Tagged VLAN does not work on a linux bridge if exist another linux bridge in the PVE containing a Linux VLAN with the same tag

[mchen]

Hi all

my client has a server with proxmox version 6.4-13
the server has 2 Gigabit Ethernet network cards and 2 10-Gigabit fiber network cards

This is a part of the PVE network configuration that I post to explain my problem:

ens1f0, ens1f1 >> SFP 10-Gigabit port

bond0 >> Linux Bond >> bond-primary = ens1f0
bond1 >> Linux Bond >> bond-primary = ens1f1

vlan136 >> Linux VLAN >> VLAN raw device = bond 1 >> VLAN tag = 136

vmbr1 >> Linux Bridge >> Bridge ports = bond1 (BRIDGE connected to a trunk port of a switch on which all VLANs pass)
vmbr2 >> Linux Bridge >> Bridge ports = bond2 (BRIDGE connected to a switch without VLAN configured, used for local network)
vmbr136 >> Linux Bridge >> Bridge ports = vlan136

The problem:
In a VM there are 2 network device (net0, net1)
net0 is used for local network (without VLAN), connected to vmbr2
net1 is used to pass VLAN 136 ...
if I connect net1 to vmbr1 with VLAN Tag=136, the network doesn't work
if I connett net1 to vmbr136 the network work

why the network doesn't work if I connect the net1 to the vmbr1 with VLAN Tag 136?

thank you in andavance

 

[spirit]

I have already see problem with mixing tag on vlan-aware bridge , and linux tag at the same time.

can you send result of "bridge -c vlan" ?

 

[mchen]

yes... see attached file

 

[spirit]

ok, seem to be correct.


can you try to use bridge tagged interfaces ?

instead:

#ceph

auto vmbr136
iface vmbr136 inet static
        address 10.10.136.11/24
        bridge-ports vlan136
        bridge-stp off
        bridge-fd 0

auto vlan136
iface vlan136 inet manual
        vlan-raw-device bond1

use

auto vmbr1.136
iface vmbr1.136 inet static
        address 10.10.136.11/24

 

[mchen]

the server is in production, I will have to try the configuration on a test server.. but I would like to understand if the behavior is normal with the current configuration or if it could be a bug or something else!!

 

[spirit]

the server is in production, I will have to try the configuration on a test server.. but I would like to understand if the behavior is normal with the current configuration or if it could be a bug or something else!!

I think it's a limitation of linux kernel. when vlan is tagged on the interface, when tagged packet is coming, it's redirected to the tagged interfaced, and don't go through the bridge.