OVS QinQ config

Jan 22, 2021
3
0
1
We try to crossconnect traffic from external devices into VMs running on pve. The external devices operate with untagged and vlan-tagged traffic. The VMs are supposed to receive the traffic the same way - untagged and tagged. The VMs have proper vlan configs "inside" to receive the traffic properly.

Since there are several devices out there using all untagged traffic and the same vlan IDs it requires to tunnel the traffic from the switch port, where the devices connect to, to the VM. There is a 1:1 mapping between device ports and ports at the VM.

I tried to configure a OVS bridge associated with the physical port connetced to the external switch. Then I defined a SDN zone. The zone required a s-valn tag. Then I configured a vnet associated with the zone. This vnet requires a tag. I'm confused about this because in essense the vnet is supposed to be a .1q trunk for tagged and untagged traffic.

The documentation is to me also very confusing.

May I ask for your advice?
TIA
 

Attachments

  • PastedGraphic-2.png
    PastedGraphic-2.png
    111.9 KB · Views: 29
Hi,

the sdn part is very flexible, so you can define qinq in differents way.

if you don't want to define vlan tags inside the vm, you can use the "qinq" plugin. This will manage the s-tag in the zone && the c-tag in the vnet.
(if you enable vlan-aware on vnet, you can also add an third vlan tag in the vm guest or on the nic gui).

as you want to manage c-tag inside your vm, the most simple way is to use the "vlan" plugin.

create a vlan zone, with a vnet with a tag. (this will be the s-tag), enable vlan-aware, and then your vlan inside your guest will work. (you can also set vlan tag in the vm option nic, if you only need 1 c-tag for this nic)
 
Hi,

many thx for the response. I prefer the qinq model. The issue I have with it is that I would define the vnet as vlan-aware and w/o a vlan tag. This is not possible at GUI level, because the vnet config requires a vlan definition. It is not clear to my why and what this vlan definition actually does. If you could elaborate on that, that would be great.

Secondly, after configuring the qinq zone with the s-vlan I see at cli level in the OVS configuration that it configures "dot1q-tunnel". This is what I want. After configuting the vnat I don't see anything happening on the OVS configuration, basically I don't see how the vnet is being attached to the OVS bridge. I see that vnet creates an vlan.interface e.g. eno1.100 if I had configured vlan 100 in the vnet (which I don't want to configure, but the GUI forces me to do so). In the documentation it says that the vnet config defines a linux bridge which is then attached to the OVS bridge. Is there way to verify what the vnet deficition does in the OS and where the interconnect of the vnet and the ovs qinq plugin is?

I would like to reiterate that I have untagged and tagged traffic from the physcial devices which need to be dot1q.tunneled to the VMs. The VMs themselves take care of the tagged and untagged traffic via the VM-internal configuration. That is the design goal.

Many thx
 
Hi, sorry to be late.

as I said, you can do it with the "vlan" zone plugin + vlan-aware vnet

with this plugin, the tag define on the vnet will be the service vlan-tag. (like for qinq plugin at zone level).

Then, you can add the customer vlan tag inside your vm guest ok.

This will generated something like:

# eth0----ovs vmbr0--(ovsintport s-tag)---->vnet (linux bridge)---->vm---(c-tag inside the guest)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!