[PVE-User] VxLAN and tagged frames

Daniel Berteaud daniel at firewall-services.com
Fri Jan 24 11:18:05 CET 2020



----- Le 24 Jan 20, à 11:06, Alexandre DERUMIER aderumier at odiso.com a écrit :

>>Arf. ifupdown2 seems to be needed for vxlan interfaces to be setup.
> yes, ifupdown2 is needed.
> 
>>>But it somehow breaks my ARP proxy setup on the WAN interface.
>>>Not sure why, everything seems to be correctly setup, but the host doesn't
>>>answer to ARP requests anymore. And everything is back to normal as soon as I
>>>revert to classic ifupdown.
>>>I'll try to look at this a bit later, when I more some spare time.
> 
> I'm not sure, but maybe you can try to add
> 
> iface WAN
>   ...
>   arp-accept on


Will give this a try.


> 
> 
> 
> About vlan brige->vxlan, I have done some tests again with last kernel, it seem
> than 1 vlanaware bridge + 1 vxlan tunnel (tunnel_mode) is still broken,
> So the only possible way to 1 vlanawarebridge + multiple vxlan tunnel.
> 
> This can be done easily with ifupdown2 like this:
> 
> 
> 
> 
> %for v in range(1010,1021):
> auto vxlan${v}
> iface vxlan${v}
>        vxlan-id ${v}
>        bridge-access ${v}
>        vxlan_remoteip 192.168.0.2
>        vxlan_remoteip 192.168.0.3
> %endfor
> 
> 
> auto vmbr2
> iface vmbr2 inet manual
>        bridge_ports glob vxlan1010-1020
>        bridge_stp off
>        bridge_fd 0
>        bridge-vlan-aware yes
>        bridge-vids 2-4094


Oooohhh, I didn't know we could use loops and glob like this.
This changes everything :-) !

I'll give this a try

Thanks for the tips


Regards,
Daniel

-- 
[ https://www.firewall-services.com/ ] 	
Daniel Berteaud 
FIREWALL-SERVICES SAS, La sécurité des réseaux 
Société de Services en Logiciels Libres 
Tél : +33.5 56 64 15 32 
Matrix: @dani:fws.fr 
[ https://www.firewall-services.com/ | https://www.firewall-services.com ]



More information about the pve-user mailing list