[PVE-User] VxLAN and tagged frames

Alexandre DERUMIER aderumier at odiso.com
Thu Jan 23 20:53:54 CET 2020 

Hi,

>>So, what's the recommended setup for this ? Create one (non vlan aware) bridge for each network zone, with 1 VxLAN tunnel per bridge between nodes ? 

yes, you need 1 non-vlan aware bridge + 1 vxlan tunnel. 

Technically they are vlan (from aware bridge) to vxlan mapping in kernel, but it's realy new and unstable.
I don't known if it's possible to send vlan tagged frame inside a vxlan, never tested it.

>>This doesn't look very scalable compared with >>vlan aware bridges (or OVS bridges) with GRE tunnels, does it ? 

I have tested it with 2000 vxlans + 2000 bridges. Works fine. Is is enough for you ?



>>Are the expirimental SDN plugins available somewhere as deb so I can play a bit with it ? (couldn't find it in pve-test or no-subscription)

#apt-get install libpve-network-perl  (try for pvetest repo if possible)


The gui is not finished yet, but you can try it at
http://odisoweb1.odiso.net/pve-manager_6.1-5_amd64.deb





I think if you want to do something like a simple vxlan tunnel, with multiple vlan, something like this should work (need to be tested):

auto vxlan2
iface vxlan2 inet manual
        vxlan-id 2
        vxlan_remoteip 192.168.0.2
        vxlan_remoteip 192.168.0.3

auto vmbr2
iface vmbr2 inet manual
        bridge_ports vxlan2
        bridge_stp off
        bridge_fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4096


Note that it's possible to do gre tunnel with ifupdown2, I can send the config if you need it

----- Mail original -----
De: "Daniel Berteaud" <daniel at firewall-services.com>
À: "proxmoxve" <pve-user at pve.proxmox.com>
Envoyé: Mercredi 22 Janvier 2020 08:33:33
Objet: [PVE-User] VxLAN and tagged frames

Hi there 

At a french hoster (Online.net), we have a private network available on dedicated server, but without QinQ support. So, we can't rely on native VLAN between nodes. Up to now, I created a single OVS bridge on every node, with GRE tunnels with each other. The GRE tunnel transport tagged frames and everything is working. 
But I see there are some work on SDN plugins, and VxLAN support. I red [ https://git.proxmox.com/?p=pve-docs.git;a=blob_plain;f=vxlan-and-evpn.adoc;hb=HEAD | https://git.proxmox.com/?p=pve-docs.git;a=blob_plain;f=vxlan-and-evpn.adoc;hb=HEAD ] but there are some stuff I'm not sure I understand. 
Especially with vlan aware bridges. 

I like to rely on VLAN aware bridges so I don't have to touch network conf of the hypervisors to create a new network zone. I just use a new, unused VLAN ID. 

But the doc about VxLAN support on vlan aware bridges has been removed (see [ https://git.proxmox.com/?p=pve-docs.git;a=commitdiff;h=5dde3d645834b204257e8d5b3ce8b65e6842abe8;hp=d4a9910fec45b1153b1cd954a006d267d42c707a | https://git.proxmox.com/?p=pve-docs.git;a=commitdiff;h=5dde3d645834b204257e8d5b3ce8b65e6842abe8;hp=d4a9910fec45b1153b1cd954a006d267d42c707a ] ) 

So, what's the recommended setup for this ? Create one (non vlan aware) bridge for each network zone, with 1 VxLAN tunnel per bridge between nodes ? This doesn't look very scalable compared with vlan aware bridges (or OVS bridges) with GRE tunnels, does it ? 

Are the expirimental SDN plugins available somewhere as deb so I can play a bit with it ? (couldn't find it in pve-test or no-subscription) 

Cheers, 
Daniel 

-- 


[ https://www.firewall-services.com/ ] 
Daniel Berteaud 
FIREWALL-SERVICES SAS, La sécurité des réseaux 
Société de Services en Logiciels Libres 
Tél : +33.5 56 64 15 32 
Matrix: @dani:fws.fr 
[ https://www.firewall-services.com/ | https://www.firewall-services.com ] 
_______________________________________________ 
pve-user mailing list 
pve-user at pve.proxmox.com 
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

More information about the pve-user mailing list