proxmox 7.0 sdn beta test

spirit

Famous Member
Apr 2, 2010
5,253
504
133
www.odiso.com
it does the trick thank you spirit.
and yes this is quite bit confusing. is it used for multitenancy?
well, some users have asked about it, for some specific setups.


It could be used to use vlan tag over vxlan for example.
I have also some users needing triple tag ^_^. (qinq zone with double tag, and another tag at vm level).
or some users want to do qinq, with a vlan zone at proxmox level, and users manage the second vlan inside the vlan guest.

https://pve.proxmox.com/pve-docs/chapter-pvesdn.html#pvesdn_config_vnet
"VLAN Aware
Allow to add an extra VLAN tag in the virtual machine or container vNIC configurations or allow the guest OS to manage the VLAN’s tag."

I'll try to make the doc more explicit too.
 

ricou

New Member
Dec 12, 2020
9
0
1
38
Hello.

I have some question about provisionning cloud-init image in SDN proxmox cluster.
I thought when i clone a vm with cloud init process enable , the vm will inherite of the gateway given in vnet/network in SDN module.
I did n' notice this with my test. Si what is the purpose of the gateway field in SDN module?

Thank you for your answer.
 

spirit

Famous Member
Apr 2, 2010
5,253
504
133
www.odiso.com
Hello.

I have some question about provisionning cloud-init image in SDN proxmox cluster.
I thought when i clone a vm with cloud init process enable , the vm will inherite of the gateway given in vnet/network in SDN module.
I did n' notice this with my test. Si what is the purpose of the gateway field in SDN module?

Thank you for your answer.
currently, the ipam module don't allocated yet ip address for vm (cloudinit) or ct (in ct config directly).
(when it'll be done, an ip will be get from ipam in the defined subnet + the gateway).
I'm still working on it.

Currently, the gateway is only used by routed zones ( "simple" && "bgp-evpn"), as the gateway is the ip on the vnet directly.
 

ricou

New Member
Dec 12, 2020
9
0
1
38
Hello
i'm facing a new problem with the SDN module.
the vwan interface on the VWAN zone is on error on 1 node only (among a 3 node cluster) : "error iface vwan"

How can i check /correct this?

Is there a troubleshoot guide for SDN? which are the log files to check?


Ty
 

Attachments

  • 20211124-essos.tar
    10 KB · Views: 2

spirit

Famous Member
Apr 2, 2010
5,253
504
133
www.odiso.com
Hello
i'm facing a new problem with the SDN module.
the vwan interface on the VWAN zone is on error on 1 node only (among a 3 node cluster) : "error iface vwan"

How can i check /correct this?

Is there a troubleshoot guide for SDN? which are the log files to check?


Ty
the config seem to be correctly generated.
can you send me the result of "ifreload -a -d" on this node ?


(btw, you can use 1 zone with multiple vnets if you want, no need to defined 1zone=1vnet )
 

ricou

New Member
Dec 12, 2020
9
0
1
38
ifreload result is join.

I know that i dont need to define 1 zone per vnet.
zone that i defined are logical zone WAN, front, back. I will create more vnet on each zone when i will need it. May be my comprehension of what a zone is are not correct.
Is multitenancy/rights assignement the only purpose of zone ?
 

Attachments

  • 20211124-ifreload.log
    34.4 KB · Views: 2

spirit

Famous Member
Apr 2, 2010
5,253
504
133
www.odiso.com
ifreload result is join.

I know that i dont need to define 1 zone per vnet.
zone that i defined are logical zone WAN, front, back. I will create more vnet on each zone when i will need it. May be my comprehension of what a zone is are not correct.
Is multitenancy/rights assignement the only purpose of zone ?

the reload seem to be fine.
can you send also the result of "ifquery -a -c" ?

the veriification is done by this command.

About the zone, currently, it's mainly for :
- permissions assignments (not yet 100% finished, it's still missing the filtering of vmbrX in vm nic gui currently)
- you can define a zone on only speficic nodes


(I don't known exactly your usecade, but if all yours zones use the same vmbrX, and are assigned to all nodes and you don't need specific permissions, you can use 1 zone).
 

ricou

New Member
Dec 12, 2020
9
0
1
38
i think i will get one zone like you said.


this is the result for ifquery -a -c
auto lo iface lo inet loopback auto enp7s0f0 iface enp7s0f0 inet static [pass] address 10.50.0.50/24 [pass] auto eno2 iface eno2 inet manual auto eno3 iface eno3 inet manual auto eno4 iface eno4 inet manual auto bond10 iface bond10 inet manual [pass] bond-slaves eno2 eno3 eno4 [pass] bond-miimon 100 [pass] bond-mode 802.3ad [pass] auto vmbr0 iface vmbr0 inet static [pass] bridge-ports eno1 [pass] bridge-fd 0 [pass] bridge-stp no [pass] address 10.20.0.50/24 [pass] auto vmbr10 iface vmbr10 inet manual [pass] bridge-ports bond10 [pass] bridge-stp no [pass] bridge-fd 0 [pass] bridge-vlan-aware yes [pass] bridge-vids 2-4094 [] auto vlan51 iface vlan51 inet static [pass] vlan-raw-device enp7s0f0 [pass] vlan-id 51 [pass] address 10.51.0.50/24 [pass] auto admin iface admin [pass] bridge-ports vmbr10.2100 [pass] bridge-fd 0 [pass] bridge-stp no [pass] auto bo1 iface bo1 [pass] bridge-ports vmbr10.2011 [pass] bridge-fd 0 [pass] bridge-stp no [pass] auto fo1 iface fo1 [pass] bridge-ports vmbr10.2001 [pass] bridge-fd 0 [pass] bridge-stp no [pass] auto k8s iface k8s [pass] bridge-ports vmbr10.2500 [pass] bridge-fd 0 [pass] bridge-stp no [pass] auto vwan iface vwan [fail] bridge-ports vmbr10.10 [pass] bridge-fd 0 [pass] bridge-stp no [pass] address 2a01:e34:ee55:b9f1:e4d7:feff:fe01:5de8/64 [fail]

thank you
 

spirit

Famous Member
Apr 2, 2010
5,253
504
133
www.odiso.com
address 2a01:e34:ee55:b9f1:e4d7:feff:fe01:5de8/64 [fail]

the error is because of this ipv6 ip

the ifreload show
info: vwan: netlink: ip addr del 2a01:e34:ee55:b9f1:e4d7:feff:fe01:5de8/64 dev vwan

I don't known from where it's coming from ?
maybe do you have autoconf && accept_ra enabled for ipv6 on this wan network ?
 

ricou

New Member
Dec 12, 2020
9
0
1
38
the error is because of this ipv6 ip

the ifreload show


I don't known from where it's coming from ?
maybe do you have autoconf && accept_ra enabled for ipv6 on this wan network ?
Thank you. your advice make the trick.
idisable autoconf on this specific iface
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!