OVS VLAN Tagging

[Moltes]

Hello,
I'm configuring 5.3 version.
I've setup bond0 ont 2 NIC for management : OK. There is no VLAN because upstream switch is in access on the management vlan.

I want to use 2 other NICS to procvide Storage replication. These NICS are connected to upstream switches on ports configured as trunk 802.1Q.
For the first step, I set up : OVS Bond. This OVS Bond is in an OVSBridge.
I've installed ovs zswitching using apt-get command.

Then I set up an OVSIntPort on vlan 300.

This conf was the same on all of the 3 hosts in my cluster.
But, there is no host able to ping the others using this OVSPort. I think the packet aren't forwared through the OVS Bridge.

Can you help me ?

 

[Moltes]

Is there anything I can check or reconfigure ?

 

[Stoiko Ivanov]

hm - why do you use OVS ? That setup works with regular linux bridges/bonds/vlans - and you have one moving part less in the equation.

Try aligning your config with the reference-documentation - https://pve.proxmox.com/pve-docs/pve-admin-guide.html#sysadmin_network_configuration

If the problem persists, please post your `/etc/network/interfaces` and the output of `ip l`, `ip a`, `ip r`

 

[Moltes]

Hello.

I've changed configuration to use linux bridges instead of OVS.
Here is the content of interfaces file (on the nodes - just ip address is changed):

auto lo
iface lo inet loopback

auto eno53
iface eno53 inet manual

auto eno54
iface eno54 inet manual

auto eno49
iface eno49 inet manual
        bridge_vids 2-4096

auto eno50
iface eno50 inet manual
        bridge_vids 2-4096

auto bond0
iface bond0 inet static
        address  10.220.92.76
        netmask  255.255.255.0
        gateway  10.220.92.254
        bond-slaves eno53 eno54
        bond-miimon 100
        bond-mode active-backup

auto bond1
iface bond1 inet manual
        bond-slaves eno49 eno50
        bond-miimon 100
        bond-mode active-backup

auto vmbr0
iface vmbr0 inet static
        address  192.168.1.3
        netmask  255.255.255.0
        bridge-ports bond1.300
        bridge-stp off
        bridge-fd

Now, when I use tcpdump -nn -i bond1.300, I can see STP packets from my upstream switches.
But there is no packet between the 2 nodes whe I ping each bond1.300 address.
Can you explain to me what's wrong ?

Thanks.

 

[Stoiko Ivanov]

the bridge_vids belong to the bridge-stanza - not the ethernet stanza - and you need to make the bridge VLAN-aware - if you need that.

If you want to have a tagged bond-interface it should work if you just drop the `bridge_vids` lines.
- please try to do that - reboot and test again.

Regarding the packets not going between the nodes - check on the sending and on the receiving node whether the ping goes out and whether it arrives - like:
`tcpdump -envi bond1` (the packets should show up as having a 300 VLAN-tag.

If it's leaving the source box but not arriving at the destination - it could be that the switch is misconfigured (or simply has vlan 300 as default vlan/untagged)

Hope this helps!

 

[Moltes]

I've just tried to remove bridge-vids lines.
The result is KO.
The bond1.300 interface still see STP packets from my uptsream switches.
When I try to ping from the node I dump the packet, there nothing displayed. It seems that the packets don't go out from the node.

 

[Stoiko Ivanov]

I assume you try to ping something in `ping 192.168.1.0/24`..

do you see anything if you sniff on bond1? (or on both ethernet-interfaces)?

please post the output of:
`ip link`
`ip addr`
`ip route`