Proxmox QinQ

[zeuxprox]

Hi,

I would like to start using Q in Q.... This is a typical scenario:
bond0: eno1 + eno2
bond0.10 : vlan 10
bond0.20: vlan 20

vmbr10: bridge assigned to VMs of customer A
vmbr11: bridge assigned to VMs of customer B

Customer A have 10 VMs, 4 of them have to "ping" between them but not with the other 6 and viceversa.
Customer B have 15 VMs, 10 of them have to "ping" between them but not with the other 5 and viceversa.

To reach this goal for customer A, is it enough to tag the bridge (vmbr10) assigned to customer A with a "Tag Vlan"=34 for the first four VMs and with a "Tag Vlan"=35 for the others six VMs?
Same question for customer B, 15 VMs with bridge vmbr11 and a "Tag Vlan"=23 and the others 5 VMs with a "Tag Vlan"=25.

Thank you

 

[spirit]

hi, you can enable vlanaware option in vmbr10 && vmbr11.

then setting tag at vlag in vm nic configuration, will add the second tag

bond0.10----vmbr10----(vm tag)---vm

So, configure differents vlans in vm nic (vlan 34 && vlan35), will isolate them from other customer VM.




BTW, proxmox have new sdn feature to configure qinq, currently in beta test
https://forum.proxmox.com/threads/proxmox-6-2-sdn-beta-test.69655/

 

[zeuxprox]

Hi,

so if I understand correctly, just tag the bond with the outer vlan (in the exaple vlan 10) and then tag the vm nic with the inner vlans (in the example 34 and 35)?

Thank you

PS: I will wait impatiently for the stable version of the new sdn feature....

 

[spirit]

Hi,

so if I understand correctly, just tag the bond with the outer vlan (in the exaple vlan 10) and then tag the vm nic with the inner vlans (in the example 34 and 35)?

Yes.