Hi,
I tried to find a solution for this setup on my proxmox with OVS. We looking to have single vmbr0 for all our VMs and control using Vlans. Been looking for guides and tutorial but not find any so far.
My proxmox server :
1st NIC -> public ip
2nd NIC -> private ip
VM/LXC:
vm100 - vlan55 - to public internet
lxc101 - vlan66 - to private network
Sorry this is my 1st time to exploring OVS and want to learn to do it. Please do correct me if i'm wrong. Thank you
I tried to find a solution for this setup on my proxmox with OVS. We looking to have single vmbr0 for all our VMs and control using Vlans. Been looking for guides and tutorial but not find any so far.
My proxmox server :
1st NIC -> public ip
2nd NIC -> private ip
VM/LXC:
vm100 - vlan55 - to public internet
lxc101 - vlan66 - to private network
Sorry this is my 1st time to exploring OVS and want to learn to do it. Please do correct me if i'm wrong. Thank you
Code:
# Loopback interface
auto lo
iface lo inet loopback
auto enp2s0f0
allow-vmbr0 enp2s0f0
iface enp2s0f0 inet manual
ovs_bridge vmbr0
ovs_type OVSPort
ovs_options tag=1 vlan_mode=native-untagged
mtu 9000
auto enp2s0f1
allow-vmbr0 enp2s0f1
iface enp2s0f1 inet manual
ovs_bridge vmbr0
ovs_type OVSPort
ovs_options tag=1 vlan_mode=native-untagged
mtu 9000
auto vmbr0
allow-ovs vmbr0
iface vmbr0 inet manual
ovs_ports enp2s0f0 enp2s0f1 vlan1 vlan55 vlan66
mtu 9000
# Virtual interface to take advantage of originally untagged traffic
allow-vmbr0 vlan1
iface vlan1 inet static
ovs_type OVSIntPort
ovs_bridge vmbr0
ovs_options tag=1
ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
address <wan-public ip>
netmask 255.255.255.252
gateway <wan-public ip gw>
mtu 1500
#for natting option as we only have 1 /30 public ip
allow-vmbr0 vlan55
iface vlan55 inet static
ovs_type OVSIntPort
ovs_bridge vmbr0
ovs_options tag=55
ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
address 10.0.0.1
netmask 255.255.254.0
mtu 9000
post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/23' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/23' -o vmbr0 -j MASQUERADE
#For 2nd NIC private IP /27 going to physical fw
allow-vmbr0 vlan66
iface vlan66 inet static
ovs_type OVSIntPort
ovs_bridge vmbr0
ovs_options tag=66
ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
address 10.0.64.1
netmask 255.255.255.224
mtu 9000