Proxmox vlan on trunk switch interface

[Probz]

Hello,

My Proxmox server have 2 interface linked on a switch.
The switch interface is configured on trunk with vlan 10, 20, 100 and 200.
Vlan 20 is for server, 100 for DMZ and 200 for management.

I want to fix the ip of the Proxmox host on vlan 200, vlan 20 and 100 will be only used by VMs.
I want to create a bond on my 2 host interface for failover and improve performance, so I create a bond.

Here is the configuration of the Proxmox host :

auto lo
iface lo inet loopback

allow-hotplug enp1s0
iface enp1so inet manual

allow-hotplug eno1
iface eno1 inet manual

auto bond0
iface bond0 inet manual
bond-slaves enp1s0 eno1
bond-miimon 100
bond-mode 802.3ad
bond-xmit-hash-policy layer2+3

auto vmbr0
iface vmbr0 inet static
address 192.168.200.200/24
gateway 192.168.200.254
bridge-ports bond0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 10 20 100 200

I can't ping my gateway with this configuration, should I create multiple bridge interface wich only 1 vlan for each one ?

I would like to get your opinion about my config, where is my mistake ?

Thanks you !

 

[gurubert]

Create another interface vmbr0.200 and assign the IP configuration to this unterface.

 

[Probz]

Hello,

Creating an other bridge interface with vmbr0.200 have failed for me.
I saw something interesting in documentation and I try that :

auto lo
iface lo inet loopback

iface enp1s0 inet manual

iface eno1 inet manual

#Création du bond
auto bond0
iface bond0 inet manual
bond-slaves enp1s0 eno1
bond-miimon 100
bond-mode 802.3ad
bond-xmit-hash-policy layer2+3

iface bond0.200 inet manual

iface bond0.20 inet manual

iface bond0.100 inet manual

#Création du bridge vlan 200 MGMT
auto vmbr0v200
iface vmbr0v200 inet static
address 192.168.200.250/24
gateway 192.168.200.254
bridge-ports bond0.200
bridge-stp off
bridge-fd 0

#Création du bridge vlan 20 SERVEUR
auto vmbr0v20
iface vmbr0v20 inet static
address 192.168.20.250/24
gateway 192.168.20.254
bridge-ports bond0.20
bridge-stp off
bridge-fd 0

#Création du bridge vlan 100 DMZ
auto vmbr0v100
iface vmbr0v100 inet static
address 192.168.100.250/24
gateway 192.168.100.254
bridge-ports bond0.100
bridge-stp off
bridge-fd 0

auto vmbr0
iface vmbr0 inet manual
bridge-ports bond0
bridge-stp off
bridge-fd 0

Now, I can ping my Proxmox Server with these bridge, but it's not good yet.

First thing : for an ignoring reason, i can't edit vmbr0vX bridge on Proxmox GUI. Maybe the way I go for configuring bridge is different to Proxmox way to go.

Second : except the vmbr0v200 (necessary for the management IP), all others bridge are useless because I don't want to give IP on vlan 20 and 100 to my Promox, but only let these VLAN be used by virtual machines.

 

[spirit]

vmbr0.200 is not a bridge, it's a tagged internal interface with vlan200,

so you just need:

auto vmbr0.200
iface vmbr0.200
     address ...

(no bridge-* option)

see documentation examples
https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#sysadmin_network_vlan

vmbr0v200 is a full bridge, when you don't use vlan aware, where tagging is done on physical interface

 

[gurubert]

Second : except the vmbr0v200 (necessary for the management IP), all others bridge are useless because I don't want to give IP on vlan 20 and 100 to my Promox, but only let these VLAN be used by virtual machines.

You do not have to assign an IP configuration to these bridge interfaces.

 

[Probz]

Hello,

Thanks for your help.
I finally get a good configuration :

auto lo iface lo inet loopback auto enp1s0 iface enp1s0 inet manual auto eno1 iface eno1 inet manual auto bond0 iface bond0 inet manual bond-slaves eno1 enp1s0 bond-miimon 100 bond-mode 802.3ad bond-xmit-hash-policy layer2+3 iface bond0.200 inet manual auto vmbr0 iface vmbr0 inet manual bridge-ports bond0 bridge-stp off bridge-fd 0 bridge-vlan-aware yes bridge-vids 2-4094 auto vmbr0v200 iface vmbr0v200 inet static address 192.168.200.250/24 gateway 192.168.200.254 bridge_ports bond0.200 bridge_stp off

I have my interface on vlan 200 for manage my Proxmox server, and know I juste have to choose "vmbr0" as network interface for my VM and tag the right vlan inside them.
I have a better understanding of network configuration for Proxmox now.

