vlan howto
- Thread starter tlk_vm
- Start date
Debian uses a special naming convention for VLANs. Just add the VLAN ID to the ethernet device name, for example "eth0.5" is vlan 5 on eth0.
To add vlan 5 to vmbr0 just add "eth0.5" to the bridge (replacing eth0).
- Dietmar
To add vlan 5 to vmbr0 just add "eth0.5" to the bridge (replacing eth0).
- Dietmar
When I change eth0 to eth0.5 after a reboot it does not work. I have to issue an
then is starts to work again.
Code:
/etc/init.d/networking restartHere is the output of /var/log/messages after a fresh reboot:
Then is after the /etc/init.d/networking restart:
This is my /etc/network/interface:
If I do not use a VLAN then it works fine after a reboot.
Code:
ACPI: PCI Interrupt 0000:07:00.0[A] -> GSI 16 (level, low) -> IRQ 16
eth0: Broadcom NetXtreme II BCM5708 1000Base-T (B2) PCI-X 64-bit 133MHz found at mem f4000000, IRQ 16, node addr 00:1d:09:6b:db:f9
ACPI: PCI Interrupt 0000:03:00.0[A] -> GSI 16 (level, low) -> IRQ 16
eth1: Broadcom NetXtreme II BCM5708 1000Base-T (B2) PCI-X 64-bit 133MHz found at mem f8000000, IRQ 16, node addr 00:1d:09:6b:db:f7
floppy0: no floppy controllers found
EXT3 FS on dm-1, internal journal
kjournald starting. Commit interval 5 seconds
EXT3 FS on dm-2, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
kjournald starting. Commit interval 5 seconds
EXT3 FS on sda1, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
Adding 4194296k swap on /dev/pve/swap. Priority:-1 extents:1 across:4194296k
Bridge firewalling registered
vmbr0: Dropping NETIF_F_UFO since no NETIF_F_HW_CSUM feature.
802.1Q VLAN Support v1.8 Ben Greear <[EMAIL="greearb@candelatech.com"]greearb@candelatech.com[/EMAIL]>
All bugs added by David S. Miller <[EMAIL="davem@redhat.com"]davem@redhat.com[/EMAIL]>
bnx2: eth0: using MSI
device eth0.6 entered promiscuous mode
audit(1216987780.138:2): dev=eth0.6 prom=256 old_prom=0 auid=4294967295
device eth0 entered promiscuous mode
audit(1216987780.138:3): dev=eth0 prom=256 old_prom=0 auid=4294967295
vmbr0: starting userspace STP failed, starting kernel STP
vmbr1: Dropping NETIF_F_UFO since no NETIF_F_HW_CSUM feature.
bnx2: eth1: using MSI
device eth1.5 entered promiscuous mode
audit(1216987782.674:4): dev=eth1.5 prom=256 old_prom=0 auid=4294967295
device eth1 entered promiscuous mode
audit(1216987782.678:5): dev=eth1 prom=256 old_prom=0 auid=4294967295
vmbr1: starting userspace STP failed, starting kernel STP
bnx2: eth0 NIC Copper Link is Up, 1000 Mbps full duplex
bnx2: eth1 NIC Copper Link is Up, 1000 Mbps full duplex
NET: Registered protocol family 10
ADDRCONF(NETDEV_UP): eth0.6: link is not ready
ADDRCONF(NETDEV_UP): eth1.5: link is not ready
ip_tables: (C) 2000-2006 Netfilter Core Team
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky <[EMAIL="maxk@qualcomm.com"]maxk@qualcomm.com[/EMAIL]>
loaded kvm module (kvm-71)
eth0: no IPv6 routers present
vmbr0: no IPv6 routers present
eth1: no IPv6 routers present
vmbr1: no IPv6 routers presentThen is after the /etc/init.d/networking restart:
Code:
device eth0.6 left promiscuous mode
audit(1216987863.754:6): dev=eth0.6 prom=0 old_prom=256 auid=4294967295
device eth0 left promiscuous mode
audit(1216987863.754:7): dev=eth0 prom=0 old_prom=256 auid=4294967295
vmbr0: port 1(eth0.6) entering disabled state
device eth1.5 left promiscuous mode
audit(1216987864.094:8): dev=eth1.5 prom=0 old_prom=256 auid=4294967295
device eth1 left promiscuous mode
audit(1216987864.094:9): dev=eth1 prom=0 old_prom=256 auid=4294967295
vmbr1: port 1(eth1.5) entering disabled state
vmbr0: Dropping NETIF_F_UFO since no NETIF_F_HW_CSUM feature.
