VLAN Setup for LXC Containers/Vm's

H

hackerkatt

Member
Mar 20, 2021
10
0
21
61
I have been trying to set up what I think is a pretty straight forward network configuration. Proxmox host using untagged native vlan for host IP and passing three vlans on a trunk from the router for LXC Containers. I have been at this for a week and still can't get things working. I've tried a number of suggestions found here, even tried several AI tools to do some research and help with the implementation, but in the end nothing has worked. Nothing I've tried from the forum (that I've come across) and nothing suggested by the AI tools have worked. I have verified that the config on my router is indeed sending the trunked traffic as well as the native vlan out the interface connected to the proxmox host. And the host is pulling an IP from the appropriate network. But no go on getting the vlans to work. Can someone please tell me what I am missing?

Thank you very much!

Here's my current config:

Mikrotik Rtr CCR2004-16G-2S+:
PVID 200 - Untagged to eth2-Proxmox1
Vlan210 - Tagged to eth2-Proxmox1
Vlan220 - Tagged to eth2-Proxmox1
Vlan230 - Tagged to eth2-Proxmox1

# Proxmox Server:

Code: 
> cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet dhcp
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 210 220 230

source /etc/network/interfaces.d/*

Code: 
> root@pve1:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
    link/ether 6c:4b:90:b3:8e:aa brd ff:ff:ff:ff:ff:ff
    altname enp0s31f6
4: veth102i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr102i0 state UP group default qlen 1000
    link/ether fe:1d:57:a5:26:f2 brd ff:ff:ff:ff:ff:ff link-netnsid 0
5: fwbr102i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 42:27:11:c8:93:d2 brd ff:ff:ff:ff:ff:ff
6: fwpr102p0@fwln102i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 6e:48:1a:50:cb:d1 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::6c48:1aff:fe50:cbd1/64 scope link
       valid_lft forever preferred_lft forever
7: fwln102i0@fwpr102p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr102i0 state UP group default qlen 1000
    link/ether 42:27:11:c8:93:d2 brd ff:ff:ff:ff:ff:ff
10: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 6c:4b:90:b3:8e:aa brd ff:ff:ff:ff:ff:ff
    inet 172.16.200.2/24 brd 172.16.200.255 scope global dynamic vmbr0
       valid_lft 3108sec preferred_lft 3108sec
    inet6 fe80::6e4b:90ff:feb3:8eaa/64 scope link
       valid_lft forever preferred_lft forever
11: veth104i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr104i0 state UP group default qlen 1000
    link/ether fe:3c:bf:3c:fe:87 brd ff:ff:ff:ff:ff:ff link-netnsid 1
26: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 6c:4b:90:b3:8e:aa brd ff:ff:ff:ff:ff:ff
    inet6 fe80::6e4b:90ff:feb3:8eaa/64 scope link
       valid_lft forever preferred_lft forever
27: fwbr104i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 56:18:a2:19:ed:29 brd ff:ff:ff:ff:ff:ff
28: fwpr104p0@fwln104i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr1 state UP group default qlen 1000
    link/ether 02:00:c2:67:a8:a6 brd ff:ff:ff:ff:ff:ff
29: fwln104i0@fwpr104p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr104i0 state UP group default qlen 1000
    link/ether 56:18:a2:19:ed:29 brd ff:ff:ff:ff:ff:ff

Code: 
> root@pve1:~# bridge vlan show
port              vlan-id 
eno1              1 PVID Egress Untagged
                  210
                  220
                  230
veth102i0         1 PVID Egress Untagged
fwbr102i0         1 PVID Egress Untagged
fwln102i0         1 PVID Egress Untagged
vmbr0             1 PVID Egress Untagged
veth104i0         1 PVID Egress Untagged
vmbr1             1 PVID Egress Untagged
fwbr104i0         1 PVID Egress Untagged
fwpr104p0         210 PVID Egress Untagged
fwln104i0         1 PVID Egress Untagged

Code: 
> cat /etc/pve/lxc/104.conf
arch: amd64
cmode: shell
cores: 4
features: fuse=1,mount=nfs;cifs,nesting=1
hostname: homeassistant
memory: 4096
net0: name=eth0,bridge=vmbr0,hwaddr=BC:24:11:25:1C:A5,ip=dhcp,tag=210,type=veth
ostype: ubuntu
rootfs: local-lvm:vm-104-disk-0,size=80G
swap: 512
 
Ok, after continuing to work to find a solution, I found what works. Two takeaways...

1) Don't tick the "Vlan Aware" box for vmbr0 (or whatever your primary bridge is). Also, don't specify VLAN ID's

(Note: the vlan id's pertain to my config, replace with your vlan id's as needed)
When you set bridge-vlan-aware yes on vmbr0 and list bridge-vids 210 220 230, you are telling vmbr0 to handle all these VLANs (210, 220, 230) on the same bridge. This is problematic because:
  • The router's PVID for eno1 is 200 (implied, as vmbr0 gets an IP from 200).
  • Then trying to also route tagged VLANs 210, 220, 230 through vmbr0 directly.
  • The bridge-vlan-aware yes on vmbr0 means that any traffic that enters vmbr0 from eno1 will be treated as if it has a VLAN tag. If it's untagged (your PVID 200 traffic), it might be assigned a default PVID by Proxmox (often 1 if not specified, as seen in bridge vlan show above).
Click to expand...

2) Set up separate bridge interfaces for each VLAN ID. (This seems unnecessary and one would think you could config a trunk bridge interface and simply specify the VLAN ID you want for the Container/VM)

3) Don't set VLAN Tag in the container network settings

I'm sure that there are other ways to set up the same functionality, but I was unable to make any of the methods I came across work.


I hope this helps the next person :)

Selection_330.png

Selection_331.png

Selection_332.png

Selection_333.png

Code: 
root@pve1:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet dhcp
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

auto vmbr210
iface vmbr210 inet manual
        bridge-ports eno1.210
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 210
        mtu 1496

auto vmbr220
iface vmbr220 inet manual
        bridge-ports eno1.220
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 220

auto vmbr230
iface vmbr230 inet manual
        bridge-ports eno1.230
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 230

source /etc/network/interfaces.d/*

Code: 
root@pve1:~# cat /etc/pve/lxc/104.conf
arch: amd64
cmode: shell
cores: 4
features: fuse=1,mount=nfs;cifs,nesting=1
hostname: homeassistant
memory: 4096
net0: name=eth0,bridge=vmbr210,firewall=1,hwaddr=BC:24:11:25:1C:A5,ip=dhcp,type=veth
ostype: ubuntu
rootfs: local-lvm:vm-104-disk-0,size=80G
swap: 512
 
You must log in or register to reply here.
Top Bottom