VM sees all Vlan traffic

Nico82x

New Member
Feb 19, 2020
5
0
1
41
Hi everybody,

I have a Proxmox Cluster running with multiple Vlans and the default Vlan is configured on the bridge vmbr0. When a VM is created using this bridge, I instantly see lots of traffic (roughly 80mbit/s) and it seems to me, that this is all the traffic floating in that vlan from all VMs. I am wondering if this is the intended way since the linux bridge is aware of all mac addresses and can move the traffic directly to it's destination. I'm greatful for any hints or confirmation, that this is intended.

Thanks!
 
Yes sure:

Code:
# The loopback network interface
auto lo
iface lo inet loopback

# 10G Uplink
auto eth1
iface eth1 inet manual
    bond-master bond0
    bond-primary eth1
    bond-mode active-backup

# 1G Failover Uplink
auto eth2
iface eth2 inet manual
    bond-master bond0
    bond-primary eth1
    bond-mode active-backup

# 10G to 1G Failover Uplink
auto bond0
iface bond0 inet manual
    bond-slaves none
    bond-primary eth1
    bond-mode active-backup
    bond-miimon 100

auto vmbr0
iface vmbr0 inet static
    address 192.168.202.8
    netmask 255.255.255.0
    broadcast 192.168.202.255
    gateway 192.168.202.1
    dns-nameservers 8.8.8.8 8.8.4.4
    bridge_ports bond0
    bridge_maxwait 0
    bridge_hw 90:e2:ba:d9:d6:88
    bridge_fd 2
    bridge_ageing 0
    bridge_stp off
    post-up /root/fw.sh

# corosync communication
auto eth0
iface eth0 inet static
    address 192.168.24.34/27

This means basically that one vlan is untagged on vmbr0 and other vlans can optionally be used but have to be added in the VM configuration.
 
Your bridge is not set to be VLAN-aware. Enabling this should give you the behaviour you want.

Either set it in the GUI or add the following two lines to your 'iface vmbr0' config:
Code:
bridge-vlan-aware yes
bridge-vids 2-4094
 
>> linux bridge is aware of all mac addresses and can move the traffic directly to it's destination


>> bridge_ageing 0

why do you have set that ? Because with ageing0, your switch is like a hub, and flood traffic everywhere. (mac address are not registerd in the bridge)
 
Hm.. I'm gonna have to ask that my colleague but you are absolutely right, that doesn't make sense to me as well.
 
Fixing the mac-aging solved the issue already but we will still test vlan-awareness and enable it, if there are no issues in the test. Thanks for the quick help!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!