[SOLVED] SDN VNet Trunking/Tagging

[waffleiron]

Hello,
Looking for guidance on how to enable trunking/tagging on an SDN VNet. Use case is pictured below.

Host is bonded to a switch over 4x interfaces, vmbr0 has bond0 as a member and is vlan aware.
There is an SDN zone named "Public" that has vmbr0 as the bridge.
There are multiple vnets with tags that reference the Public zone and all of them are working fine (eg. VM1)

What I'm trying to do is create a VNet that can "pass the trunk" to a VM (eg. VM2). I thought all I would have to do is enable "vlan aware" for the Trunk vnet but it forces me to also add a tag...which confuses me. Makes me think its a q-in-q type setup which is not going to work. Regardless, when I attach VM2 to this vnet I get no network connectivity.

However, if I bypass SDN completely and configure vmbr0 as the bridge on the VM port I get network connectivity (eg. VM3) which tells me the issue is on the SDN side somewhere.

I spin up a lot of networking VMs and being able to use sub-interfaces on the fly is huge. While the vmbr0 mapping works I would prefer to keep all my network mappings within the SDN space if possible. Thanks in advance!

 

[spirit]

Hi,

can you make a feature request on bugzilla.proxmox.com ?

Currently, the vlan-aware option has been added as users requested it for special setup (vlan tag on top of vxlan, triple tag in qinq,....).
But the sdn is really made to create 1vnet=1network , because extra feature are coming (dhcp, router,...) with subnets management.

But, as qe already allowing in qinq zone to create a vnet without tag , I think it could be done too for vlan zone.

 

[waffleiron]

Thanks spirit, submitted into bugzilla. Marking as solved.

 

[bmernz]

I'd like to be able to limit the VLANs that are trunked in the VNet too.

eg.
If a VLAN Zone is selected when creating a VNet, then
If VLAN Aware: is ticked then:
Tag: field becomes Trunk:
And you can specify a list such as "90-98,100,105"

The resulting VNet then limits the VLANs any attached VM can see.

At present I can only do this from the cli manually, and any GUI changes overwrite it. eg:

ovs-vsctl set port ln_Cust90 vlan_mode=trunk trunk=90-98,100,105
ovs-vsctl show
.....
        Port ln_Cust90
            trunks: [90, 91, 92, 93, 94, 95, 96, 97, 98,100,105]
            Interface ln_Cust90
                type: internal
.....

@waffleiron Could you please post a link to your bugzilla ticket so I can add my comments there too?



Important Note:

Not only do SDN changes via the GUI override these settings, but a host reboot will also revert to the GUI settings.

 

[waffleiron]

https://bugzilla.proxmox.com/show_bug.cgi?id=5443

 

[maxilee]

hi.
I wanted to do the same.
and for trunk port I've configured in /etc/network/interface as below.
the concept is the same as SDN creates VLAN networks - it creates ln_xxxx openvswitch internal port and put them in regular linux bridge to which are VMs connected.

auto ln_vmbr4096
iface ln_vmbr4096 inet manual
        ovs_type OVSIntPort
        ovs_bridge br1g
        ovs_options trunk=10,20,30,40,50,60,70,80,90,99

auto br1g
iface br1g inet manual
        ovs_type OVSBridge
        ovs_ports bond0 mgmt20 ln_vmbr4096

auto vmbr4096
iface vmbr4096 inet manual
        bridge-ports ln_vmbr4096
        bridge-stp off
        bridge-fd 0

interface bridge "vmbr4096" is selectable as network in PVE GUI.
the rest of VLAN are configured in SDN as regular VLAN networks.

the only minor problem is that bridge br1g is also visible in GUI , but I've no idea how to hide it from GUI.

 

[pvef]

What is the solution to allow the VLAN tagging from the guest VM (e.g. OPNsense)?