[pve-devel] Network Bridging Patch

Jason Villalta jason at rubixnet.com
Mon Aug 13 17:07:05 CEST 2012


Sorry for the extremely late reply but I have been working on other
projects.

I am sure it was configured correctly.  But here is the configuration.

The switch PVID of the both eth0 and eth1 is vlan 2 and there is vlan 3, 4,
5 traffic on bond0.  The bond0 interface works as long as another virtual
machine does not specify a vlan 2 tag on their virtual network interface.
 As soon that that machine is started the bond0 ip stops responding.

# network interface settings
auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto bond0
iface bond0 inet manual
        slaves eth0 eth1
        bond_miimon 100
        bond_mode 802.3ad

auto vmbr0
iface vmbr0 inet manual
        address 192.168.254.5
        netmask 255.255.255.0
        gateway 192.168.254.1
        bridge_ports bond0
        bridge_stp off
        bridge_fd 0

A way around this problem was to set PVID 1 on the switch and move the ip
to vmbr0v2 with this config.  This allowed me to use vlan tagging on all
virtual machines while maintaining the ip address in vlan 2.  However this
had the draw back of not allowing tagged frames to work on vmbr0 any longer
which would not allow trunking to a virtual machine.

# network interface settings
auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto bond0
iface bond0 inet manual
        slaves eth0 eth1
        bond_miimon 100
        bond_mode 802.3ad

auto vmbr0
iface vmbr0 inet manual
        bridge_ports bond0
        bridge_stp off
        bridge_fd 0

iface bond0.2 inet manual
        vlan_raw_device bond0

auto vmbr0v2
iface vmbr0v2 inet static
        address 192.168.254.5
        netmask 255.255.255.0
        gateway 192.168.254.1
        bridge_ports bond0.2
        bridge_stp off
        bridge_fd 0

The follow configuration is what works with my patch and allows vmbr0 to
pass tagged frames to a virtual machine and also allow vlan specified
interfaces in proxmox.

# network interface settings
auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto bond0
iface bond0 inet manual
        slaves eth0 eth1
        bond_miimon 100
        bond_mode 802.3ad

auto vmbr0
iface vmbr0 inet manual
        bridge_ports bond0
        bridge_stp off
        bridge_fd 0

auto vmbr0.2
iface vmbr0.2 inet manual
        vlan_raw_device vmbr0

auto vmbr0v2
iface vmbr0v2 inet static
        address 192.168.254.5
        netmask 255.255.255.0
        gateway 192.168.254.1
        bridge_ports vmbr0.2
        bridge_stp off
        bridge_fd 0


The patch just changes the way the vlan bridges are created.

If you have more questions feel free to let me know.  One other advantage
that may come of this is firewalling between virtual machines.  As you
could do firewalling in a virtual appliance instead of at the host level
using only Shorewall.  This configuration would allow firewalling/routing
between the bridges.


On Tue, Jul 10, 2012 at 12:58 AM, Dietmar Maurer <dietmar at proxmox.com>wrote:

> > I have been posting information to this forum thread in regard to a
> > problem/patch for the network bridge configuration.
> > http://forum.proxmox.com/threads/10110-New-network-configuration-
> > with-bridge-vlan-interfaces
> >
> > Basically the problem with the existing configuration is if you want to
> utilize
> > the vmbr0 interface as a management interface or a tagged vlan trunk to a
> > virtual machine it stops working as soon as you start a virtual machine
> using
> > a vlan tag.  This is because when bringing the respective vlan bridge
> online it
> > is bridging to the underlying physical interface's vlan sub interface
> (ex,
> > eth0.2, bond0.3).  This causes the existing bridge root interface to stop
> > working.  I verified this with tcpdump on vmbr0.
>
> Maybe you simply configure it the wrong way? (send your config please)
>
> - Dietmar
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pve.proxmox.com/pipermail/pve-devel/attachments/20120813/f46b6270/attachment-0001.html>


More information about the pve-devel mailing list