[SOLVED] Proxmox bridge in VM vlan work, host not work

V

VecH

Renowned Member
Sep 12, 2015
55
1
73
Settings in host
Code: 
auto vmbr1
iface vmbr1 inet manual
        bridge-ports enp4s0f1
        bridge-stp off
        bridge-fd 0

auto vmbr10
iface vmbr10 inet static
        address 10.12.12.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

auto vmbr1.20
iface vmbr1.20 inet static
        address 10.12.2.10/23

auto vmbr1.40
iface vmbr1.40 inet static
        address 10.12.4.10/23

Config VM
Code: 
# cat /etc/pve/qemu-server/100.conf|grep net
boot: order=scsi0;ide2;net0
net0: virtio=BC:24:11:37:0A:B5,bridge=vmbr0
net1: virtio=BC:24:11:28:E7:4E,bridge=vmbr1,tag=20
net2: virtio=BC:24:11:1A:59:B3,bridge=vmbr1,tag=40

In VM (ubuntu 24.04)

Code: 
# cat /etc/netplan/50-cloud-init.yaml |grep -v "^#\|^$"
network:
    ethernets:
        ens19:
            dhcp4: false
            dhcp6: false
            addresses: [10.12.2.9/23]
        ens20:
            dhcp4: false
            dhcp6: false
            addresses: [10.12.4.9/23]
    version: 2

From the virtual machine, ping to the gateway (10.12.2.1 and 10.12.4.1) goes without losses

from the host to the gateway there are no responses

there is no connection between the virtual machine and the host either
 
In above /etc/network/interfaces conf file, the host can only use IP address 10.12.12.1/24, and it belongs to vmbr10. The strange thing is vmbr10's setting is bridge-ports none, it means this bridge is internal only.. How possible ping to gateway from host will works? maybe I missed something.
 
This is for another device on the machine, it goes to the internet via vmbr0 using NAT on the host
 
VecH said:
This is for another device on the machine, it goes to the internet via vmbr0 using NAT on the host
Click to expand...
Ok, let's comprehend it again, the host is use both IP 10.12.2.10/23 and 10.12.4.10/23 to communicate with gateway, both are belongs for vmbr1.20 and vmbr1.40 each.
In the VM.conf file, above both vlan tags also be added on each virtual interface connected to vmbr1! And communication with gateway within VM is successes without problem. I take a time to test this configuration, its just not works as the expected!
Do the same configuration vmbr1000.101 as your configuration:
Bash: 
a part of /etc/network/interfaces
---------------------------------------------------
iface enp65s0f1 inet manual

auto enp65s0f1.101
iface enp65s0f1.101 inet manual

auto vmbr101
iface vmbr101 inet static
        bridge-ports enp65s0f1.101
        bridge-stp on

auto vmbr1000
iface vmbr1000 inet static
        address 10.0.0.65/24
        bridge-ports enp65s0f1
        bridge-stp off
        bridge-fd 0

auto vmbr1000.101
iface vmbr1000.101 inet static
        address 192.168.101.65/24

source /etc/network/interfaces.d/*
---------------------------------------------------
root@pve65:~# ping 192.168.101.254
PING 192.168.101.254 (192.168.101.254) 56(84) bytes of data.
From 192.168.101.65 icmp_seq=1 Destination Host Unreachable
From 192.168.101.65 icmp_seq=2 Destination Host Unreachable
From 192.168.101.65 icmp_seq=3 Destination Host Unreachable
^C
--- 192.168.101.254 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4073ms
pipe 4
root@pve65:~#

Then changes configuration back to vmbr1000:
Bash: 
a part of /etc/network/interfaces
---------------------------------------------------
iface enp65s0f1 inet manual

auto enp65s0f1.101
iface enp65s0f1.101 inet manual

auto vmbr101
iface vmbr101 inet static
        address 192.168.101.65/24
        bridge-ports enp65s0f1.101
        bridge-stp on

auto vmbr1000
iface vmbr1000 inet static
        address 10.0.0.65/24
        bridge-ports enp65s0f1
        bridge-stp off
        bridge-fd 0

source /etc/network/interfaces.d/*
---------------------------------------------------
root@pve65:~# ping 192.168.101.254
PING 192.168.101.254 (192.168.101.254) 56(84) bytes of data.
64 bytes from 192.168.101.254: icmp_seq=1 ttl=255 time=0.492 ms
64 bytes from 192.168.101.254: icmp_seq=2 ttl=255 time=0.231 ms
^C
--- 192.168.101.254 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1018ms
rtt min/avg/max/mdev = 0.231/0.361/0.492/0.130 ms
root@pve65:~#
I usually config VLAN like this, FYR..
D