 

[gabrimox]

Hello,

Thanks for your help.
I finally get a good configuration :


auto lo
iface lo inet loopback

auto enp1s0
iface enp1s0 inet manual

auto eno1
iface eno1 inet manual

auto bond0
iface bond0 inet manual
bond-slaves eno1 enp1s0
bond-miimon 100
bond-mode 802.3ad
bond-xmit-hash-policy layer2+3

iface bond0.200 inet manual

auto vmbr0
iface vmbr0 inet manual
bridge-ports bond0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

auto vmbr0v200
iface vmbr0v200 inet static
address 192.168.200.250/24
gateway 192.168.200.254
bridge_ports bond0.200
bridge_stp off



I have my interface on vlan 200 for manage my Proxmox server, and know I juste have to choose "vmbr0" as network interface for my VM and tag the right vlan inside them.
I have a better understanding of network configuration for Proxmox now.

Hello
So your management IP is now on vlan 200... but it is this tagged or untagged?
Other question, i read somewher is suggested to apply tag not on VM network card but on pve host... did you perform this? Any configuration example?
Last question, not clear to.me difference between vmbr0v200 and .200

Ty all

 

[bl1mp]

The packet passes via the

vmbr0v200

(bridge-interface) to the vlan-interface

bond0.200

and then through the

bond0

to the physical interfaces

eno1 enp1s0

.

The vlan tag will get applied (or removed) once the package passes the vlan interface

bond0.200

.

Therefore you won't be able to reasonable pass vmbr0v200 to the network interface of a VM and activate additional tagging at the VMs NIC, because than you tag the packages two times.
But you can pass vmbr0 to a VMs Nic and than vlan tag at the VMs NIC, because vmbr0 is not on top of a vlan interface.

BR, Lucas

 

[gurubert]

But you can pass vmbr0 to a VMs NIC and than vlan tag at the VMs NIC

If vmbr0 is VLAN-aware.

 

[Asg.Systems]

if you want to pass a subset of vlans you can use the "trunks=" option in configuration file:

G

Thread 'Forcing proxmox to live update VM network configuration for trunk vlan'

Jun 30, 2022

Hi,

I have a proxmox VM with the following network configuration:

net0: virtio=xx,bridge=vmbr0,trunks=2;3;4

I wanted to add VLAN 5 to the trunk without having to reboot the VM. I first added ";5" to the configuration line.

But I ended up doing on the hypervisor where the VM is running:

bridge vlan add vid 5 dev tapNNNi0

Is there a way to force a VM network configuration update via qm command or web UI ?

• guerby
• Replies: 3
• Forum: Proxmox VE: Networking and Firewall

if you want add a comment to the feature request in the GUI:
https://bugzilla.proxmox.com/show_bug.cgi?id=2764

 

[Probz]

Hello,

I update my post.
Here is my working network configuration :

auto lo
iface lo inet loopback

auto enp6s0
iface enp6s0 inet manual

iface enp0s31f6 inet manual

auto enp2s0
iface enp2s0 inet manual

auto bond0
iface bond0 inet manual
        bond-slaves enp6s0
        bond-miimon 100
        bond-mode active-backup
        bond-primary enp6s0

auto bond1
iface bond1 inet manual
        bond-slaves enp2s0
        bond-miimon 100
        bond-mode active-backup

auto vmbr0
iface vmbr0 inet static
        address 192.168.30.50/24
        gateway 192.168.30.1
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet manual
        bridge-ports bond1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 30 40 50 60 80

1 - vmbr0 is for mangement on vlan 30, I configure vlan30 on PVID on my switch/router.
2 - vmbr1 is for my vm/lxc, I configure every vlan I want in the network config file, then I tag all the vlan on my switch on the plugged port.
3 - I tag the vlan needed on my VM / LXC