Vlans not working

E

E_Mouws

Active Member
Jan 29, 2019
13
0
41
Hi,


We've several hosts running PVE 6.4.15.
Network-configuration is made up a bond of 2 physical interfaces.
That bond (bond1) is bridged to vmbr1.
In the networkconfig we've created extra bridges for specific vlans (e.g. vmbr200 -> bond1.200).
On the switch the proxmox-bond is connected to a trunk with all necessary vlans.

We've installed a pfsense (2.6.0) and connected 2 "virtio" network-cards. One of them is connected to "vmbr1"
The other one is connected to vmbr200 (for direct access to vlan 200).
In the PFSense config we've added a vlan-interface with tag "550", setup a static IP etc. etc.
But we cannot ping from the VM to the gateway on vlan 550.
Also; we don't see any mac-addressess in the arp-table of the pfsense machine (besides it's own mac's and mac's in vlan 200).

Network-config vmbr1:
auto vmbr1
iface vmbr1 inet manual
bridge-ports bond1
bridge-stp off
bridge-fd 0
#Public traffic

Network-configuration of bond1:
auto bond1
iface bond1 inet manual
bond-slaves eno2 eno4
bond-miimon 100
bond-mode 802.3ad
bond-xmit-hash-policy layer2
#Public traffic

Changing vmbr1 to "vlan aware" with vlan-tags 2-4095 does not solve the issue.

The other interface (directly connected to "vmbr200" which is configured to "bond1.200" works perfectly...
So because of that we know traffic for vlan200 is present on bond1.

When trying this on a regulier Ubuntu VM the behaviour is the same.
Bound using an E1000 (or Virtio) to vmbr1.
Networkconfig made on ens18.4 (for vlan 4); but no connection. Also no mac-addresses in the table.

Any ideas on this?
 
Last edited:
@gurubert Yes; both vm's are running on the same node.
And the vnic of the vm is also connected to vmbr1 and has also vlantag 550.
It's not related to pfsense since the VM cannot ping other hosts in vlan 550.

But when we change the connected interface of the VM from vmbr1 to vmbr550 (which is bridged to "bond1.550") it is working...
By-the-way; we also change the networkconfig of the vm because traffic is untagged off-course.
 
@gurubert Running tcpdump -i vmbr1 -ne on the host gave some traffic but it seems vmbr1 <> bond1.
Dumping bond1.4 is possible and than I'm seeing traffic which I'm sending from the VM.
Dumping vmbr1.4 is not possible
Dumping vmbr4 (which is configged as a bridge for bond1.4) gives also the traffic i'm generating.

The configuration of the bond1, vmbr1 and vmbr4:
auto bond1
iface bond1 inet manual
bond-slaves eno2 eno4
bond-miimon 100
bond-mode 802.3ad
bond-xmit-hash-policy layer2

auto vmbr1
iface vmbr1 inet manual
bridge-ports bond1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

auto vmbr4
iface vmbr4 inet manual
bridge-ports bond1.4
bridge-stp off
bridge-fd 0

So it seems, even though I've enabled bridge-vlan-aware and configured the bridge-vids; vmbr1 is not bridging vlan-tagged traffic ?
 
Hi Gurubert,


I've the same setup on another location. Only difference is that the working environment has only a bridge connected to the physical interface instead of a bond.
I'll try to remove the bond and run some other tests....
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom