[PVE-User] VxLAN and tagged frames
daniel at firewall-services.com
Wed Jan 22 08:33:33 CET 2020
At a french hoster (Online.net), we have a private network available on dedicated server, but without QinQ support. So, we can't rely on native VLAN between nodes. Up to now, I created a single OVS bridge on every node, with GRE tunnels with each other. The GRE tunnel transport tagged frames and everything is working.
But I see there are some work on SDN plugins, and VxLAN support. I red [ https://git.proxmox.com/?p=pve-docs.git;a=blob_plain;f=vxlan-and-evpn.adoc;hb=HEAD | https://git.proxmox.com/?p=pve-docs.git;a=blob_plain;f=vxlan-and-evpn.adoc;hb=HEAD ] but there are some stuff I'm not sure I understand.
Especially with vlan aware bridges.
I like to rely on VLAN aware bridges so I don't have to touch network conf of the hypervisors to create a new network zone. I just use a new, unused VLAN ID.
But the doc about VxLAN support on vlan aware bridges has been removed (see [ https://git.proxmox.com/?p=pve-docs.git;a=commitdiff;h=5dde3d645834b204257e8d5b3ce8b65e6842abe8;hp=d4a9910fec45b1153b1cd954a006d267d42c707a | https://git.proxmox.com/?p=pve-docs.git;a=commitdiff;h=5dde3d645834b204257e8d5b3ce8b65e6842abe8;hp=d4a9910fec45b1153b1cd954a006d267d42c707a ] )
So, what's the recommended setup for this ? Create one (non vlan aware) bridge for each network zone, with 1 VxLAN tunnel per bridge between nodes ? This doesn't look very scalable compared with vlan aware bridges (or OVS bridges) with GRE tunnels, does it ?
Are the expirimental SDN plugins available somewhere as deb so I can play a bit with it ? (couldn't find it in pve-test or no-subscription)
[ https://www.firewall-services.com/ ]
FIREWALL-SERVICES SAS, La sécurité des réseaux
Société de Services en Logiciels Libres
Tél : +33.5 56 64 15 32
[ https://www.firewall-services.com/ | https://www.firewall-services.com ]
More information about the pve-user