Proxmox 3.0 - Vlan and Bonding

F

fsayd

New Member
Jun 17, 2013
4
0
1
Hello:

Recently I installed Proxmox 3.0 in a testing server. The server has 2 physical interfaces and I need to configure a bond between the 2 interfaces and propagate vlans over the bond, to assign diferent vlans to different vms. Before I configured LACP (802.3ad) and trunking in the ports that connect to the server's interfaces.

I read this wiki entries:

[1] http://pve.proxmox.com/wiki/Vlan
[2] http://pve.proxmox.com/wiki/Vlans
[3] http://pve.proxmox.com/wiki/Network_Model

[1] Says:
Proxmox 2.X doesn't require (but it is still possible) to create separate virtual bridges (vmbr) for each vlan on a host machine (so it doesn't require reboot anymore)
Click to expand...


I configured through the web interface a bond between eth0 and eth1, then I added bond0 as unique member of vmbr1. Then I defined the virtual machine network settings and configured the vlan tag to 20, but when I try to start the vm it stops with the next error:

Code: 
no physical interface on bridge 'vmbr1'
/var/lib/qemu-server/pve-bridge: could not launch network script
kvm:  -netdev  type=tap,id=net0,ifname=tap109i0,script=/var/lib/qemu-server/pve-bridge,vhost=on:  Device 'tap' could not be initialized


Why do it complain about "no physical interface in vmbr1?
Do I need to add the vlan to /etc/network/interfaces (vlan-raw-device bond0, etc...)?


Any help is welcomed

Regards

Federico

PS: Sorry for my basic English, it is not my native language.
 
But, it is not supposed that the bond (that is member of the bridge) contains the physical interface?

The docs in [2] show a configuration with a bridge with a bond as member, with the difference that is a bond with a vlan definition.

I get confused with the notes in [1] that say that in Proxmox 2.x there is no need to create a bridge per vlan, only to define the vlan tag in the network settings of the vm's interface. Therefore I dont know if I need to define vlans manually in /etc/network/interfaces or not.

Can anyone clarify what document I should follow to configure my network ( [1], [2] or [3])?


[1] http://pve.proxmox.com/wiki/Vlan
[2] http://pve.proxmox.com/wiki/Vlans
[3] http://pve.proxmox.com/wiki/Network_Model

Thanks
 
Thanks

I could solve my problem with vlans and bonding. I did not need touch /etc/network/interfaces. Only configure bond and bridge in the web interface, reboot and add tags to the virtual interfaces.

I got confused with documentation. Especially with vlans definitions in /etc/network/interfaces that disappears in Proxmox 2.0 and up. [1] Says that
Proxmox 2.X doesn't require (but it is still possible) to create separate virtual bridges (vmbr) for each vlan on a host machine (so it doesn't require reboot anymore)
Click to expand...
This confused me, because, although in Proxmox 2.0 and up you don't need reboot to create vlans, you still need reboot when you create bridges and bonds to activate them.

There is three wiki entries related to network, vlans and bonding. I think that would be good if someone could reorganize documentation by proxmox version and merge the Vlan entries in a unique wiki entry.


Thanks Dietmar for your help

Federico

[1] http://pve.proxmox.com/wiki/Vlan
[2] http://pve.proxmox.com/wiki/Vlans
[3] http://pve.proxmox.com/wiki/Network_Model
 
Hi Dietmar.

I have a simple other meaning of this:

dietmar said:
You need a physical connection to the outside - else a vlan makes not much sense.
Click to expand...


You do not need external physical network devices that makes vlans sense!.

Example:
You have only one Server and you want to handle the full set of network connections (different VLANs) on top of this server (e.g.: Incomming Firewall VM with VLAN 2; Outgoing from Firewall to much(!) different Projekt LANs and others with VLANs 3-100 or more). In this case you will go in trouble with any Firewall, I know if you have to configure hundreds of virtual Interfaces with KVM/Proxmox for this Firewall/Router.

In this case it makes sense to configure a TRUNK (802.1q Tagged) Bridge, that i can add vlans inside of the Router ...

Or do you have an other idea to handle this configuration?

Cheers Stephan
 
Hi Dietmar.


dietmar said:
Simply create more bridge devices?
Click to expand...


