[PVE-User] VxLAN and tagged frames

Alexandre DERUMIER aderumier at odiso.com
Fri Jan 24 11:06:58 CET 2020 

>Arf. ifupdown2 seems to be needed for vxlan interfaces to be setup. 
yes, ifupdown2 is needed.

>>But it somehow breaks my ARP proxy setup on the WAN interface. 
>>Not sure why, everything seems to be correctly setup, but the host doesn't answer to ARP requests anymore. And everything is back to normal as soon as I revert to classic ifupdown. 
>>I'll try to look at this a bit later, when I more some spare time. 

I'm not sure, but maybe you can try to add

iface WAN
   ...
   arp-accept on



About vlan brige->vxlan, I have done some tests again with last kernel, it seem than 1 vlanaware bridge + 1 vxlan tunnel (tunnel_mode) is still broken,
So the only possible way to 1 vlanawarebridge + multiple vxlan tunnel.

This can be done easily with ifupdown2 like this:




%for v in range(1010,1021):
auto vxlan${v}
iface vxlan${v}
        vxlan-id ${v}
        bridge-access ${v}
        vxlan_remoteip 192.168.0.2   
        vxlan_remoteip 192.168.0.3   
%endfor


auto vmbr2
iface vmbr2 inet manual
        bridge_ports glob vxlan1010-1020
        bridge_stp off
        bridge_fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094


This will map vlan1010-1020  to vxlan1010-1020.
the vxlan interfaces are create with a template in a loop

I have tested it, it's working fine.



----- Mail original -----
De: "Daniel Berteaud" <daniel at firewall-services.com>
À: "proxmoxve" <pve-user at pve.proxmox.com>
Envoyé: Vendredi 24 Janvier 2020 10:15:34
Objet: Re: [PVE-User] VxLAN and tagged frames

----- Le 24 Jan 20, à 8:20, Daniel Berteaud daniel at firewall-services.com a écrit : 

> ----- Le 23 Jan 20, à 20:53, Alexandre DERUMIER aderumier at odiso.com a écrit : 

>> 
>> I think if you want to do something like a simple vxlan tunnel, with multiple 
>> vlan, something like this should work (need to be tested): 
>> 
>> auto vxlan2 
>> iface vxlan2 inet manual 
>> vxlan-id 2 
>> vxlan_remoteip 192.168.0.2 
>> vxlan_remoteip 192.168.0.3 
>> 
>> auto vmbr2 
>> iface vmbr2 inet manual 
>> bridge_ports vxlan2 
>> bridge_stp off 
>> bridge_fd 0 
>> bridge-vlan-aware yes 
>> bridge-vids 2-4096 
> 
> I'll try something like that. 

Arf. ifupdown2 seems to be needed for vxlan interfaces to be setup. But it somehow breaks my ARP proxy setup on the WAN interface. 
Not sure why, everything seems to be correctly setup, but the host doesn't answer to ARP requests anymore. And everything is back to normal as soon as I revert to classic ifupdown. 
I'll try to look at this a bit later, when I more some spare time. 

++ 

-- 
[ https://www.firewall-services.com/ ] 
Daniel Berteaud 
FIREWALL-SERVICES SAS, La sécurité des réseaux 
Société de Services en Logiciels Libres 
Tél : +33.5 56 64 15 32 
Matrix: @dani:fws.fr 
[ https://www.firewall-services.com/ | https://www.firewall-services.com ] 

_______________________________________________ 
pve-user mailing list 
pve-user at pve.proxmox.com 
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

More information about the pve-user mailing list