[SOLVED] Vlan: one works but not two

[proxtib]

Hello,

I have some issue with vlan on my proxmox homelab.

In short I have a physical router with OPENSENSE (it's like PFSense).
On this router I have config a interface named : PVms, on this interface I have created 2 VLAN:
- PVmsVlan10: 10.10.0.254/24
- PVmsVlan20: 10.20.0.254/24

On Proxmox I have this.
I preferred not to modify the/etc/networks/interfaces file and create everything via the web interface.

auto lo
iface lo inet loopback

iface enp35s0f1 inet manual

iface enp35s0f0 inet manual

auto enp35s0f0.10
iface enp35s0f0.10 inet manual

auto enp35s0f0.20
iface enp35s0f0.20 inet manual

auto vmbr1
iface vmbr1 inet static
        address 172.16.0.2/29
        gateway 172.16.0.1
        bridge-ports enp35s0f1
        bridge-stp off
        bridge-fd 0

auto vmbr010
iface vmbr010 inet manual
        bridge-ports enp35s0f0.10
        bridge-stp off
        bridge-fd 0
#Pont Defaut

auto vmbr020
iface vmbr020 inet manual
        bridge-ports enp35s0f0.20
        bridge-stp off
        bridge-fd 0

My problem is this:
When I create a physical VM (Debian 10) with 2 network interfaces (on vmbr010 and vmbr020),

ens18 (based vmbr010) works but not ens19 (based on vmbr020).
ens19 cannot have an ip by dhcp or static/manual.

root@debiantest:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether ce:4a:11:73:14:74 brd ff:ff:ff:ff:ff:ff
    inet 10.10.0.2/24 brd 10.10.0.255 scope global dynamic ens18
       valid_lft 6196sec preferred_lft 6196sec
    inet6 fe80::cc4a:11ff:fe73:1474/64 scope link
       valid_lft forever preferred_lft forever
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether f2:b4:51:31:a7:0c brd ff:ff:ff:ff:ff:ff
    inet6 fe80::f0b4:51ff:fe31:a70c/64 scope link
       valid_lft forever preferred_lft forever
root@debiantest:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug ens18
iface ens18 inet dhcp

allow-hotplug ens19
iface ens19 inet dhcp
root@debiantest:~#

Do you have any idea what might be going on?

 

[proxtib]

small update

On my test vm with 2 network interface, I have tested

# ifup ens19
ifup: unknow interface ens19

with "dmesg | grep ens19", I see "virtio_net virtio3 ens19: renamed from eth1",
and that’s it, no mistake ...

Edit: OK, I have forgot. "ifup and ifdown are used to set up interfaces listed in /etc/network/interfaces"
But now, I have a dhcpdiscover on ens19 but ... no ip !
_________


I also tried to create a VM with a new single network interface based on vmbr040 but I always have no ip whether in dhcp or by hand ...

auto vmbr040
iface vmbr040 inet manual
        bridge-ports vlan40
        bridge-stp off
        bridge-fd 0

auto vlan40
iface vlan40 inet manual
        vlan-raw-device enp35s0f0

PS with the web interface, I can not name the bridge vmbr0.40, I have a message:
"Format: vmbrN, where 0 <= N <= 9999"


____

auto vlan40
iface vlan40 inet manual
        vlan-raw-device enp35s0f0

contrary to what I wrote, I had to create the other interfaces by modifying the file by hand.
Can it come from there? My syntax is not correct?

 

[ph0x]

Whenever I have to do that I create it in the following order: NIC (-> bond) -> Bridge -> VLAN.
Therefore I would define vmbr1 with the bridged_port and then vmbr1.10 and vmbr1.20.
If your host does not need those VLANs for itself, you can as well just check the "vlan aware" box in vmbr1 and define the tag within the NIC definition of the VM.

 

[proxtib]

thx for the answer.

Unfortunately, it doesn’t work better!
What do you have in your interface file?

auto lo
iface lo inet loopback

iface enp35s0f1 inet manual

iface enp42s0f3u5u3c2 inet manual

iface enp35s0f0 inet manual

auto vmbr1
iface vmbr1 inet static
        address 172.16.0.2/29
        gateway 172.16.0.1
        bridge-ports enp35s0f1
        bridge-stp off
        bridge-fd 0

auto vmbr0
iface vmbr0 inet manual
        bridge-ports enp35s0f0
        bridge-stp off
        bridge-fd 0

auto vmbr0.10
iface vmbr0.10 inet manual

auto vmbr0.20
iface vmbr0.20 inet manual

And if I understood correctly, by doing this, the vm know that they use VLans. And that’s what I would like to avoid.

But for now, I don’t care a bit, I just want to be able to use several VLans on the interface enp35s0f0

 

[ph0x]

I would recommend checking the vlan aware box in vmbr0 and get rid of vmbr0.10 and vmbr0.20.
In your VM's hardware tab you create two NICs with vmbr0 and give each of them the respective vlan tag.

 

[proxtib]

Ok I have this:

auto lo
iface lo inet loopback

iface enp35s0f1 inet manual

iface enp42s0f3u5u3c2 inet manual

iface enp35s0f0 inet manual

auto vmbr1
iface vmbr1 inet static
        address 172.16.0.2/29
        gateway 172.16.0.1
        bridge-ports enp35s0f1
        bridge-stp off
        bridge-fd 0

auto vmbr0
iface vmbr0 inet manual
        bridge-ports enp35s0f0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

auto vmbr0.10
iface vmbr0.10 inet manual

auto vmbr0.20
iface vmbr0.20 inet manual

And on VM:


But always the same issue, I have no network en Vlan20

 

[ph0x]

Are you sure that the vlan configuration of the switch is correct?

 

[proxtib]

it's work ! I got the wrong parent interface on my OPNSense


Thanks for the help!

PS: https://forum.proxmox.com/threads/proxmox-opnsense-vlan.90634/