This is not a really good answer I think. What will happen if I create more bridge devices whith their own VLAN configuration?
I have to add each VLAN-Bridge-Device as own NIC-Interface to the VM inside Proxmox. This will result in many many NIC's inside of the VM.

As I know will KVM not support hundrets of virtual NIC's to one VM and on the other side the OS inside of the VM-Box will not support hundrets of dedicated NIC's.

The only way I know is, that I have ONE Bridge (maybe vmbr1) which will handle ALL VLAN's (as Trunk / 802.1q) and will transport each VLAN-Traffic (from all VLAN's) to alle VM's which are connected to THIS Trunk-Bridge (maybe vmbr1). In this case it is possible to create VLAN-Devices inside of the OS of the VM-Box and all problems are done.

If I have did not understanding you correctly, please give me a short example what you are meaning with "create more bridges". A verry short overview would be good (for me). I have some tasks done to create multiple birdges with VLANs. But nothing from them will take effekt. VM's which are connected to the same VLAN-Bridge on the same Host could not communicate. All physical equipment is correct (physical Boxes and the Host itself can communicate over VLANs (but not to their own VM's). If I will create a bridge on a 802.1Q-Tagged physical NIC, the communication is good (to outside!).

Have I done some mistakes or a short wrong view to the network model to handle VLANs on the bridges in interoperability with KVM? Are there any ebtables oder iptables or other thinks which I have to do?

I have read the HowTo's in your wiki, but this articles only discribe the situation that I would have ONE VLAN on ONE bridge and not MULTIPLE VLAN's on ONE brdige to untag inside of the Box.

Cheers Stephan
 
Hi supertuxer,

are you solved the problem to assign a Trunk to a VM box? I have tried many Thinges without to resolve the Problem to assign a trunked line to a vm box.


supertuxer said:
I have read the HowTo's in your wiki, but this articles only discribe the situation that I would have ONE VLAN on ONE bridge and not MULTIPLE VLAN's on ONE brdige to untag inside of the Box.

Cheers Stephan
Click to expand...
 
I have solved this issue only with openvswitch.
With the normal methods it wasn't possible to create a stable environment.

Create a switch and attach clans to this switch.
Create a bond or bridge to this openvswitch vlan switch.

Cheers
Stephan
 
Please take care that are all packages are installed that you need:
apt-get install openvswitch-common openvswitch-switch openvswitch-controller openvswitch-datapath-dkms dkms openvswitch-datapath-source vlan

Normally all packages that are needed should already installed, because proxmox has openvswitch support (for experimental usage!).
You can mix bridges created with "brctl" and bridges with "ovs-vsctl". I prefer ovs-vsctl in this case.


valshare said:
Hi,

thanks. Can i handle it over the GUI?
Click to expand...

Oh sory, i little late my answer.

I think it is right now not handled by GUI.

Here is a little howto:

1) Show existing status:
dell4300 ~ # ovs-vsctl show
495c729d-ba30-4c59-a3b5-4cbf87868f67
ovs_version: "2.0.1"

No switches are setup.


2) Create a switch:
ovs-vsctl add-br vlantest

3) Now, a new switch is created. Verify it with "ovs-vsctl show"
dell4300 ~ # ovs-vsctl show
495c729d-ba30-4c59-a3b5-4cbf87868f67
Bridge vlantest
Port vlantest
Interface vlantest
type: internal
ovs_version: "2.0.1"


4) Create a new "VLAN" (TAG 60 with the name vlan60) on the created switch "vlantest"':
ovs-vsctl add-br vlan60 vlantest 60

5) Again, show the actual status:
dell4300 ~ # ovs-vsctl show
495c729d-ba30-4c59-a3b5-4cbf87868f67
Bridge vlantest
Port "vlan60"
tag: 60
Interface "vlan60"
type: internal
Port vlantest
Interface vlantest
type: internal
ovs_version: "2.0.1"


If you want to test the vlan60 bridge:
ifconfig vlan60 "IP-Address of your choice"
ping to another vlan60 partner


Right now:
One switch with untagged settings (vlantest)
One switch with tagged (TAG: 60) setting

Both switches are usable. But no configuration inside of the proxmox GUI.
You habe to do all settings manually.

Please setup security settings you need on the new switches, bridges and/or devices.

Cheers
Stephan
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back