VLAN tag stripped from QinQ

[ice29]

Hello, I need help with following problem. I have setup Proxmox 1.9 with 2 physical NICs - one for management and one for connection to a Cisco Metro Ethernet switch. The switch is sending frames with two VLAN tags (Q-in-Q) - this has to be received by a VM (with both VLAN tags) which runs an application that communicaties with those two tags. The best way would be to directly link the physical eth interface to a VM, but this is not possible.
I have joined both interfaces with a bridge, but I have problems with traffic flowing from Switch to the VM. When I issue tcpdump on hypervisor it shows traffic received from switch but only with the inner tag, the outer tag seems to be stripped! Traffic going from VM to the switch seems to be tagged properly (I'm using KVM for this, when I tried OpenVZ the VM will not even send VLAN tagged frames out to the hypervisor - ifconfig shows TX dropped packets...)

What can the issue be? Before installing Proxmox I have run the app on dedicated debian server and it was working properly, not tags were stripped. Is it some special config in PVE kernel or it's just not possible to pass 2 VLAN tags to KVM machine? (or use OpenVZ with VLAN tagging to host).

Sorry for asking (for some) stupid questions, but I have zero experience with linux virtualization

 

[nano09]

Hello, I need help with following problem. I have setup Proxmox 1.9 with 2 physical NICs - one for management and one for connection to a Cisco Metro Ethernet switch. The switch is sending frames with two VLAN tags (Q-in-Q) - this has to be received by a VM (with both VLAN tags) which runs an application that communicaties with those two tags. The best way would be to directly link the physical eth interface to a VM, but this is not possible.
I have joined both interfaces with a bridge, but I have problems with traffic flowing from Switch to the VM. When I issue tcpdump on hypervisor it shows traffic received from switch but only with the inner tag, the outer tag seems to be stripped! Traffic going from VM to the switch seems to be tagged properly (I'm using KVM for this, when I tried OpenVZ the VM will not even send VLAN tagged frames out to the hypervisor - ifconfig shows TX dropped packets...)

What can the issue be? Before installing Proxmox I have run the app on dedicated debian server and it was working properly, not tags were stripped. Is it some special config in PVE kernel or it's just not possible to pass 2 VLAN tags to KVM machine? (or use OpenVZ with VLAN tagging to host).

Sorry for asking (for some) stupid questions, but I have zero experience with linux virtualization

What is your MTU? With the Metro tag applied, you add an additional 4 bytes. so a minimal of 1504 is needed on both host and guest I believe.

 

[ice29]

this is not the problem, it's not working even with small packets ... I have investigated this further and tried to run the app directly from Proxmox Debian hypervisor, so no virtual machines were involved, tcpdumped helped here
- traffic flowing from the app to the switch was double-tagged correctly
- traffic from the switch to the app has always the outer VLAN tag stripped, whether it's double tagged (this way only the inner tag remains) or single tagged (it's received with no tag)
- when I add VLAN subinterfaces to eth0 with corresponding VLAN numbers, tags are not stripped anymore and double tagged frames can be seen coming on the eth0 interface (although they don't get forwarded to my application)

This is probably not Proxmox's fault, but maybe some new linux kernel or NIC driver feature - before I used old Debian Etch server without any updates and with the same NIC (Realtek r8168).

Does anybody know if there's possibility to force the kernel no to tamper with VLAN tags when no VLAN subinterfaces are used?