PVE Management IP on a SDN VLAN

[pghv]

On a single Host, I created vmbr1, with bond0 as an enslaved interface.

On the parent Datacenter, I setup an SDN (type=VLAN) and some VNets, one of which was Infra (vlan 100).

How would I get the management IP of the PVE installation to be on the Infra VNet itself? The issue is that my locally defined management (1) interface conflicts with the SDN interface (2). I get error message with ifup that assigning an IP address is not allowed on enslaved interfaces

1) /etc/network/interfaces

auto bond0
iface bond0 inet manual
    bond-slaves eno8303 eno8403
    bond-miimon 100
    bond-mode active-backup
    bond-primary eno8303

auto vmbr1
iface vmbr1 inet manual
    bridge-ports bond0
    bridge-stp off
    bridge-fd 0

auto bond0.100
iface bond0.100 inet static
    address 10.118.65.10/24
    gateway 10.118.65.1
    vlan-id 100
    vlan-raw-device bond0

2) /etc/network/interfaces.d/sdn

auto Infra
iface Infra
    bridge_ports ln_Infra
    bridge_stp off
    bridge_fd 0

auto ln_Infra
iface ln_Infra
    link-type veth
    veth-peer-name pr_Infra

auto pr_Infra
iface pr_Infra
    link-type veth
    veth-peer-name ln_Infra

auto vmbr1v100
iface vmbr1v100
    bridge_ports  bond0.100 pr_Infra
    bridge_stp off
    bridge_fd 0

 

[shanreich]

Enable VLAN-aware on the bridge itself, then the network configuration will be less complicated since no veth + additional bridge is required. You need to reapply the SDN changes afterwards.

You should then be able to set the management IP like so in /etc/network/interfaces

iface Infra inet static
        address 172.32.2.1/24

 

[4f1sh3r]

Thanks, worked here as well.
Is it planned to make this more straightforward in the future? Like having a GUI option to "officially" set IPs on SDN-managed VLANs?
Right now I see my mgmt interface (Infra in the example above) as "unknown" in the GUI (Host->System->Network). That looks wrong.

 

[shanreich]

That sounds sensible, could you open a feature request over at our bug tracker [1]?

[1] https://bugzilla.proxmox.com/

 

[spirit]

best way is to use a vlan aware setup.

auto vmbr1
iface vmbr1 inet manual
    bridge-ports bond0
    bridge-stp off
    bridge-fd 0
    vlan-aware yes

auto vmbr1.100
iface vmbr1.100 inet static
    address 10.118.65.10/24
    gateway 10.118.65.1

for non vlan aware, you can also add in /etc/network/interfaces:

iface infra
    address 10.118.65.10/24
    gateway 10.118.65.1

it'll be merged with /etc/network/interfaces.d/sdn and add the ip on the vnet

 

[4f1sh3r]

best way is to use a vlan aware setup.

auto vmbr1
iface vmbr1 inet manual
    bridge-ports bond0
    bridge-stp off
    bridge-fd 0
    vlan-aware yes

auto vmbr1.100
iface vmbr1.100 inet static
    address 10.118.65.10/24
    gateway 10.118.65.1

Thats how I had it before, but I wanted to use SDN and have VLAN100 (in your example) available via SDN as well (to tie it to access rights and to have all available VLANs selectable), proxmox spits a lot of errors and you need to manually fix it in /etc/network/interfaces.d/sdn. The errors were like this

vlan55 : warning: vlan55: <bridge.bridge object at 0x78c9c3372ad0>: error getting dependent interfaces (misconfiguration of bridge attribute(s) on existing non-bridge interface (vlan55))
vlan55 : warning: vlan55: invalid use of bridge attribute (bridge-ports) on non-bridge stanza
vlan55 : warning: vlan55: invalid use of bridge attribute (bridge-stp) on non-bridge stanza
vlan55 : warning: vlan55: invalid use of bridge attribute (bridge-fd) on non-bridge stanza

TASK ERROR: command 'ifreload -a' failed: exit code 1

Which makes sense as vlan55 exists already as vmbr1.55 (in my case) - so the error message should be clearer (or rather - a check that this is an invalid config) and it should be possible to set basically this

iface infra
address 10.118.65.10/24
gateway 10.118.65.1

via GUI.

EDIT: On my first attempt, I have used custom names (like vlan55) - which led to the warnings above. I just tried it again with the default name vmbr0.55 - the result is even worse: the IP is still configured but its not reachable anymore. Probably because the interface is now being used as bridge_port in the configuration.

I will file that into the feature request

 

[hvisage]

Ticket number/URL? Have similar requests - don't want to duplicate

I will file that into the feature request

 

[4f1sh3r]

Ticket number/URL? Have similar requests - don't want to duplicate

Sure: https://bugzilla.proxmox.com/show_bug.cgi?id=5474

 

[kellogs]

Sure: https://bugzilla.proxmox.com/show_bug.cgi?id=5474

added comment to request for the same feature as well