Setup one bridge per VLAN with OpenVswitch

walmins

New Member
Apr 27, 2024
4
0
1
Hello everyone,

I apologize if this question has been addressed before, but I'm currently encountering a roadblock and have been unable to find a solution. My goal is to create a separate bridge for each tagged VLAN on my eth0 interface. Subsequently, I want to connect virtual machines to these distinct bridges, enabling direct connectivity to each VLAN.

Attached is a diagram illustrating the desired setup. The implementation needs to be done using Open vSwitch.

If anyone has experience with this type of configuration or has successfully implemented a similar setup, could you please share your insights or suggestions?

Thank you in advance for your assistance.
1714208705527.png
 
i have this configuration which work:
Code:
auto lo
iface lo inet loopback

auto enp2s0
allow-vmbr0 enp2s0
iface enp2s0 inet manual
    ovs_type OVSPort
    ovs_bridge vmbr0

allow-ovs vmbr0
iface vmbr0 inet static
    address 172.31.255.2/24
    gateway 172.31.255.254
    ovs_type OVSBridge
    ovs_mtu 1500
    ovs_ports enp2s0
    nameserver 1.1.1.1
    nameserver 8.8.8.8

# VLAN interface for VLAN ID 832
auto enp2s0.832
iface enp2s0.832 inet manual
    vlan-raw-device enp2s0
    vlan-id 832

# OVS bridge vmbr832 with VLAN ID 832
auto vmbr832
iface vmbr832 inet static
    address 172.31.254.2/24
    ovs_type OVSBridge
    ovs_ports enp2s0.832
    ovs_extra add-port vmbr832 enp2s0.832

but i looking for little bit different configuration, here is what I want to do:
Code:
auto lo
iface lo inet loopback

auto enp2s0
allow-vmbr0 enp2s0
iface enp2s0 inet manual
  ovs_type OVSPort
  ovs_bridge vmbr0
  ovs_options tag=1 vlan_mode=native-untagged
  ovs_mtu 9000

# Virtual interface to take advantage of originally untagged traffic
auto vlan1
allow-vmbr0 vlan1
iface vlan1 inet static
  ovs_type OVSIntPort
  ovs_bridge vmbr0
  ovs_options tag=1
  address 192.168.1.10/24
  gateway 192.168.1.1
  nameserver 1.1.1.1
  nameserver 8.8.8.8
  ovs_mtu 1500

allow-ovs vmbr0
auto vmbr0
iface vmbr0 inet static
  ovs_type OVSBridge
  ovs_mtu 9000
  ovs_ports enp2s0 vlan1 vlan38

# Virtual interface to take advantage of originally untagged traffic
auto vlan38
allow-vmbr0 vlan38
iface vlan38 inet static
  ovs_type OVSIntPort
  ovs_bridge vmbr0
  ovs_options tag=38
  address 10.255.38.1/24
  nameserver 1.1.1.1
  nameserver 8.8.8.8
  ovs_mtu 1500

so, my question is how can I create a bridge for vlan38 in order rto connect the VM to this bridge without use tagging ?
Thanks
 
I have VMs that connect to mutiple VLANs and I have a single bridge that they all connect to and if I do not specify a VLAN on the VMs interface they get the untagged VLAN for that bridge and if I specify one on the interface they then used the tagged VLAN. For each VM that needs to be connected to multiple VLANs I create and interface on that VM. This is all done using OVS networking in Proxmox.
 
I have VMs that connect to mutiple VLANs and I have a single bridge that they all connect to and if I do not specify a VLAN on the VMs interface they get the untagged VLAN for that bridge and if I specify one on the interface they then used the tagged VLAN. For each VM that needs to be connected to multiple VLANs I create and interface on that VM. This is all done using OVS networking in Proxmox.
hey, thank you for you message, we already do that also, but i need to have a dedicated bridge per tagged vlan to not push the vlans on vm network interface.
 
Are there any updates on this question? I also want to use such a setup. I've got it to work with the Linux default, but due to the interface name of my 10G SFP card being too long, I need to use OpenVSwitch for VLANs >999 (aka more than 15 characters).
Code:
auto enp1s0f0np0.2540
iface enp1s0f0np0.2540 inet manual
#virt-eth vlan 2540


auto vmbr2540
iface vmbr10 inet manual
        bridge-ports enp1s0f0np0.2540
        bridge-stp off
        bridge-fd 0
#bridge vlan 2540

enp1s0f0np0.2540 is 1 char to long :(
 
Last edited:
One solution is to rename the NIC from "enp1s0f0np0" to a shorter name like "lan0":
Thank you very much, UdoB! This solved my problem!

By using lan0 proxmox can't recognize it as a interface (it works, but shown as unknow). To define the name as eth[n] or start with en... proxmox can detect it as a interface. https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_naming_conventions
 
Last edited:
  • Like
Reactions: UdoB

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!