OVS with 2 NIC configuration

razerzone

New Member
Sep 7, 2019
1
0
1
35
Hi,
I tried to find a solution for this setup on my proxmox with OVS. We looking to have single vmbr0 for all our VMs and control using Vlans. Been looking for guides and tutorial but not find any so far.

My proxmox server :
1st NIC -> public ip
2nd NIC -> private ip

VM/LXC:
vm100 - vlan55 - to public internet
lxc101 - vlan66 - to private network

Sorry this is my 1st time to exploring OVS and want to learn to do it. Please do correct me if i'm wrong. Thank you

Code:
# Loopback interface
auto lo
iface lo inet loopback

auto enp2s0f0
allow-vmbr0 enp2s0f0
iface enp2s0f0 inet manual
  ovs_bridge vmbr0
  ovs_type OVSPort
  ovs_options tag=1 vlan_mode=native-untagged
  mtu 9000

auto enp2s0f1
allow-vmbr0 enp2s0f1
iface enp2s0f1 inet manual
  ovs_bridge vmbr0
  ovs_type OVSPort
  ovs_options tag=1 vlan_mode=native-untagged
  mtu 9000

auto vmbr0
allow-ovs vmbr0
iface vmbr0 inet manual
  ovs_ports enp2s0f0 enp2s0f1 vlan1 vlan55 vlan66
  mtu 9000


# Virtual interface to take advantage of originally untagged traffic
allow-vmbr0 vlan1
iface vlan1 inet static
  ovs_type OVSIntPort
  ovs_bridge vmbr0
  ovs_options tag=1
  ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
  address <wan-public ip>
  netmask 255.255.255.252
  gateway <wan-public ip gw>
  mtu 1500

#for natting option as we only have 1 /30 public ip
allow-vmbr0 vlan55
iface vlan55 inet static
  ovs_type OVSIntPort
  ovs_bridge vmbr0
  ovs_options tag=55
  ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
  address 10.0.0.1
  netmask 255.255.254.0
  mtu 9000
  post-up   iptables -t nat -A POSTROUTING -s '10.0.0.0/23' -o vmbr0 -j MASQUERADE
  post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/23' -o vmbr0 -j MASQUERADE

#For 2nd NIC private IP /27 going to physical fw
allow-vmbr0 vlan66
iface vlan66 inet static
  ovs_type OVSIntPort
  ovs_bridge vmbr0
  ovs_options tag=66
  ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
  address 10.0.64.1
  netmask 255.255.255.224
  mtu 9000
 
Do you really need OVS? If you just need VLANs on your bridge you can set it to vlan-aware, set the VLAN for the VM and skip the complexity of OVS.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!