[PVE-User] VxLAN and tagged frames

[Daniel Berteaud]

Hi there 

At a french hoster (Online.net), we have a private network available on dedicated server, but without QinQ support. So, we can't rely on native VLAN between nodes. Up to now, I created a single OVS bridge on every node, with GRE tunnels with each other. The GRE tunnel transport tagged frames and everything is working. 
But I see there are some work on SDN plugins, and VxLAN support. I red [ https://git.proxmox.com/?p=pve-docs.git;a=blob_plain;f=vxlan-and-evpn.adoc;hb=HEAD | https://git.proxmox.com/?p=pve-docs.git;a=blob_plain;f=vxlan-and-evpn.adoc;hb=HEAD ] but there are some stuff I'm not sure I understand. 
Especially with vlan aware bridges. 

I like to rely on VLAN aware bridges so I don't have to touch network conf of the hypervisors to create a new network zone. I just use a new, unused VLAN ID. 

But the doc about VxLAN support on vlan aware bridges has been removed (see [ https://git.proxmox.com/?p=pve-docs.git;a=commitdiff;h=5dde3d645834b204257e8d5b3ce8b65e6842abe8;hp=d4a9910fec45b1153b1cd954a006d267d42c707a | https://git.proxmox.com/?p=pve-docs.git;a=commitdiff;h=5dde3d645834b204257e8d5b3ce8b65e6842abe8;hp=d4a9910fec45b1153b1cd954a006d267d42c707a ] ) 

So, what's the recommended setup for this ? Create one (non vlan aware) bridge for each network zone, with 1 VxLAN tunnel per bridge between nodes ? This doesn't look very scalable compared with vlan aware bridges (or OVS bridges) with GRE tunnels, does it ? 

Are the expirimental SDN plugins available somewhere as deb so I can play a bit with it ? (couldn't find it in pve-test or no-subscription) 

Cheers, 
Daniel 

-- 


[ https://www.firewall-services.com/ ] 	
Daniel Berteaud 
FIREWALL-SERVICES SAS, La sécurité des réseaux 
Société de Services en Logiciels Libres 
Tél : +33.5 56 64 15 32 
Matrix: @dani:fws.fr 
[ https://www.firewall-services.com/ | https://www.firewall-services.com ]