Passing a Trunk of VLANs from am bonded bridge to a VM

[engelant]

Hi there,
I am currently trying to create a setup, that looks like this:

[FONT=courier new]    +-----+    +-----+                         
    |ETH0 |    |ETH1 |                         
    +---+-+   ++-----+                         
        |     |                                
      +-+-----+-+                              
      |  BOND0  |                              
      +----+----+                              
           |                                   
           |                                   
      +----+-----+  VLAN.10  +----------------+
      | BRIDGE0  +-----------+   BRIDGE0.10   |
      +----+-----+           +----------------+
           |                 |IP: 10.0.14.6/24|
   TRUNK   |                 |                |
+----------+                 +----------------+
|                                              
|   +-----------------------------------+      
|   | VM                                |      
|   +-----------------------------------+      
+---+ ETH0                              |      
    |  +-ETH0.10                        |      
    |  +-ETH0.20                        |      
    |                                   |      
    |                                   |      
    |                                   |      
    +-----------------------------------+      




[/FONT]

With my current config I have the BRIDGE0.10 Interface working as the Proxmox Management IF.
But when i use my bridge0 for a network interface (VirtIO - no vlan) and create ETH0.10 inside the VM,
ETH0 is only able to communicate with BRIDGE0.10, while BRIDGE0.10 can comunicate with the whole network.

If I configure my network interface (Virtio - vlan 10), eth0 inside the VM works as expected.



The goal of my setup is to have a firewall running inside the vm with access to all vlans on the switch. More important, I want to be able to add a new vlan on the switch, and to acess it by creating a new vlan device inside the VM without restarting.

Also, here an attachment of my current config:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# bonding eth0 and eth1
auto bond0
iface bond0 inet manual
        bond-mode 802.3ad
        bond-miimon 100
        bond-lacp-rate slow
        bond-slaves none

# The hardware network interfaces
auto eth0
iface eth0 inet manual
    bond-master bond0

auto eth1
iface eth1 inet manual
    bond-master bond0

auto vmbr0
iface vmbr0 inet manual
        bridge_ports bond0
        bridge_stp off
        bridge_fd 9

#new VLAN on bridge Interface as managment interface
auto vmbr0.10
iface vmbr0.10 inet static
    vlan-raw-device vmbr0
    address 10.0.14.6
    netmask 255.255.255.0
    gateway 10.0.14.1

Does anybody know, what is blocking the VM from communicating to the outside given my setup?

Thanks

 

[Mr.Holmes]

Hello engelant,

I also had problems with VLANs bridged to VMs. Of course, not exactly the same configuration. Just as a hint: I changed to openvswitch and everything works perfectly (with VMs - in case of CTs a small trick was necessary but works no fine too).

kind regards

Mr.Holmes

 

[spirit]

yes, they are some bugs with linux bridge mixing tagged and untagged vlans (and mainly 2.6.32).

you can give a try to kernel 3.10.

or use openvswitch. (about openvswitch, it'll be fully supported by openvz for next proxmox release, including dynamic vlan management)