[PVE-User] VxLAN and tagged frames
Daniel Berteaud
daniel at firewall-services.com
Fri Jan 24 11:18:05 CET 2020
----- Le 24 Jan 20, à 11:06, Alexandre DERUMIER aderumier at odiso.com a écrit :
>>Arf. ifupdown2 seems to be needed for vxlan interfaces to be setup.
> yes, ifupdown2 is needed.
>
>>>But it somehow breaks my ARP proxy setup on the WAN interface.
>>>Not sure why, everything seems to be correctly setup, but the host doesn't
>>>answer to ARP requests anymore. And everything is back to normal as soon as I
>>>revert to classic ifupdown.
>>>I'll try to look at this a bit later, when I more some spare time.
>
> I'm not sure, but maybe you can try to add
>
> iface WAN
> ...
> arp-accept on
Will give this a try.
>
>
>
> About vlan brige->vxlan, I have done some tests again with last kernel, it seem
> than 1 vlanaware bridge + 1 vxlan tunnel (tunnel_mode) is still broken,
> So the only possible way to 1 vlanawarebridge + multiple vxlan tunnel.
>
> This can be done easily with ifupdown2 like this:
>
>
>
>
> %for v in range(1010,1021):
> auto vxlan${v}
> iface vxlan${v}
> vxlan-id ${v}
> bridge-access ${v}
> vxlan_remoteip 192.168.0.2
> vxlan_remoteip 192.168.0.3
> %endfor
>
>
> auto vmbr2
> iface vmbr2 inet manual
> bridge_ports glob vxlan1010-1020
> bridge_stp off
> bridge_fd 0
> bridge-vlan-aware yes
> bridge-vids 2-4094
Oooohhh, I didn't know we could use loops and glob like this.
This changes everything :-) !
I'll give this a try
Thanks for the tips
Regards,
Daniel
--
[ https://www.firewall-services.com/ ]
Daniel Berteaud
FIREWALL-SERVICES SAS, La sécurité des réseaux
Société de Services en Logiciels Libres
Tél : +33.5 56 64 15 32
Matrix: @dani:fws.fr
[ https://www.firewall-services.com/ | https://www.firewall-services.com ]
More information about the pve-user
mailing list