device eth0.6 entered promiscuous mode
audit(1216987864.266:10): dev=eth0.6 prom=256 old_prom=0 auid=4294967295
device eth0 entered promiscuous mode
audit(1216987864.266:11): dev=eth0 prom=256 old_prom=0 auid=4294967295
vmbr0: starting userspace STP failed, starting kernel STP
vmbr0: port 1(eth0.6) entering listening state
vmbr0: port 1(eth0.6) entering learning state
vmbr0: topology change detected, propagating
vmbr0: port 1(eth0.6) entering forwarding state
vmbr1: Dropping NETIF_F_UFO since no NETIF_F_HW_CSUM feature.
device eth1.5 entered promiscuous mode
audit(1216987865.458:12): dev=eth1.5 prom=256 old_prom=0 auid=4294967295
device eth1 entered promiscuous mode
audit(1216987865.458:13): dev=eth1 prom=256 old_prom=0 auid=4294967295
vmbr1: starting userspace STP failed, starting kernel STP
vmbr1: port 1(eth1.5) entering listening state
vmbr1: port 1(eth1.5) entering learning state
vmbr1: topology change detected, propagating
vmbr1: port 1(eth1.5) entering forwarding state
eth0.6: no IPv6 routers present
vmbr0: no IPv6 routers present
vmbr1: no IPv6 routers present
eth1.5: no IPv6 routers presentThis is my /etc/network/interface:
Code:
auto lo
iface lo inet loopback
auto vmbr0
iface vmbr0 inet static
address 10.4.100.66
netmask 255.255.255.0
gateway 10.4.100.1
bridge_ports eth0.6
bridge_stp on
bridge_fd 0
auto vmbr1
iface vmbr1 inet manual
bridge_ports eth1.5
bridge_stp on
bridge_fd 0If I do not use a VLAN then it works fine after a reboot.
Hello,
confirmed. Tagged interfaces work only after restarting network stack. While playing around with it, I found out the following so far:
eth0 untagged, no bridge: works.
eth0 in bridge: works.
eth0.x used without bridge: works
eth0.x used in bridge: sends packet _untagged_ through eth0
If you now restart the network stack it mostly works, but not always. (8 out of 10 times)
Not usable at all.
If time permits, I'll try that with an unpatched kernel, just to make sure it's not a basic 802.1Q problem with the bridge.
But this will be no sooner then next week: out of office.
Just to make it clear: Apart from that the VE is just great. Thinking of deploying it in a production environment.
Regards,
Marc
confirmed. Tagged interfaces work only after restarting network stack. While playing around with it, I found out the following so far:
eth0 untagged, no bridge: works.
eth0 in bridge: works.
eth0.x used without bridge: works
eth0.x used in bridge: sends packet _untagged_ through eth0
If you now restart the network stack it mostly works, but not always. (8 out of 10 times)
Not usable at all.
If time permits, I'll try that with an unpatched kernel, just to make sure it's not a basic 802.1Q problem with the bridge.
But this will be no sooner then next week: out of office.
Just to make it clear: Apart from that the VE is just great. Thinking of deploying it in a production environment.
Regards,
Marc
Did I fall off my rocker, or shouldn't I be able to specify a VLAN per VE/KVM?
For example, if my network is setup in a way that my cluster nodes are plugged into TRUNK ports, how ould VE100 be on vlan 5 and VE101 be on vlan 6?
Am I expecting too much, or just not understanding this?
For example, if my network is setup in a way that my cluster nodes are plugged into TRUNK ports, how ould VE100 be on vlan 5 and VE101 be on vlan 6?
Am I expecting too much, or just not understanding this?
Just connect vmbr0 directly to eth0, and configure the vlan inside the VM.
or
connect vmbr0 to vlan5 (eth0.5), and vmbr1 to vlan6 (eth0.6)
I don't have a vlan setup here, so I cant test.
- Dietmar
vlan
but, do you have any plan for affing a new interface (vlan) to the machine
via webUI?
Ciao, Diaolin
but, do you have any plan for affing a new interface (vlan) to the machine
via webUI?
Ciao, Diaolin
You can use eth0.XXX on the web interface too (at least for bridge slaves). Or what do you want exactly?
- Dietmar
- Dietmar
re: vlan
OK, but adding eth0.XXX does create the additional vlan for me or should
i add the vlan into the /etc/network/interfaces?
I did not test this solution and i would like if the interface does the work
Diaolin
OK, but adding eth0.XXX does create the additional vlan for me or should
i add the vlan into the /etc/network/interfaces?
I did not test this solution and i would like if the interface does the work
Diaolin
vlan
and if i want to add another vlan?
eth0.50
eth0.51
Is it even possible?
I don't want to replace the existing interface but add other interfaces
as vlan's
Diaolin
and if i want to add another vlan?
eth0.50
eth0.51
Is it even possible?
I don't want to replace the existing interface but add other interfaces
as vlan's
Diaolin
vlan...
I need to have eth0 for vmbr0
eth0.50 for vmbr1
eth0.51 for vmbr2
Associating the vlans on the switcher i can have multiple
vlan on the same interface.
OK, this is not the best solution but is the only way i can "separate"
the bridges on the same interface.
On the eth0 i can dump all, of course.
But i hope that the Proxmox admin should verify the traffic.
Diaolin
I need to have eth0 for vmbr0
eth0.50 for vmbr1
eth0.51 for vmbr2
Associating the vlans on the switcher i can have multiple
vlan on the same interface.
OK, this is not the best solution but is the only way i can "separate"
the bridges on the same interface.
On the eth0 i can dump all, of course.
But i hope that the Proxmox admin should verify the traffic.
Diaolin
vlan the Debian way
If we want to use a vlan on Debian the best mode is this:
iface eth0 inet static
address xxx.xxx.xxx.xx
netmask xxx.xxx.xxx.xxx
iface vlan1 inet static
vlan-raw-device eth0
address 192.168.1.1
netmask 255.255.255.0
If you implement a method in the interface for reading the
/etc/network/interfaces intercepting the vlan-raw-device
it can be simple to write the "vlan create" button.
In few words: we have "Add bond... Add bridge"
why not have "Add vlan..."
Like the add bridge with
Vlan name vlan[{INPUT}number from 1 to 99]
IP ADDRESS []
NETMASK []
START on boot
REAL INTERFACE [choose between existing interfaces (dropdown)]
Is it possible?
The real result is that adding vlan to the vmbr1 lets all the machines (tap) connected to it
to work transparently withouth tagging. The tags are on the OUT-interface and on the switch.
The virtuals are all normal withouth vlan's.
Simple, no?
I think that this can be very useful
Tx, diaolin
If we want to use a vlan on Debian the best mode is this:
iface eth0 inet static
address xxx.xxx.xxx.xx
netmask xxx.xxx.xxx.xxx
iface vlan1 inet static
vlan-raw-device eth0
address 192.168.1.1
netmask 255.255.255.0
If you implement a method in the interface for reading the
/etc/network/interfaces intercepting the vlan-raw-device
it can be simple to write the "vlan create" button.
In few words: we have "Add bond... Add bridge"
why not have "Add vlan..."
Like the add bridge with
Vlan name vlan[{INPUT}number from 1 to 99]
IP ADDRESS []
NETMASK []
START on boot
REAL INTERFACE [choose between existing interfaces (dropdown)]
Is it possible?
The real result is that adding vlan to the vmbr1 lets all the machines (tap) connected to it
to work transparently withouth tagging. The tags are on the OUT-interface and on the switch.
The virtuals are all normal withouth vlan's.
Simple, no?
I think that this can be very useful
Tx, diaolin
Last edited:
vlan...
you say that i can create a vmbr3 and create a vlan only just
creating a vmbr? and adding a non existent eth0.XXX?
This creates the vlan and the eth0 remains the normal eth0?
Diaolin
you say that i can create a vmbr3 and create a vlan only just
creating a vmbr? and adding a non existent eth0.XXX?
This creates the vlan and the eth0 remains the normal eth0?
Diaolin