SDN and Native VLANs or Untagged

[Astraea]

I was experimenting with SDN today to see if it would improve managing the various networks using VLANs that are present on my network. I have 7 nodes and each of the nodes have 5 x 1GB RJ45 interfaces. Two of those interfaces are bonded together and are configured for use by Proxmox VE and Ceph. The remaining three interfaces are then bonded together and are for use by the various VMs running on a node. The problem that I encountered is that I have those interfaces setup on the switch so that the native or untagged VLAN is set to 81 and the other VLANs are all accessed using their associated tag.

When creating a VLAN zone and then the subsequent VNet it requires a tag to be entered thus not allowing me to access the native or untagged VLAN which happens to be the VLAN i used for when I am doing any sort of testing or development work. While I could reconfigure the switches so that the native VLAN is say 254 which is my isolated VLAN for ports that are left open so that simply connecting a device does not get you access to anything, it would take a bunch of work.

Would it be best practice to have the native VLAN on all switch be the isolated VLAN and then only use tags for everything else or should the SDN allow you to create a VNet without having to specify a tag?

 

[Astraea]

I have done more experimenting with the SDN and the need to always create a VLAN zone with a tagged VLAN and the simple zone not allowing to associate to a bridge is leaving me with only 2 options that I can see for now:

1. Leave everything as is with multiple OVS Bridges and specifying the VLAN tag on VM interfaces that need a specified VLAN other than the native VLAN and leaving it empty for those VMs that will use the interfaces native VLAN.
2. Move all my VLANs around so that the untagged/native VLAN on the switches is the the "isolated" VLAN and is essentially not used and make all of my VLANs tagged only in order to make the switch to SDN networking.