as an untagged standard Ethernet instead of a vlan 55 tagged interface like you might expect. This is a Centos 6 CT, so I used system-config-network to add the interface to the local config. Turns out system-config-network does not understand VLANs yet, so I manually added the line VLAN=yes to /etc/sysconfig/network-scripts/ifcfg-eth0.55 that it created -- which made the script stop working completely. I'm guessing the lack of the 8021q kernel module in the CT is probably the cause of this.
Once that got straightened out, I still had to add the internal veth address (the one the host sees) into the bridge with the proper vlan tag from the command line of the host:
ovs-vsctl add-port vmbr0 veth103.0 tag=55
After this, things work as expected.
Hopefully the PVE GUI will evolve a bit on VLANs. Let me suggest one option: Whenever a veth is created having a dot.something numerical name, parse the digits to the right of the dot and use those to assign a vlan to the internal (host) port in OVS. If you want to make it even easier to read the configs, use the same digits to postpend the internal port name when it is created (e.g. veth103.55 instead of veth103.0)
There appear to be some challenges when using VLANs with CTs. To summarize:
Assigning venet IP addresses would really be the best option, but does not appear work with VLANs.
Assigning a veth interface and configuring inside the CT has limitations:
Standard linux syntax for VLANs in ifconfig scripts do not appear work in CTs.
I created a veth named eth0.55 for ct103 using the PVE GUI. It did create the port, but as an untagged standard Ethernet instead of a vlan 55 tagged interface like you might expect. This is a Centos 6 CT, so I used system-config-network to add the interface to the local config. Turns out system-config-network does not understand VLANs yet, so I manually added the line VLAN=yes to /etc/sysconfig/network-scripts/ifcfg-eth0.55 that it created -- which made the script stop working completely. I'm guessing the lack of the 8021q kernel module in the CT is probably the cause of this.
Once that got straightened out, I still had to add the internal veth address (the one the host sees) into the bridge with the proper vlan tag from the command line of the host:
ovs-vsctl add-port vmbr0 veth103.0 tag=55
After this, things work as expected.
Hopefully the PVE GUI will evolve a bit on VLANs. Let me suggest one option: Whenever a veth is created having a dot.something numerical name, parse the digits to the right of the dot and use those to assign a vlan to the internal (host) port in OVS. If you want to make it even easier to read the configs, use the same digits to postpend the internal port name when it is created (e.g. veth103.55 instead of veth103.0)
Last edited: