[SOLVED] VM untagged lan are unreacheable from network, the tagged ones works.

[Heracleos]

Hello everyone. I have a problem with the configuration of untagged VLANs on VMs, which are unable to reach the default untagged network.
My Proxmox nodes have a bond of two NICs dedicated specifically to VMs, and the configuration in /etc/network/interfaces is as follows:

auto bond1
iface bond1 inet manual
bond-slaves enp3s0f0 enp3s0f1
bond-miimon 100
bond-mode 802.3ad
bond-xmit-hash-policy layer2+3
#Vms_Bond

auto vmbr1
iface vmbr1 inet manual
bridge-ports bond1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
#Vms_Lan

On the switch, I assigned the ports to the bond, in hybrid mode, with 1 as the default and a VLAN 128 for other uses.
When I assign vmbr1 to the VMs without any tag (and therefore it should work on the default untagged VLAN 1), it does not work and cannot reach the network.
The VMs, to which I assign tag 128, from proxmox gui configuration, work well.
It looks not to be a switch or network problem, because if I assign an IP to the Proxmox node on vmbr1, which belongs to the untagged network 1, I can ping and access the Proxmox console from my PC connected to the untagged network 1.
Basically, Proxmox does not pass untagged packets to the VMs.
Thanks to everyone who can help me.

 

[shanreich]

It's generally not advisable to mix tagged / untagged traffic and use VLAN 1. Would it just be possible to move your (management, I suppose?) untagged traffic to a dedicated VLAN (that is not 1)?

 

[Heracleos]

hello

It's generally not advisable to mix tagged / untagged traffic and use VLAN 1. Would it just be possible to move your (management, I suppose?) untagged traffic to a dedicated VLAN (that is not 1)?

Thanks for answering.
The Proxmox management is on another physical network, and on another untagged network specifically configured on the switch. So it's not something I'm concerned about.

The net for the vm is on a different bond with different physical net and switch, where the default untagged network 1 is used for a few VMs and tagged 128 vlan, for other vm. The Vlan 1 is untagged, and not tagged of course

 

[Heracleos]

I think I've solved the problem.
I just need to make sure it remains stable over time.
Here is some information that may be of interest to others.

It seems that the problem was related to my AD server (which also provides DHCP service).
The AD server was running as a guest on my old VMware cluster.
All nodes in the VMware cluster are connected with 4 Ethernet ports whose vswitch is configured with “route based on source MAC hash” load balancing:



When I migrated the AD VM to a Proxmox node (whose bridge contains a lacp bond with two NICs), the problem disappeared, and all VMs, even on other proxmox nodes configured in the same way, received their IP from the DHCP.
Of course, all the devices on the physical network also work... but that wasn't a problem, since they were working even before the migration.
I haven't done any analysis with tcpdump, but I can assume that for some reason, teaming on VMware could have created some problems with DHCP.