[SOLVED] OVS bridge with vlans

Discussion in 'Proxmox VE: Networking and Firewall' started by troycarpenter, May 6, 2016.

Tags:
  1. troycarpenter

    troycarpenter Member

    Joined:
    Feb 28, 2012
    Messages:
    72
    Likes Received:
    0
    Ok, I've read over the different guides for OVS bridges with vlans, but I can't seem to get my problem solved without resorting to the CLI, which I don't want to do after my system goes live.

    I have a VM guest that is essentially a router, and normally expects the hardware it is running on to have two ethernet ports: one WAN and one LAN. The VM host does not have a physical port for the LAN interface, so I have used vlan 3000 to attach a physical port from a smart switch as the LAN port. When configuring the LAN network interface in proxmox, I use the vlan tag 3000 and all seems to work...untagged traffic fed into the port on the switch appears in the vlan also untagged and is handled correctly by the guest VM.

    However, the problem is that the guest VM is also excepting to receive traffic tagged with vlans of 100, 600, or 800 in addition to untagged packets. With the current setup, the tagged traffic never makes it to the guest VM unless I removed the 3000 tag from the interface.

    I have found that if I put the network interface used for the guest's LAN port into native-untagged, everything works as expected. The command I have to give on the VM host is:

    ovs-vsctl set port tap601i1 vlan_mode=native-untagged

    Unfortunately, since the VM guest interfaces are added to the OVS bridge dynamically, the native-untagged is not persistent (over resets or even network interface changes, like simply changing the access vlan number).

    Is there any way to force the VM's network into native-untagged whenever that interface is configured on the switch? Is there another way I should be doing this?
     
  2. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    16,484
    Likes Received:
    314
    to allow only 802.1Q packets with vlanid 100,600,800 and tag non-802.1Q packets to vlanid 3000 :

    net0: tag=3000,trunks=100;600;800, bridge=....

    The trunks option is not available on the GUI, so you need to configure that on the command line.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    troycarpenter likes this.
  3. troycarpenter

    troycarpenter Member

    Joined:
    Feb 28, 2012
    Messages:
    72
    Likes Received:
    0
    Thanks! That worked as expected. After editing the config file for the trunks, the interface gets added in native-untagged vlan mode.

    I was trying to avoid naming the vlan's specifically and instead letting it trunk any vlan to the guest, but the default vlan mode doesn't support that. At least this way it works, but I will have to remember to edit the config file if I add another VM guest similar to this one. Plus this should work in the cluster if the VM has to move to another node.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice