vlans between 2 vms on different hosts

F

felipe

Well-Known Member
Oct 28, 2013
222
6
58
hi,

i tried to make a vlan (with the proxmox gui) networks are simple vmbr0's
i can ping to vms on the same host configured with the same tag but not another vm machine on another host with the same vlan tag.

any ideas?
 
Hello felipe,

felipe said:
i tried to make a vlan (with the proxmox gui) networks are simple vmbr0's
i can ping to vms on the same host configured with the same tag but not another vm machine on another host with the same vlan tag.
Click to expand...

Can you give more details? The best would be to post

- /etc/network/interfaces from the two hosts

- how the VMs are connected to the hosts

- ifconfig from the VMs

- which pings (specified by IP addresses) work and which don´t work

In general: With Linux bridges and vlans I had some problems - I changed to ovs and now it works fine.

Kind regards

Mr.Holmes
 
interfaces from one of the host nodes (the other is equal just with other ips...:

auto lo
iface lo inet loopback


auto eth0
iface eth0 inet manual
broadcast 192.168.11.255
network 192.168.11.0

auto eth1
iface eth1 inet manual


auto vmbr0
iface vmbr0 inet static
address 192.168.11.7
netmask 255.255.255.0
gateway 192.168.11.254
bridge_ports eth0
bridge_stp off
bridge_fd 0


auto vmbr1
iface vmbr1 inet static
address 192.168.10.17
netmask 255.255.255.0
bridge_ports eth1
bridge_stp off
bridge_fd 0


auto vmbr100
iface vmbr100 inet manual
bridge_ports none
bridge_stp off
bridge_fd 0


auto vmbr101
iface vmbr101 inet manual
bridge_ports none
bridge_stp off
bridge_fd 0


auto vmbr102
iface vmbr102 inet manual


the vms are win2012 machines. and he gateway vm is a linux machine.

i can ping between the two win2012 (on the same host) but not the linux vm
linux vm has many virtual network cards because it is the router.... and many network cards because i can only set one vlan tag on each....

maybe i have to configure some vlans also in the switch?
 
Hello felipe

I understand your configuration as follows:


- LINUX VM @host1 (the router) has some virtual NICs

- all are connected to vmbr1, but specified (in proxmox GUI) with different vlan tags

- eth1@vmbr1@host1 is connected to eth1@vmbr1@host2

- Windows VMs @host2 have (one or more) virtual NICs, configured similar to the router

- In addition you have (?) vlans configured at the host too (configured by vconfig)

Problem:

Messages from the vlan-related virtual NICs are not (or incorrectly) transported across the physical LAN (between host1 and 2)

My experience:

had the same problem - I changed to OVS no vlan problems any more.

Kind regards

Mr.Holmes
 
felipe said:
interfaces from one of the host nodes (the other is equal just with other ips...:

maybe i have to configure some vlans also in the switch?
Click to expand...

Hi,
right, till now you don't use vlans...

With vlan you can tag eth1 (like eth1.150 for vlan150) but you must configure your switch also of course.

Then you can use simply tagging with the gui, or define for each vlan an bridge in /etc/network/interfaces (but not both).


Udo
 
so like udo writes connect two vms tagged with vlans on different hosts is impossible without configuring the vlans on the switch?
or did somebody get it working without?
 
If you don't have a switch which supports vlans and the ports of the switch used for the different hosts are not in trunk mode all vlan tags will be stripped by the switch.
 
felipe said:
so like udo writes connect two vms tagged with vlans on different hosts is impossible without configuring the vlans on the switch?
or did somebody get it working without?
Click to expand...

Depends on the switch you have and how it´s configured (I use a simple unmanaged switch and it works). If I understood it correctly you want to send a tagged vlan package from one host to the other, or in other words: the package you send from one host should arrive on the other host as it is, including vlan tag - right?

I would simply check it by activating tcpdump on both hosts and verify if the vlan-tagged package you send from one host arrives as it is on the other, make in both hosts:

Code: 
tcpdump -u eth1 -e -n

then try a ping (in my case I use subnet 10.149.33.0/24 with vlan tag 33)

Code: 
ping 10.149.33.11


Check the result (excepted the time-stamp should be identical in both hosts):

Code: 
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
14:01:58.975556 36:fd:05:1d:5c:b6 > 00:09:5b:bd:ce:38, ethertype 802.1Q (0x8100), length 102: vlan 33, p 0, ethertype IPv4, 10.149.33.121 > 10.149.33.11: ICMP echo request, id 7515, seq 640, length 64
14:01:59.073528 00:09:5b:bd:ce:38 > 36:fd:05:1d:5c:b6, ethertype 802.1Q (0x8100), length 102: vlan 33, p 0, ethertype IPv4, 10.149.33.11 > 10.149.33.121: ICMP echo reply, id 7515, seq 640, length 64

If yes: the switch is ok
If no: try to configure the switch
If the expected messages do not occur at all: there is another problem (in vlan settings, routing, etc.)
 
An unmanaged switch with only simple access ports will simply strip vlan tags so how you have made it work is over my imagination.
 
Hello mir

mir said:
An unmanaged switch with only simple access ports will simply strip vlan tags so how you have made it work is over my imagination.
Click to expand...

You are probably right when you think about professional switches - I use a cheap and simple layer-2 switch.

However, I think to get a clear understanding what´s going on in the environment it should be figured out precisely where the packages on its way from vm@host1 to vm@host2 get lost. And that´s what I recommended in my post - the remark "(I use a simple unmanaged switch and it works)" has no importance ...

All the best!

Mr.Holmes
 
You must log in or register to reply here.
Top Bottom