Unable to get VLAN trunk to work inside a VM

[rsaanon]

Environment: Cisco Switch & Dell Server, VLAN/Trunk, Bond/LACP
Setup:

• Cisco switch configured for LACP & Trunk for two ports
• PVE interfaces file contents snip attached below configured for bond, trunk bridge & test bridge
• VM with vmbr1 Network Device (vmbr1 is using bond0 for bridge ports)

Problem Summary: Unable to get VLAN trunk to work inside a VM

Details:
Trying to expose Trunk to a VM so VLANs can be handled internally by the VM. Inside the VM, VLAN sub-interfaces have been created to handle individual VLANs. However, with this configuration there's is no network connectivity (i.e.: the VM is not able to connect to the host or the local subnet). For Testing/debugging purposes, a vmbr24 bridge was created that uses bond0.24 for the bridge port. When using Network Device attached to the vmbr24, the VM has network connectivity.

Observations:

• Since vmbr24 (testing bridge has network connectivity), the LACP/bond configuration is operational between the Cisco switch & the PVE host
• VM that has Network Device configured that uses vmbr24, has network connectivity (PVE host is handling the VLAN)

Any suggestions/recommendations for getting this issue resolved would be greatly appreciated.

-rsa

## /etc/network/interfaces

iface eno1 inet manual
iface eno2 inet manual

auto bond0
iface bond0 inet manual
bond-slaves eno1 eno2
bond-miimon 100
bond-mode 802.3ad
bond-xmit-hash-policy layer2+3

auto vmbr1
iface vmbr1 inet manual
bridge-ports bond0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

###
## TESTING-ONLY: vmbr24
auto vmbr24
iface vmbr24 inet manual
bridge-ports bond0.24
bridge-stp off
bridge-fd 0

 

[rsaanon]

anyone?

 

[wolfgang]

Hi,
remove the VLAN bridge and use wmbr1 instead.
Then config the VLAN tag at the vNIC of the guest.

 

[rsaanon]

Hi,
remove the VLAN bridge and use wmbr1 instead.
Then config the VLAN tag at the vNIC of the guest.

Thanks @wolfgang.

Not sure I understand your recommendations.

I have the following defined in my interfaces file for vmbr1 bridge:

auto vmbr1
iface vmbr1 inet manual
bridge-ports bond0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

I pass vmbr1 to the VM:



Inside the pfsense VM, I have the sub-interfaces for each VLAN that uses the vmbr1:


With the above setup I have no network connectivity. Note, however, if I use the vmbr24, that's defined as follows in proxmox, I get the connectivity:


As mentioned earlier, I would like to simply pass in a Trunk to the virtual machine instead of individual VLANs as this allows me to add additonal VLANs within the VM without having to change the proxmox vm configuration.

Thanks!

 

[spirit]

This is strange, for me, vmbr1 is correct.
if your cisco switch is really in trunk mode, with vlan aware bridge, you should receive tagged packet inside your vm.

maybe can you try to use "tcpdump -i vmbr1 -e" , and check if you see the vlan ?

 

[rsaanon]

Thanks for your response, @spirit

I can confirm that the Cisco switch is trunking:


Agreed that w/ vlan aware bridge, I should receive tagged packets inside vm. I'm kinda at a loss for now.

Here's another tid-bit. If I create additional bridges (e.g.: vmbr24, vmbr32, etc.) with bridge ports set to bond0.<vlanid>, then those bridges work for all vlans. Of course, in this case, Proxmox is doing all the tagging/untagging and simply passing the untagged packets to the vm for the respective vlan. This is what I'm trying to avoid as I would like the VM to handle all the tagging.

I'll do the tcpdump tomorrow and post the results. Thanks.

 

[spirit]

Can you send the result of

#bridge -c vlan show
?



also for testing, instead bond0.24,

you can try to create a "vmbr1.24"

auto vmbr1
iface vmbr1 inet manual
bridge-ports bond0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094


auto vmbr1.24
iface vmbr1.24 inet static
        address ....

and check if you can ping the address of vmbr1.24.
like this, you can confirme than vlan aware bridge is working.