Proxmox: Create VM-s using ovs and access port to upstream/physical host

T

TafkaMax

New Member
Jun 17, 2025
7
1
3
Hi

I am trying to create an test proxmox cluster on openstack. It is going rather well until the part where I want the VM-s to access the network.

In Openstack I have added a port with an IP to my proxmox hosts and also modifed allowed_addresses parameter, where Ive defined some IP-s for test vm-s that are also allowed in that environment.

In the proxmox I have two different NIC-s/port configured. One for backend and the other for communicating with the rest of the network.

My /etc/network/interfaces looks like this.

Code: 
# Ansible managed
# Any changes made here will be lost

auto lo
iface lo inet loopback

########## Network Interfaces
auto ens3
iface ens3 inet manual

auto ens4
iface ens4 inet static
  address 10.210.0.199
  netmask 255.255.254.0
  mtu 1442
  up ip route add 10.210.0.0/23 via 10.210.0.1

########## End of Network Interfaces


########## OVS Bridges
auto ovsbr0
iface ovsbr0 inet manual
  ovs_type OVSBridge
  ovs_ports ens3

########## End of OVS Bridges

########## OVS Interfaces
auto ens3
iface ens3 inet static
  address 192.168.18.151
  netmask 255.255.255.0
  gateway 192.168.18.1
  ovs_bridge ovsbr0
  ovs_type OVSIntPort

The ens4 is just for backend traffic. The ens3 is what is important.

Because the underlying port in openstack is not a trunk port in essence, i've made the ovsbr0 with ens3 and added an IP there.

Now when I create an VM the network I attach or use is ovsbr0. Should I also make an vlan there or not? Because the underyling port is not tagged, it might not transmit through it.

Code: 
root@proxmox-test-01:.../ssh# ovs-vsctl show
efa7369b-1630-4fff-a894-5fb32e48f554
    Bridge ovsbr0
        Port tap100i0
            Interface tap100i0
        Port ovsbr0
            Interface ovsbr0
                type: internal
        Port ens3
            Interface ens3
                type: internal
                error: "could not add network device ens3 to ofproto (File exists)"
    ovs_version: "3.1.0"

Also the ovs-vsctl shows an error i have not seen before.
 
So how would one going about this with a downstream port (the physical/virtual interface that comes from openstack) being an access port?
 
1755157618988.png

I also added an simple diagram, maybe some good soul will help me solve it.

As the uplink from openstack is constrained what would be the best way for it. Maybe I should just use ip_forwarding???

1. How to convert all traffic on ovsbridge suitable for the uplink then for everything to be vlan18?
2. I know that ovs is like a virtual switch, so it wants stuff on vlan1 and so on, but how to convert the native vlan to 18 for the bridge aswell?
 
I reverted back to a simple ip forwarding linux bridge for now. In the openstack I had to define no port security on the ens3 interface for the IP-s to reach through the ovn that is in openstack.
 
You must log in or register to reply here.
Top Bottom