Tagged VLAN in VM, vlan aware OVswitch again..

[David Calvache Casas]

Is it necessary to declare the ovswitch port (OVS inport) in the proxmox host in order to use taged VLANs in the VMs?

I mean:

I have this test configuration:

allow-vmbr0 bond0
iface bond0 inet manual
        ovs_bridge vmbr0
        ovs_type OVSBond
        ovs_bonds enp176s0f0 enp176s0f1 eno1 eno2
        pre-up ( ifconfig enp176s0f0 mtu 9000 && ifconfig enp176s0f1 mtu 9000 && ifconfig eno1 mtu 9000 && ifconfig eno2 mtu 9000)
        ovs_options lacp=active bond_mode=balance-tcp other_config:lacp-time=fast
        mtu 9000



iface eno1 inet manual

iface enp176s0f0 inet manual

iface eno2 inet manual

iface enp176s0f1 inet manual


auto vmbr0
iface vmbr0 inet manual
        ovs_type OVSBridge
        ovs_ports bond0 vlan1 vlan30 vlan40 vlan24 vlan99
        mtu 9000

allow-vmbr0 vlan1
iface vlan1 inet static
        address  10.4.2.3
        netmask  255.255.240.0
        gateway  10.4.1.1
        ovs_type OVSIntPort
        ovs_bridge vmbr0
        ovs_options vlan_mode=access
        ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
        mtu 1500
#VLAN 1 UT -MANAG

allow-vmbr0 vlan30
iface vlan30 inet static
        address  10.10.30.3
        netmask  255.255.255.0
        ovs_type OVSIntPort
        ovs_bridge vmbr0
        ovs_options tag=30
        ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
        mtu 9000
#VLAN CEPH Pub.Mon,Cli

allow-vmbr0 vlan40
iface vlan40 inet static
        address  10.10.40.3
        netmask  255.255.255.0
        ovs_type OVSIntPort
        ovs_bridge vmbr0
        ovs_options tag=40
        ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
        mtu 9000
#VLAN CEPH Priv.Replicacion

allow-vmbr0 vlan99
iface vlan40 inet static
        ovs_type OVSIntPort
        ovs_bridge vmbr0
        ovs_options tag=99
        ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
        mtu 1500
#VLAN DMZ

allow-vmbr0 vlan24
iface vlan40 inet static
        ovs_type OVSIntPort
        ovs_bridge vmbr0
        ovs_options tag=24
        ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
        mtu 1500
#VLAN VOIP

I use VLAN 1 ,30 and 40 for mgmt,ceph networks, so i ts ok to use them in the host in order to get working all, but...
For the VMS, i needed to add the vlan24 and vlan 99 Intports , and declare it on VM ethernet hardware (bridge0, VLAN:99)
, then all was running ok. But...
I dont like to declarate the VLAN 24 and 99 in the host, because i dont use these vlan in the host.(security concerns?).
So.
Is there any way to use vlans in vm without having to declare them on the host?


-This is a 4X10GB bond that transports all the vlans. How can I prioritize VLAN 24 (voip) traffic over other vlans?

- One question more... To add several VLANS to a VM,how can i do it? comma seperated?(In the GUI, ethernet hardware screen, i mean)


Lot of thanks.

 

[Richard]

Is it necessary to declare the ovswitch port (OVS inport) in the proxmox host in order to use taged VLANs in the VMs?

No - you need just to specify the LAN tag oth the VLAN you want to use in the VM in the VM NIC's configuration. Note that the VLAN is in the VM then untagged.

Is it necessary to declare the ovswitch port (OVS inport) in the proxmox host in order to use taged VLANs in the VMs?

- One question more... To add several VLANS to a VM,how can i do it? comma seperated?(In the GUI, ethernet hardware screen, i mean)

GUI supports only to connect a tagged VLAN to VM as untagged - therefore you can only have one VLAN at one VM NIC.

But it's not a problem to specify more NICs for a VM, connected to the same brigde but using different VLANs.

If you want to see tags in the VM connect the NIC simply to a bridge without any VLAN specification (you will see all packet from all VLANs with tags then).