Where VLAN tagging of the Ethernet Frames take place?

N

noop1989

New Member
Mar 11, 2024
7
0
1
Germany
baribal-studios.de
Hey,

Where does the VLAN tagging of the Ethernet frames take place?

When I set the VLAN tag on the VM, the VLAN tagging is performed on the VM's network interface. So outgoing packets from the VM receive the VLAN tag.

But what if I use “Linux VLAN”? Or just use SDN? At what level is VLAN tagging then performed?

If I do a mixed operation, i.e. tag VM-01 in the config with ID=100 and set VM-02 to the "Linux VLAN" ID=100, both VMs have no network.

Does tagging get in the way?
 
Can you explain your question in detail? Nice to have screen captures which can we see where the tagging been performed...
 
##### @gunterwa #####

I had a case where the VLAN tag was set in the VM configuration. The Linux Bridge was also set to be VLAN aware.

After a "Linux VLAN" was created with the same VLAN ID, the node no longer had any connections. So the VLAN network was completely down for the node.

So I asked myself whether and how the VLAN tagging procedure affected the network connections. Hence this post.

##### @louie1961 #####

Thanks for the link. However, this only looks at part of it.

I would like to know how the different VLAN setting options in Proxmox affect the Ethernet frame and how we can influence the different configuration options.

1. VLAN tagging in the VM configuration

2. "Linux VLAN"

3. SDN
3.1 VLAN
3.2 VXLAN

In the logs I was able to determine that a VLAN config can only be set once on a physical interface. When duplication occurs, the VLAN appears to stop working, with no error messages.

That would be fatal if Proxmox admins had no network management scheme and mixed the configuration options.
 
Last edited:
I don't really use many, if any, of the VLAN settings in Proxmox, so I can't really answer that question. My single Proxmox NIC is configured to be VLAN aware. My VLANs are defined inside of pfSense and my managed switch. I feed Proxmox with a trunked port with all VLANs tagged. And when I create my VMs or LXC containers, I specify the VLAN I want them to sit on, in the configuration screens. I also don't use the Proxmox firewall, either. I leave all of that for the pfSense box. In most cases I leave my networking inside of Proxmox set to DHCP, and I do DHCP reservations inside of pfSense using the MAC address of the NIC. The result is that I can control all of my networking in pfSense for the most part. Here is my /etc/network/interfaces config

auto lo
iface lo inet loopback
iface eno1 inet manual

auto vmbr0.99
iface vmbr0.99 inet static
address 10.10.99.2/24
gateway 10.10.99.1

auto vmbr0
iface vmbr0 inet static
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4092

In the picture below, I can set the VLAN tag to anything that is supported in my network

Screenshot 2024-03-24 162422.jpg
 
Yes, exactly, that is method 1. VLAN tagging in the VM configuration. This is also an attitude that can be found everywhere on the Internet.

But what about method 2. If I create a “Linux VLAN” in the network config of the node and place a “Linux Bridge” on it. Then I no longer need VLAN tagging in the VM configuration. Then I just need to connect the VM to the Linux bridge “vmbr20” (VLAN-20) and the “Linux VLAN” takes over the tagging.

1711315022152.png

Then how does it work with SDN?

Why does the connection break when I use method 1 and 2 at the same time?
 
Last edited:
noop1989 said:
I don`t understand this Part:

auto vmbr0.99
iface vmbr0.99 inet static
address 10.10.99.2/24
gateway 10.10.99.1

vmbr0 = Linux Bridge
.99 = Linux VLAN ???
Click to expand...
Yes, this is my /etc/network/interfaces file. I have defined a virtual bridge (kind of like a virtual NIC, which is also possible) assigned to VLAN 99 which is the VLAN I use as my management VLAN
 
  • Like
Reactions: noop1989
noop1989 said:
##### @gunterwa #####

I had a case where the VLAN tag was set in the VM configuration. The Linux Bridge was also set to be VLAN aware.

After a "Linux VLAN" was created with the same VLAN ID, the node no longer had any connections. So the VLAN network was completely down for the node.

So I asked myself whether and how the VLAN tagging procedure affected the network connections. Hence this post.

##### @louie1961 #####

Thanks for the link. However, this only looks at part of it.

I would like to know how the different VLAN setting options in Proxmox affect the Ethernet frame and how we can influence the different configuration options.

1. VLAN tagging in the VM configuration

2. "Linux VLAN"

3. SDN
3.1 VLAN
3.2 VXLAN

In the logs I was able to determine that a VLAN config can only be set once on a physical interface. When duplication occurs, the VLAN appears to stop working, with no error messages.

That would be fatal if Proxmox admins had no network management scheme and mixed the configuration options.
Click to expand...
Hi noop1989,

I try to reproduce your issue in my lab but the result is just norm.
My PVE is on v8.1.4, I created a Linux Bridge with VLAN aware set, and created two VMs running Ubuntu20.04. I configured VM1's and VM2's NIC both in Bridge10 ( Linux Bridge) with same vlan_tag 50 the two VMs can ping to each other, when I changed VM1 NIC's vlan_tag to 55 the ping echo failed.. linux-bridge.pngping-result.pngNIC-in-same-vlan.pngNIC-in-diff-vlan.png
 
@gunterwa - you only use a Linux Bridge without "Bridge Ports".

My Szenario:

I have an external OPNsense on Interface ens32/vmbr0 to route VLANs. VLAN 100 has an DHCP 10.0.100.0/24 from 150 to 200.

I use method 1 - VLAN tagging in the VM configurations:
1711403317221.png
1711403394935.png
and i have a connection. All fine.
Now i switch to Method 2 - add "Linux VLAN" with same VLAN-ID 100 :
4.png

and i get an error.

5.png

CT has no connection now:

1711403657201.png

But, i try to reload per "ifreload -a -d"

1711404008033.png

all fine "exit status 0".

But my VM/CT still has no connection.

I reboot my CT and get Error:

1711404126431.png

If i change now the VM config:

1711404178832.png

and get new errors:

1711404214078.png

Also, i can't mix the Methods. If i want to add "Linux VLAN" or switch to SDN, i have to remove all network settings first. In a production-system not realy helpful.

I search for an solution to change a production-system to SDN without remove all Network Setting as first or create completly new Network-Infrastructure to migrate.

Also my question: Where does the VLAN tagging of the Ethernet frames take place? Is that the reason why mixed Methods crash network connections?
 
Last edited:
The ethernet frames from the VM come from the tap adapter. The VLAN tagging of these frames happen when the packets are processed by the bridge, You can see the vlan tag with :
bridge vlan show dev tap100i0
port vlan-id
tap100i0 444 PVID Egress Untagged
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back