Post in thread 'Networking best practice'

Following information is not best practice for PVE networking, just FYR.
And in the PVE document "https://pve.proxmox.com/pve-docs/pve-admin-guide.html#sysadmin_network_configuration", it's mentioned about:
  • If your switch supports the LACP (IEEE 802.3ad) protocol, then we recommend using the corresponding bonding mode (802.3ad). Otherwise you should generally use the active-backup mode.
  • For the cluster network (Corosync) we recommend configuring it with multiple networks. Corosync does not need a bond for network redundancy as it can switch between networks by itself, if...
  • Like
 
Last edited:
Why do I need a vmbr100 bridge without specifying a vlan?
I have everything working fine without it via vmbr0 (there is also a 10.80.76.xx/25 subnet)
communication between the gateway, host and virtual machines works

10.12.12.x network was temporary for testing, everything works, but now this network has been deleted

I need to accept vlan on the vmbr1 bridge (vlan 10 and 20) on the host (it already works in the virtual machine)
 
May be I explaining is not clear, I'm not demand you to use any vmbr??? without specifying a vlan. I'm just express, in my Proxmox VE environment test to setup vmbr?.[VLANID] for send/receive packet with specified vlan tag just not works. For the situation you encountered, I recommend may you can revoke the deleted network config as you said to let all things back to work. Either, you may consider to add vlan tag on your interface, as following changes for your /etc/network/interfaces config file, try to let the vlan tag you required works. (it works for me in my env)
Bash: 
auto enp4s0f1
iface enp4s0f1 inet manual

auto enp4s0f1.20
iface enp4s0f1.20 inet manual

auto enp4s0f1.40
iface enp4s0f1.40 inet manual

auto vmbr1
iface vmbr1 inet manual
        bridge-ports enp4s0f1
        bridge-stp off
        bridge-fd 0

auto vmbr10
iface vmbr10 inet static
        address 10.12.12.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

auto vmbr20
iface vmbr20 inet static
        address 10.12.2.10/23
        bridge-ports enp4s0f1.20

auto vmbr40
iface vmbr40 inet static
        address 10.12.4.10/23
        bridge-ports enp4s0f1.40
 
Many thanks, everything works

I was just sleeping last night and thinking, maybe I should set up VLAN listening on the interface (and not on the bridge)
but I wouldn't duplicate this option with a bridge
 
Sorry, I didn't pay attention
now the virtual machines won't start

Code: 
()
swtpm_setup: Not overwriting existing state file.
file /etc/pve/virtual-guest/cpu-models.conf line 2 (section 'qemu64-popcnt-sse42') - ignore config line: flags +popcnt;+sse4.1;+sse4.2;+sse3
file /etc/pve/virtual-guest/cpu-models.conf line 3 (section 'qemu64-popcnt-sse42') - ignore config line: phys-bits host
file /etc/pve/virtual-guest/cpu-models.conf line 4 (section 'qemu64-popcnt-sse42') - ignore config line: hidden 0
file /etc/pve/virtual-guest/cpu-models.conf line 5 (section 'qemu64-popcnt-sse42') - ignore config line: hv-vendor-id proxmox
file /etc/pve/virtual-guest/cpu-models.conf line 6 (section 'qemu64-popcnt-sse42') - ignore config line: reported-model qemu64
interface enp4s0f1.20 already exist in bridge vmbr20
kvm: -netdev type=tap,id=net0,ifname=tap110i0,script=/var/lib/qemu-server/pve-bridge,downscript=/var/lib/qemu-server/pve-bridgedown: network script /var/lib/qemu-server/pve-bridge failed with status 65280
stopping swtpm instance (pid 11903) due to QEMU startup error
TASK ERROR: start failed: QEMU exited with code 1

In virtual machines, I changed the network parameters to indicate vmbr20, vmbr40 and removed the LAN tags
 
Last edited:
You must log in or register to reply here.
Top Bottom