[PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible?

Mon Jul 22 21:18:26 CEST 2024

Hello Frank,

you can achieve that with normal Linux networking already, without the 
need of SDN.

Over the Network Tab of the Hosts GUI (interface names are examples):

- Create the Bond/LAG/Port Channel/Trunk on the switch, put the needed 
VLANs tagged on it
- Create a "Linux Bond" `bond0` with the host interfaces `ens18 ens19`, 
preferably with LACP on Host and Switch. No IP address necessary
- Create a "Linux VLAN" `bond0.90` with the "vlan raw device" `bond0`. 
No IP address necessary
- Create a "Linux Bridge" `vmbr90` with the slave interface `bond0.90`. 
No IP address necessary, only if you want to manage the server over it
- Attach the VMs to the VLAN bridge
- Repeat for every VLAN you need

There is also the possibility to have the VLAN Tags on the Linux bridge, 
but I would always prefer the mentioned above.

Hope this helps and others can confirm that the are using such a setup.

Peace
Bastian

On 22.07.24 19:38, Frank Thommen wrote:
> Dear list members,
>
> our current three-node PVE cluster hosts VMs from three different 
> subnets/VLANs. Each host has - besides the network ports for the Ceph 
> cluster - eight physical network ports (two for the host itself and 
> two for each of the three VLANs). Always two ports are configured like 
> this:
>
>    switch port - host port (1 Gbit) \
>                                      +- bond - bridge
>    switch port - host port (1 Gbit) /
>
> This is nice, because when configuring a VM, we can choose the 
> appropriate bridge from the network menu, which also shows me the 
> bridge's description, so that there can't be any mistakes as to which 
> brigde has to be selected. However that comes with too many cables and 
> too many NICs. Especially as we expect to have to support more subnets 
> in the near future.
>
> Our networking department has suggested to move from dedicated switch 
> ports to VLAN tags. This would reduce the eight 1 Gbit ports to two 25 
> Gbit ports per host (LACP bonded), but as far as I can see, we would 
> then have to - manually - enter the correct VLAN tag number for each 
> virtual network device. I expect this to be very error prone and 
> unintuitive. Best would be, if it would be possible to create Linux 
> bridges which map to individual VLAN tags like this:
>
>    switch port - host port (25 Gbit) \         / VLAN 12 - bridge1
>                                       +- bond -- VLAN 56 - bridge2
>    switch port - host port (25 Gbit) /         \ VLAN 25 - bridge3
>
>
> but unfortunately with PVE 7.x I could not find a way to achieve this. 
> Is such a setup possible at all?
>
> I've read, that PVE 8.x greatly enhances the SDN capabilities of PVE. 
> Will these SDN capabilities enable us, to achieve the VLAN-bridge 
> mapping?
>
> Thanks for any hint or pointer
> Frank
>
> _______________________________________________
> pve-user mailing list
> pve-user at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
-- 
Bastian Sebode
Fachinformatiker Systemintegration

LINET Services GmbH | Cyriaksring 10a | 38118 Braunschweig
Tel. 0531-180508-0 | Fax 0531-180508-29 | http://www.linet-services.de

LINET in den sozialen Netzwerken:
www.twitter.com/linetservices | www.facebook.com/linetservices
Wissenswertes aus der IT-Welt: www.linet-services.de/blog/

Geschäftsführung: Timo Springmann, Mirko Savic und Moritz Bunkus
HR B 9170 Amtsgericht Braunschweig

USt-IdNr. DE 259 526 516