Unable to create SDN VNet without tag

N

nharrington

New Member
Jun 9, 2024
5
0
1
I'm having an issue transitioning to the Proxmox VE Software-Defined Network (SDN).

Current situation:
enp6s0f0 is an untagged network connection
vmbr100 is a Linux bridge with bridge port = enp6s0f0
VM998 has a network device attached to vmbr100
This configuration works great

When I try to create a Zone in SDN:
If I choose Simple, there is no option to assign a bridge as it is for creating isolated networks
If I choose VLAN, I am able to create the zone and assign it to vmbr100

When I try to create a VNet:
I enter a Name, Alias, and assign it to the VLAN zone I created above, but when I click Create I receive an error:
create sdn vnet object failed: 400 Parameter verification failed. tag: missing vlan tag (500)

As the underlying network connection doesn't use VLAN tagging, what should I enter in the Tag field?
 
As a follow-up, it is my understanding that...

Normal VLAN IDs range from 1-4094

A VLAN ID of 0 is reserved and indicates that the frame does not carry a VLAN ID. That seems applicable in my scenario, but it resulted in an error message:
The minimum value for this field is 1

A VLAN ID of 4095 is reserved for implementation use and must not be configured or transmitted.
I received an error message when using a VLAN ID of 9999:
create sdn vnet object failed: 400 Parameter verification failed. tag: vlan tag max value is 4096 (500)
It seems like this upper limit check should be reduced to 4094.
 
Hey, workaround to get a untagged SDN VLAN:

* Create a SDN VLAN with any tag (eg. 1)
* Deploy it
* ssh to the node and edit /etc/pve/sdn/vnets.cfg, locate your vlan and edit the tag to 0
* Deploy it on the UI
 
arogarth said:
Hey, workaround to get a untagged SDN VLAN:

* Create a SDN VLAN with any tag (eg. 1)
* Deploy it
* ssh to the node and edit /etc/pve/sdn/vnets.cfg, locate your vlan and edit the tag to 0
* Deploy it on the UI
Click to expand...

Thanks for the suggestion! I gave this a try but couldn't get it to work. I created new SDN VLAN 1, deployed, edited vnets.cfg, changed tag to 0, then deployed again with the following error:

Code: 
netlink : error: netlink: vmbr101: cannot add bridge vlan 0: Invalid VLAN start 0

TASK ERROR: command 'ifreload -a' failed: exit code 1

Have you been able to get this to work using this method?
 
The way I've done it in our setup was to use SDN's for all the VLAN's and just use the vmbr-bridge itself for any untagged traffic.

Untagged network, where all the hardware resides, is only used in very special cases for us, like 1 in 100 VM's roughly, so only the sysadmins have permission to assign to the bridges and as such untagged network. Al the (normal) Admins only have access to the pre-tagged and labelled SDN-networks.

Less chance of mess if a mistake is made, and the one time they do need a VM with untagged access, it goes through one of us for verification and assignment, plus our company is small enough that those kind of requests are as quick as walking a desk or two over.
 
sw-omit said:
The way I've done it in our setup was to use SDN's for all the VLAN's and just use the vmbr-bridge itself for any untagged traffic.

Untagged network, where all the hardware resides, is only used in very special cases for us, like 1 in 100 VM's roughly, so only the sysadmins have permission to assign to the bridges and as such untagged network. Al the (normal) Admins only have access to the pre-tagged and labelled SDN-networks.

Less chance of mess if a mistake is made, and the one time they do need a VM with untagged access, it goes through one of us for verification and assignment, plus our company is small enough that those kind of requests are as quick as walking a desk or two over.
Click to expand...

Thanks! That's what I'm currently doing. I was just hoping I could manage everything via SDN. It may even be that SDN would simply pass it through to the underlying vmbr-bridge, but at present it doesn't appear that it's possible to do that.
 
@nharrington I re-test it and it worked for me. Which PVE Version are aou running? We currently run 8.2.4.
The underlying bridge is a untagged OVS-Bridge.

Example config

zones.conf
Code: 
vlan: testzone
    bridge vmbr1
    ipam pve

vnets.conf
Code: 
vnet: test
    zone testzone
    alias test
    tag 0

interfaces
Code: 
auto vmbr1
iface vmbr1 inet manual
    ovs_type OVSBridge
    ovs_ports eno1
 
arogarth said:
@nharrington I re-test it and it worked for me. Which PVE Version are aou running? We currently run 8.2.4.
The underlying bridge is a untagged OVS-Bridge.
Click to expand...

8.2.4 here as well, however I'm not running OVS so that's probably a factor. I'll look into that when I get some free time. Thanks for the info!
 
had the same problem with SDN.
I do have VM wich are using the "same untagged" net as the host himself.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back