Setup one bridge per VLAN with OpenVswitch

[walmins]

Hello everyone,

I apologize if this question has been addressed before, but I'm currently encountering a roadblock and have been unable to find a solution. My goal is to create a separate bridge for each tagged VLAN on my eth0 interface. Subsequently, I want to connect virtual machines to these distinct bridges, enabling direct connectivity to each VLAN.

Attached is a diagram illustrating the desired setup. The implementation needs to be done using Open vSwitch.

If anyone has experience with this type of configuration or has successfully implemented a similar setup, could you please share your insights or suggestions?

Thank you in advance for your assistance.

 

[walmins]

i have this configuration which work:

auto lo
iface lo inet loopback

auto enp2s0
allow-vmbr0 enp2s0
iface enp2s0 inet manual
    ovs_type OVSPort
    ovs_bridge vmbr0

allow-ovs vmbr0
iface vmbr0 inet static
    address 172.31.255.2/24
    gateway 172.31.255.254
    ovs_type OVSBridge
    ovs_mtu 1500
    ovs_ports enp2s0
    nameserver 1.1.1.1
    nameserver 8.8.8.8

# VLAN interface for VLAN ID 832
auto enp2s0.832
iface enp2s0.832 inet manual
    vlan-raw-device enp2s0
    vlan-id 832

# OVS bridge vmbr832 with VLAN ID 832
auto vmbr832
iface vmbr832 inet static
    address 172.31.254.2/24
    ovs_type OVSBridge
    ovs_ports enp2s0.832
    ovs_extra add-port vmbr832 enp2s0.832

but i looking for little bit different configuration, here is what I want to do:

auto lo
iface lo inet loopback

auto enp2s0
allow-vmbr0 enp2s0
iface enp2s0 inet manual
  ovs_type OVSPort
  ovs_bridge vmbr0
  ovs_options tag=1 vlan_mode=native-untagged
  ovs_mtu 9000

# Virtual interface to take advantage of originally untagged traffic
auto vlan1
allow-vmbr0 vlan1
iface vlan1 inet static
  ovs_type OVSIntPort
  ovs_bridge vmbr0
  ovs_options tag=1
  address 192.168.1.10/24
  gateway 192.168.1.1
  nameserver 1.1.1.1
  nameserver 8.8.8.8
  ovs_mtu 1500

allow-ovs vmbr0
auto vmbr0
iface vmbr0 inet static
  ovs_type OVSBridge
  ovs_mtu 9000
  ovs_ports enp2s0 vlan1 vlan38

# Virtual interface to take advantage of originally untagged traffic
auto vlan38
allow-vmbr0 vlan38
iface vlan38 inet static
  ovs_type OVSIntPort
  ovs_bridge vmbr0
  ovs_options tag=38
  address 10.255.38.1/24
  nameserver 1.1.1.1
  nameserver 8.8.8.8
  ovs_mtu 1500

so, my question is how can I create a bridge for vlan38 in order rto connect the VM to this bridge without use tagging ?
Thanks

 

[Astraea]

I have VMs that connect to mutiple VLANs and I have a single bridge that they all connect to and if I do not specify a VLAN on the VMs interface they get the untagged VLAN for that bridge and if I specify one on the interface they then used the tagged VLAN. For each VM that needs to be connected to multiple VLANs I create and interface on that VM. This is all done using OVS networking in Proxmox.

 

[walmins]

I have VMs that connect to mutiple VLANs and I have a single bridge that they all connect to and if I do not specify a VLAN on the VMs interface they get the untagged VLAN for that bridge and if I specify one on the interface they then used the tagged VLAN. For each VM that needs to be connected to multiple VLANs I create and interface on that VM. This is all done using OVS networking in Proxmox.

hey, thank you for you message, we already do that also, but i need to have a dedicated bridge per tagged vlan to not push the vlans on vm network interface.

 

[vlan2540]

Are there any updates on this question? I also want to use such a setup. I've got it to work with the Linux default, but due to the interface name of my 10G SFP card being too long, I need to use OpenVSwitch for VLANs >999 (aka more than 15 characters).

auto enp1s0f0np0.2540
iface enp1s0f0np0.2540 inet manual
#virt-eth vlan 2540


auto vmbr2540
iface vmbr10 inet manual
        bridge-ports enp1s0f0np0.2540
        bridge-stp off
        bridge-fd 0
#bridge vlan 2540

enp1s0f0np0.2540 is 1 char to long

 

[UdoB]

enp1s0f0np0.2540 is 1 char to long

One solution is to rename the NIC from "enp1s0f0np0" to a shorter name like "lan0":

• https://pve.proxmox.com/wiki/Network_Configuration#_naming_conventions - "Overriding network device names"
• https://wiki.debian.org/NetworkInterfaceNames#CUSTOM_SCHEMES_USING_.LINK_FILES

 

[vlan2540]

One solution is to rename the NIC from "enp1s0f0np0" to a shorter name like "lan0":

• https://pve.proxmox.com/wiki/Network_Configuration#_naming_conventions - "Overriding network device names"
• https://wiki.debian.org/NetworkInterfaceNames#CUSTOM_SCHEMES_USING_.LINK_FILES

Thank you very much, UdoB! This solved my problem!

By using lan0 proxmox can't recognize it as a interface (it works, but shown as unknow). To define the name as eth[n] or start with en... proxmox can detect it as a interface. https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_naming_conventions