[SOLVED] Q-in-Q Support on Hetzner Dedicated Switch

[rsmvdl]

Hello,

I've got a small setup at Hetzner with a dedicated 10 Gbit/S SFP+ Switch (EdgeSwitch 16 XG) to interconnect my Hosts privatly.
The switch is also 802.1q capable but sadly im only able to make Q-In-Q working between 2 hosts and not three as i have to.

This is how my config looks like:

server 1:

auto vmbr4
iface vmbr4 inet manual
ovs_type OVSBridge
post-up ovs-vsctl add-port vmbr1 gre0 -- set interface gre0 type=gre options:remote_ip=''100.100.100.20''
post-up ovs-vsctl add-port vmbr1 gre0 -- set interface gre0 type=gre options:remote_ip=''100.100.100.30''


server 2:

auto vmbr4
iface vmbr4 inet manual
ovs_type OVSBridge
post-up ovs-vsctl add-port vmbr1 gre0 -- set interface gre0 type=gre options:remote_ip=''100.100.100.10''
post-up ovs-vsctl add-port vmbr1 gre0 -- set interface gre0 type=gre options:remote_ip=''100.100.100.30''


server 3:

auto vmbr4
iface vmbr4 inet manual
ovs_type OVSBridge
post-up ovs-vsctl add-port vmbr1 gre0 -- set interface gre0 type=gre options:remote_ip=''100.100.100.10''
post-up ovs-vsctl add-port vmbr1 gre0 -- set interface gre0 type=gre options:remote_ip=''100.100.100.20''


Does smb. have a similar config and is able to share it? i just wanted to verify that i'm doing nothing wrong here.
In the end i only want to give my VM's a VLAN tag for private networking, thats it.

Thanks and kind regards

 

[Alwin]

I've got a small setup at Hetzner with a dedicated 10 Gbit/S SFP+ Switch (EdgeSwitch 16 XG) to interconnect my Hosts privatly.

If that is already a private switch, why use Q-in-Q? And couldn't you drop the switch all together and ask for a meshed network configuration?

 

[spirit]

Hi,

I don't see any q-in-q (vlan stack) config here.
What you have done is gre tunnel, and I don't think you can do it with 3 hosts, without have network loop.

you can use vxlan for this (this need ifupdown2 package installed)

%for v in range(1000,2001):
auto vxlan${v}
 iface vxlan${v}
        vxlan-id ${v}
        bridge-access ${v}
        vxlan_remoteip 100.100.100.20
        vxlan_remoteip 100.100.100.30
 %endfor


 auto vmbr2
 iface vmbr2 inet manual
        bridge_ports glob vxlan1000-2001
        bridge_stp off
        bridge_fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

This will create a vlan aware bridge, and map vlan to different vxlan (here vlanid 1000 to 2000)

 

[rsmvdl]

Hi,

I don't see any q-in-q (vlan stack) config here.
What you have done is gre tunnel, and I don't think you can do it with 3 hosts, without have network loop.

you can use vxlan for this (this need ifupdown2 package installed)

%for v in range(1000,2001):
auto vxlan${v}
iface vxlan${v}
        vxlan-id ${v}
        bridge-access ${v}
        vxlan_remoteip 100.100.100.20
        vxlan_remoteip 100.100.100.30
%endfor


auto vmbr2
iface vmbr2 inet manual
        bridge_ports glob vxlan1000-2001
        bridge_stp off
        bridge_fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

This will create a vlan aware bridge, and map vlan to different vxlan (here vlanid 1000 to 2000)

Well your config also seems quite fancy to me ^^. Well im now using a MESH network based on RSTP and 10 Gbit on SFP+ which is working very very well with quite less config and I could potentialy extend by more hosts at any time, have a look at this:

First node:

auto vmbr4
iface vmbr4 inet manual
        ovs_type OVSBridge
        post-up ovs-vsctl set bridge vmbr4 rstp_enable=true
        post-up ovs-vsctl add-port vmbr4 gre0 -- set interface gre0 type=gre options:remote_ip="200.200.200.20" options:psk=MySecretPassword
        post-up ovs-vsctl add-port vmbr4 gre1 -- set interface gre1 type=gre options:remote_ip="200.200.200.30" options:psk=MySecretPassword

On the second nodeit would look like that:

auto vmbr4
iface vmbr4 inet manual
        ovs_type OVSBridge
        post-up ovs-vsctl set bridge vmbr4 rstp_enable=true
        post-up ovs-vsctl add-port vmbr4 gre0 -- set interface gre0 type=gre options:remote_ip="200.200.200.10" options:psk=MySecretPassword
        post-up ovs-vsctl add-port vmbr4 gre1 -- set interface gre1 type=gre options:remote_ip="200.200.200.30" options:psk=MySecretPassword

and on the third:

auto vmbr4
iface vmbr4 inet manual
        ovs_type OVSBridge
        post-up ovs-vsctl set bridge vmbr4 rstp_enable=true
        post-up ovs-vsctl add-port vmbr4 gre0 -- set interface gre0 type=gre options:remote_ip="200.200.200.10" options:psk=MySecretPassword
        post-up ovs-vsctl add-port vmbr4 gre1 -- set interface gre1 type=gre options:remote_ip="200.200.200.20" options:psk=MySecretPassword

you simply have to extend the numbers of gre tunnels and add the lines accordingly for each host execpt of the IP of the host you are currently configuring as this is already assigned by, e.g.:

auto enp1s0
iface enp1s0 inet static
        address  200.200.200.10
        netmask  255.255.255.0
        mtu 9000

.
Beside your privat network is now also protected by IPSec with a PSK and dont have to use static VXLAN foo.
You are now also Multi-Tenant capable as you simply have to assigne the same VLAN to X VMs to interconnect them.
Or in other words simply give 2 VMs or more the same VLAN tag on there Virtual interface and they can speak with each other even if they resist on diffrent physical machines.