OVS Bridge Between VMs (QinQ?)

[uberdome]

I need a bridge between 2x Servers and multiple VMs that carries multiple VLANs.

This would normally be accomplished with QinQ. I have VLAN20 on my switch coming in with multiple internal VLANs. If the system behaved as I would expect, I would be able to make a port on a VM, assign VLAN20 to that port, and have all internal VLANs availble to the VM. If I do so, I only get the native VLAN inside VLAN20, and all other internal VLANs are gone.

When connecting a bridge to a port, all VLANs and QinQ VLANs appear to work just fine.

It occurs to me that a second bridge that is exposed to the QinQ VLAN may solve these issues.

Is there an accepted way to setup a 2nd bridge (My primary is vmbr0, so let's call the 2nd bridge vmbr20) that connects to a VLAN on the primary bridge? [It appears this could be the equivalent of a fake bridge, but I'm not sure PVE will support it.]

 

[spirit]

do you have tried with vlan-aware bridge ?

auto vmbr0
iface vmbr0 inet manual
   bridge_ports eth0.20  #your external vlan
  bridge_stp off
  bridge_fd 0
  bridge_vlan_aware yes
  bridge-vids 2-4094    #your internal vlans

and don't setup any vlan on your vm nic.

 

[uberdome]

do you have tried with vlan-aware bridge ?

auto vmbr0
iface vmbr0 inet manual
   bridge_ports eth0.20  #your external vlan
  bridge_stp off
  bridge_fd 0
  bridge_vlan_aware yes
  bridge-vids 2-4094    #your internal vlans

and don't setup any vlan on your vm nic.

I have not tried that (I was not aware of it). Do I need to do anything to define eth0.20, or is it automatically functioning as eth0.VID?

 

[uberdome]

do you have tried with vlan-aware bridge ?

...
eth0.20 
...

and don't setup any vlan on your vm nic.

Proxmox complains:


[In my test, ports are referenced as eno, not eth.]

How do you define a VLAN as a port?

 

[spirit]

oh sorry, my config is with linux bridge, not ovs.

you need to edit /etc/network/interfaces manually , I'm not sure that proxmox gui support tagged interface vlan yet.

 

[uberdome]

oh sorry, my config is with linux bridge, not ovs.

you need to edit /etc/network/interfaces manually , I'm not sure that proxmox gui support tagged interface vlan yet.

I have attempted manually and through the GUI. I think I need an OVSPort definition for VLAN, but I cannot find documentation explaining the configuration file.

The best implementation method I can find (aside from typical dot1q-tunneling which is not yet natively supported) is to create a fake bridge. I still can't find documentation for configuration files for fake bridges, either, though.

 

[David Herselman]

We've been running QinQ VMs for almost 2 years, ie virtual router or firewall with VLANs with a single virtual Ethernet uplink assigned to the VM.

PVE 6 simply requires a very simple change to the network initialization script, details here:

https://forum.proxmox.com/threads/proxmox-5-0-and-ovs-with-dot1q-tunnel.34090/post-211337